diff --git a/x-pack/plugins/lens/public/editor_frame_service/editor_frame/workspace_panel/workspace_panel_wrapper.tsx b/x-pack/plugins/lens/public/editor_frame_service/editor_frame/workspace_panel/workspace_panel_wrapper.tsx index d0e8e0d5a1bab..e4acdbbae7ced 100644 --- a/x-pack/plugins/lens/public/editor_frame_service/editor_frame/workspace_panel/workspace_panel_wrapper.tsx +++ b/x-pack/plugins/lens/public/editor_frame_service/editor_frame/workspace_panel/workspace_panel_wrapper.tsx @@ -62,16 +62,16 @@ export function WorkspacePanelWrapper({ }, [dispatchLens, activeVisualization] ); - const warningMessages: React.ReactNode[] = []; + const warnings: React.ReactNode[] = []; if (activeVisualization?.getWarningMessages) { - warningMessages.push( + warnings.push( ...(activeVisualization.getWarningMessages(visualizationState, framePublicAPI) || []) ); } Object.entries(datasourceStates).forEach(([datasourceId, datasourceState]) => { const datasource = datasourceMap[datasourceId]; if (!datasourceState.isLoading && datasource.getWarningMessages) { - warningMessages.push( + warnings.push( ...(datasource.getWarningMessages(datasourceState.state, framePublicAPI) || []) ); } @@ -120,9 +120,7 @@ export function WorkspacePanelWrapper({ ) : null} - {warningMessages && warningMessages.length ? ( - {warningMessages} - ) : null} + {warnings && warnings.length ? {warnings} : null} diff --git a/x-pack/plugins/lens/public/indexpattern_datasource/time_shift_utils.tsx b/x-pack/plugins/lens/public/indexpattern_datasource/time_shift_utils.tsx index 8cfd25914f59c..8b1d9b7359d61 100644 --- a/x-pack/plugins/lens/public/indexpattern_datasource/time_shift_utils.tsx +++ b/x-pack/plugins/lens/public/indexpattern_datasource/time_shift_utils.tsx @@ -148,7 +148,7 @@ export function getStateTimeShiftWarningMessages( { activeData }: FramePublicAPI ) { if (!state) return; - const warningMessages: React.ReactNode[] = []; + const warnings: React.ReactNode[] = []; Object.entries(state.layers).forEach(([layerId, layer]) => { const dateHistogramInterval = getDateHistogramInterval( layer, @@ -189,7 +189,7 @@ export function getStateTimeShiftWarningMessages( if (timeShift === 0) return; if (timeShift < shiftInterval) { timeShiftMap[timeShift].forEach((columnId) => { - warningMessages.push( + warnings.push( { - warningMessages.push( + warnings.push( { (frame.datasourceLayers.first.getOperationForColumnId as jest.Mock).mockReturnValue({ label: 'Label B', }); - const warningMessages = xyVisualization.getWarningMessages!( + const warnings = xyVisualization.getWarningMessages!( { ...exampleState(), layers: [ @@ -977,8 +977,8 @@ describe('xy_visualization', () => { }, frame ); - expect(warningMessages).toHaveLength(1); - expect(warningMessages && warningMessages[0]).toMatchInlineSnapshot(` + expect(warnings).toHaveLength(1); + expect(warnings && warnings[0]).toMatchInlineSnapshot(` { wrapHits: jest.fn(), wrapSequences: jest.fn(), }); - expect(response.warningMessages.length).toEqual(1); + expect(response.warnings.length).toEqual(1); }); }); }); diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/eql.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/eql.ts index e08f519e9761a..f5163b64adcfb 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/eql.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/eql.ts @@ -61,10 +61,9 @@ export const eqlExecutor = async ({ const result = createSearchAfterReturnType(); const ruleParams = rule.attributes.params; if (hasLargeValueItem(exceptionItems)) { - result.warningMessages.push( + result.warnings.push( 'Exceptions that use "is in list" or "is not in list" operators are not applied to EQL rules' ); - result.warning = true; } try { const signalIndexVersion = await getIndexVersion( @@ -123,7 +122,6 @@ export const eqlExecutor = async ({ if (newSignals?.length) { const insertResult = await bulkCreate(newSignals); result.bulkCreateTimes.push(insertResult.bulkCreateDuration); - result.createdSignalsCount += insertResult.createdItemsCount; result.createdSignals = insertResult.createdItems; } result.success = true; diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/ml.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/ml.test.ts index 89c1392cb67ba..085b0f285e415 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/ml.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/ml.test.ts @@ -96,7 +96,7 @@ describe('ml_executor', () => { }); expect(logger.warn).toHaveBeenCalled(); expect(logger.warn.mock.calls[0][0]).toContain('Machine learning job(s) are not started'); - expect(response.warningMessages.length).toEqual(1); + expect(response.warnings.length).toEqual(1); }); it('should record a partial failure if Machine learning job was not started', async () => { @@ -122,6 +122,6 @@ describe('ml_executor', () => { }); expect(logger.warn).toHaveBeenCalled(); expect(logger.warn.mock.calls[0][0]).toContain('Machine learning job(s) are not started'); - expect(response.warningMessages.length).toEqual(1); + expect(response.warnings.length).toEqual(1); }); }); diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/ml.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/ml.ts index 20c4cb16dadc8..6068f10b5c65b 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/ml.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/ml.ts @@ -77,9 +77,8 @@ export const mlExecutor = async ({ ].join(', ') ) ); - result.warningMessages.push(warningMessage); + result.warnings.push(warningMessage); logger.warn(warningMessage); - result.warning = true; } const anomalyResults = await findMlSignals({ @@ -107,13 +106,7 @@ export const mlExecutor = async ({ if (anomalyCount) { logger.info(buildRuleMessage(`Found ${anomalyCount} signals from ML anomalies.`)); } - const { - success, - errors, - bulkCreateDuration, - createdItemsCount, - createdItems, - } = await bulkCreateMlSignals({ + const { success, errors, bulkCreateDuration, createdItems } = await bulkCreateMlSignals({ someResult: filteredAnomalyResults, ruleSO: rule, services, @@ -137,7 +130,6 @@ export const mlExecutor = async ({ createSearchAfterReturnType({ success: success && filteredAnomalyResults._shards.failed === 0, errors: [...errors, ...searchErrors], - createdSignalsCount: createdItemsCount, createdSignals: createdItems, bulkCreateTimes: bulkCreateDuration ? [bulkCreateDuration] : [], }), diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/threshold.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/threshold.test.ts index 3906c66922238..f9ca7873a5d7a 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/threshold.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/threshold.test.ts @@ -84,7 +84,7 @@ describe('threshold_executor', () => { })), wrapHits: jest.fn(), }); - expect(response.warningMessages.length).toEqual(1); + expect(response.warnings.length).toEqual(1); }); }); }); diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/threshold.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/threshold.ts index 378d68fc13d2a..f5244911ba629 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/threshold.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/threshold.ts @@ -63,10 +63,9 @@ export const thresholdExecutor = async ({ let result = createSearchAfterReturnType(); const ruleParams = rule.attributes.params; if (hasLargeValueItem(exceptionItems)) { - result.warningMessages.push( + result.warnings.push( 'Exceptions that use "is in list" or "is not in list" operators are not applied to Threshold rules' ); - result.warning = true; } const inputIndex = await getInputIndex(services, version, ruleParams.index); @@ -117,13 +116,7 @@ export const thresholdExecutor = async ({ buildRuleMessage, }); - const { - success, - bulkCreateDuration, - createdItemsCount, - createdItems, - errors, - } = await bulkCreateThresholdSignals({ + const { success, bulkCreateDuration, createdItems, errors } = await bulkCreateThresholdSignals({ someResult: thresholdResults, ruleSO: rule, filter: esFilter, @@ -147,7 +140,6 @@ export const thresholdExecutor = async ({ createSearchAfterReturnType({ success, errors: [...errors, ...previousSearchErrors, ...searchErrors], - createdSignalsCount: createdItemsCount, createdSignals: createdItems, bulkCreateTimes: bulkCreateDuration ? [bulkCreateDuration] : [], searchAfterTimes: [thresholdSearchDuration], diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/search_after_bulk_create.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/search_after_bulk_create.test.ts index 711db931e9072..feead4d459edf 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/search_after_bulk_create.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/search_after_bulk_create.test.ts @@ -178,7 +178,7 @@ describe('searchAfterAndBulkCreate', () => { }, ]; - const { success, createdSignalsCount, lastLookBackDate } = await searchAfterAndBulkCreate({ + const { success, createdSignals, lastLookBackDate } = await searchAfterAndBulkCreate({ tuple, ruleSO, listClient, @@ -197,7 +197,7 @@ describe('searchAfterAndBulkCreate', () => { }); expect(success).toEqual(true); expect(mockService.scopedClusterClient.asCurrentUser.search).toHaveBeenCalledTimes(5); - expect(createdSignalsCount).toEqual(4); + expect(createdSignals.length).toEqual(4); expect(lastLookBackDate).toEqual(new Date('2020-04-20T21:27:45+0000')); }); @@ -282,7 +282,7 @@ describe('searchAfterAndBulkCreate', () => { }, }, ]; - const { success, createdSignalsCount, lastLookBackDate } = await searchAfterAndBulkCreate({ + const { success, createdSignals, lastLookBackDate } = await searchAfterAndBulkCreate({ ruleSO, tuple, listClient, @@ -301,7 +301,7 @@ describe('searchAfterAndBulkCreate', () => { }); expect(success).toEqual(true); expect(mockService.scopedClusterClient.asCurrentUser.search).toHaveBeenCalledTimes(4); - expect(createdSignalsCount).toEqual(3); + expect(createdSignals.length).toEqual(3); expect(lastLookBackDate).toEqual(new Date('2020-04-20T21:27:45+0000')); }); @@ -360,7 +360,7 @@ describe('searchAfterAndBulkCreate', () => { }, }, ]; - const { success, createdSignalsCount, lastLookBackDate } = await searchAfterAndBulkCreate({ + const { success, createdSignals, lastLookBackDate } = await searchAfterAndBulkCreate({ ruleSO, tuple, listClient, @@ -379,7 +379,7 @@ describe('searchAfterAndBulkCreate', () => { }); expect(success).toEqual(true); expect(mockService.scopedClusterClient.asCurrentUser.search).toHaveBeenCalledTimes(2); - expect(createdSignalsCount).toEqual(4); + expect(createdSignals.length).toEqual(4); expect(lastLookBackDate).toEqual(new Date('2020-04-20T21:27:45+0000')); }); @@ -419,7 +419,7 @@ describe('searchAfterAndBulkCreate', () => { }, }, ]; - const { success, createdSignalsCount, lastLookBackDate } = await searchAfterAndBulkCreate({ + const { success, createdSignals, lastLookBackDate } = await searchAfterAndBulkCreate({ ruleSO, tuple, listClient, @@ -438,7 +438,7 @@ describe('searchAfterAndBulkCreate', () => { }); expect(success).toEqual(true); expect(mockService.scopedClusterClient.asCurrentUser.search).toHaveBeenCalledTimes(2); - expect(createdSignalsCount).toEqual(0); // should not create any signals because all events were in the allowlist + expect(createdSignals.length).toEqual(0); // should not create any signals because all events were in the allowlist expect(lastLookBackDate).toEqual(new Date('2020-04-20T21:27:45+0000')); }); @@ -498,7 +498,7 @@ describe('searchAfterAndBulkCreate', () => { ) ); - const { success, createdSignalsCount, lastLookBackDate } = await searchAfterAndBulkCreate({ + const { success, createdSignals, lastLookBackDate } = await searchAfterAndBulkCreate({ ruleSO, tuple, listClient, @@ -517,7 +517,7 @@ describe('searchAfterAndBulkCreate', () => { }); expect(success).toEqual(true); expect(mockService.scopedClusterClient.asCurrentUser.search).toHaveBeenCalledTimes(2); - expect(createdSignalsCount).toEqual(4); + expect(createdSignals.length).toEqual(4); expect(lastLookBackDate).toEqual(new Date('2020-04-20T21:27:45+0000')); }); @@ -553,7 +553,7 @@ describe('searchAfterAndBulkCreate', () => { }, }, ]; - const { success, createdSignalsCount, lastLookBackDate } = await searchAfterAndBulkCreate({ + const { success, createdSignals, lastLookBackDate } = await searchAfterAndBulkCreate({ ruleSO, tuple, listClient, @@ -572,7 +572,7 @@ describe('searchAfterAndBulkCreate', () => { }); expect(success).toEqual(true); expect(mockService.scopedClusterClient.asCurrentUser.search).toHaveBeenCalledTimes(1); - expect(createdSignalsCount).toEqual(0); // should not create any signals because all events were in the allowlist + expect(createdSignals.length).toEqual(0); // should not create any signals because all events were in the allowlist expect(lastLookBackDate).toEqual(new Date('2020-04-20T21:27:45+0000')); }); @@ -625,7 +625,7 @@ describe('searchAfterAndBulkCreate', () => { }, }, ]; - const { success, createdSignalsCount, lastLookBackDate } = await searchAfterAndBulkCreate({ + const { success, createdSignals, lastLookBackDate } = await searchAfterAndBulkCreate({ ruleSO, tuple, listClient, @@ -644,7 +644,7 @@ describe('searchAfterAndBulkCreate', () => { }); expect(success).toEqual(true); expect(mockService.scopedClusterClient.asCurrentUser.search).toHaveBeenCalledTimes(1); - expect(createdSignalsCount).toEqual(4); + expect(createdSignals.length).toEqual(4); expect(lastLookBackDate).toEqual(new Date('2020-04-20T21:27:45+0000')); }); @@ -699,7 +699,7 @@ describe('searchAfterAndBulkCreate', () => { })) ) ); - const { success, createdSignalsCount, lastLookBackDate } = await searchAfterAndBulkCreate({ + const { success, createdSignals, lastLookBackDate } = await searchAfterAndBulkCreate({ ruleSO, tuple, listClient, @@ -718,7 +718,7 @@ describe('searchAfterAndBulkCreate', () => { }); expect(success).toEqual(true); expect(mockService.scopedClusterClient.asCurrentUser.search).toHaveBeenCalledTimes(2); - expect(createdSignalsCount).toEqual(4); + expect(createdSignals.length).toEqual(4); expect(lastLookBackDate).toEqual(new Date('2020-04-20T21:27:45+0000')); }); @@ -750,7 +750,7 @@ describe('searchAfterAndBulkCreate', () => { ) ) ); - const { success, createdSignalsCount, lastLookBackDate } = await searchAfterAndBulkCreate({ + const { success, createdSignals, lastLookBackDate } = await searchAfterAndBulkCreate({ listClient, exceptionsList: [exceptionItem], tuple, @@ -769,7 +769,7 @@ describe('searchAfterAndBulkCreate', () => { }); expect(mockLogger.error).toHaveBeenCalled(); expect(success).toEqual(false); - expect(createdSignalsCount).toEqual(0); + expect(createdSignals.length).toEqual(0); expect(lastLookBackDate).toEqual(new Date('2020-04-20T21:27:45+0000')); }); @@ -797,7 +797,7 @@ describe('searchAfterAndBulkCreate', () => { })) ) ); - const { success, createdSignalsCount, lastLookBackDate } = await searchAfterAndBulkCreate({ + const { success, createdSignals, lastLookBackDate } = await searchAfterAndBulkCreate({ listClient, exceptionsList: [exceptionItem], tuple, @@ -815,7 +815,7 @@ describe('searchAfterAndBulkCreate', () => { wrapHits, }); expect(success).toEqual(true); - expect(createdSignalsCount).toEqual(0); + expect(createdSignals.length).toEqual(0); expect(lastLookBackDate).toEqual(null); }); @@ -858,7 +858,7 @@ describe('searchAfterAndBulkCreate', () => { }, }, ]; - const { success, createdSignalsCount, lastLookBackDate } = await searchAfterAndBulkCreate({ + const { success, createdSignals, lastLookBackDate } = await searchAfterAndBulkCreate({ listClient, exceptionsList: [exceptionItem], tuple, @@ -876,7 +876,7 @@ describe('searchAfterAndBulkCreate', () => { wrapHits, }); expect(success).toEqual(false); - expect(createdSignalsCount).toEqual(0); // should not create signals if search threw error + expect(createdSignals.length).toEqual(0); // should not create signals if search threw error expect(lastLookBackDate).toEqual(null); }); @@ -979,12 +979,7 @@ describe('searchAfterAndBulkCreate', () => { sampleDocSearchResultsNoSortIdNoHits() ) ); - const { - success, - createdSignalsCount, - lastLookBackDate, - errors, - } = await searchAfterAndBulkCreate({ + const { success, createdSignals, lastLookBackDate, errors } = await searchAfterAndBulkCreate({ ruleSO, tuple, listClient, @@ -1004,7 +999,7 @@ describe('searchAfterAndBulkCreate', () => { expect(success).toEqual(false); expect(errors).toEqual(['error on creation']); expect(mockService.scopedClusterClient.asCurrentUser.search).toHaveBeenCalledTimes(5); - expect(createdSignalsCount).toEqual(4); + expect(createdSignals.length).toEqual(4); expect(lastLookBackDate).toEqual(new Date('2020-04-20T21:27:45+0000')); }); @@ -1079,7 +1074,7 @@ describe('searchAfterAndBulkCreate', () => { ); const mockEnrichment = jest.fn((a) => a); - const { success, createdSignalsCount, lastLookBackDate } = await searchAfterAndBulkCreate({ + const { success, createdSignals, lastLookBackDate } = await searchAfterAndBulkCreate({ enrichment: mockEnrichment, ruleSO, tuple, @@ -1112,7 +1107,7 @@ describe('searchAfterAndBulkCreate', () => { ); expect(success).toEqual(true); expect(mockService.scopedClusterClient.asCurrentUser.search).toHaveBeenCalledTimes(4); - expect(createdSignalsCount).toEqual(3); + expect(createdSignals.length).toEqual(3); expect(lastLookBackDate).toEqual(new Date('2020-04-20T21:27:45+0000')); }); }); diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/create_threat_signals.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/create_threat_signals.ts index 12f00b76ed5e7..04839791e7202 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/create_threat_signals.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/create_threat_signals.ts @@ -132,13 +132,13 @@ export const createThreatSignals = async ({ threatListCount -= threatList.hits.hits.length; logger.debug( buildRuleMessage( - `Concurrent indicator match searches completed with ${results.createdSignalsCount} signals found`, + `Concurrent indicator match searches completed with ${results.createdSignals.length} signals found`, `search times of ${results.searchAfterTimes}ms,`, `bulk create times ${results.bulkCreateTimes}ms,`, `all successes are ${results.success}` ) ); - if (results.createdSignalsCount >= params.maxSignals) { + if (results.createdSignals.length >= params.maxSignals) { logger.debug( buildRuleMessage( `Indicator match has reached its max signals count ${params.maxSignals}. Additional indicator items not checked are ${threatListCount}` diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/utils.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/utils.test.ts index ec826b44023f6..6a49320884444 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/utils.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/utils.test.ts @@ -51,26 +51,22 @@ describe('utils', () => { test('it should combine two results with success set to "true" if both are "true"', () => { const existingResult: SearchAfterAndBulkCreateReturnType = { success: true, - warning: false, searchAfterTimes: ['10', '20', '30'], bulkCreateTimes: ['5', '15', '25'], lastLookBackDate: undefined, - createdSignalsCount: 3, createdSignals: Array(3).fill(sampleSignalHit()), errors: [], - warningMessages: [], + warnings: [], }; const newResult: SearchAfterAndBulkCreateReturnType = { success: true, - warning: false, searchAfterTimes: ['10', '20', '30'], bulkCreateTimes: ['5', '15', '25'], lastLookBackDate: undefined, - createdSignalsCount: 3, createdSignals: Array(3).fill(sampleSignalHit()), errors: [], - warningMessages: [], + warnings: [], }; const combinedResults = combineResults(existingResult, newResult); expect(combinedResults.success).toEqual(true); @@ -79,26 +75,22 @@ describe('utils', () => { test('it should combine two results with success set to "false" if one of them is "false"', () => { const existingResult: SearchAfterAndBulkCreateReturnType = { success: false, - warning: false, searchAfterTimes: ['10', '20', '30'], bulkCreateTimes: ['5', '15', '25'], lastLookBackDate: undefined, - createdSignalsCount: 3, createdSignals: Array(3).fill(sampleSignalHit()), errors: [], - warningMessages: [], + warnings: [], }; const newResult: SearchAfterAndBulkCreateReturnType = { success: true, - warning: false, searchAfterTimes: ['10', '20', '30'], bulkCreateTimes: ['5', '15', '25'], lastLookBackDate: undefined, - createdSignalsCount: 3, createdSignals: Array(3).fill(sampleSignalHit()), errors: [], - warningMessages: [], + warnings: [], }; const combinedResults = combineResults(existingResult, newResult); expect(combinedResults.success).toEqual(false); @@ -107,26 +99,22 @@ describe('utils', () => { test('it should use the latest date if it is set in the new result', () => { const existingResult: SearchAfterAndBulkCreateReturnType = { success: false, - warning: false, searchAfterTimes: ['10', '20', '30'], bulkCreateTimes: ['5', '15', '25'], lastLookBackDate: undefined, - createdSignalsCount: 3, createdSignals: Array(3).fill(sampleSignalHit()), errors: [], - warningMessages: [], + warnings: [], }; const newResult: SearchAfterAndBulkCreateReturnType = { success: true, - warning: false, searchAfterTimes: ['10', '20', '30'], bulkCreateTimes: ['5', '15', '25'], lastLookBackDate: new Date('2020-09-16T03:34:32.390Z'), - createdSignalsCount: 3, createdSignals: Array(3).fill(sampleSignalHit()), errors: [], - warningMessages: [], + warnings: [], }; const combinedResults = combineResults(existingResult, newResult); expect(combinedResults.lastLookBackDate?.toISOString()).toEqual('2020-09-16T03:34:32.390Z'); @@ -135,26 +123,22 @@ describe('utils', () => { test('it should combine the searchAfterTimes and the bulkCreateTimes', () => { const existingResult: SearchAfterAndBulkCreateReturnType = { success: false, - warning: false, searchAfterTimes: ['10', '20', '30'], bulkCreateTimes: ['5', '15', '25'], lastLookBackDate: undefined, - createdSignalsCount: 3, createdSignals: Array(3).fill(sampleSignalHit()), errors: [], - warningMessages: [], + warnings: [], }; const newResult: SearchAfterAndBulkCreateReturnType = { success: true, - warning: false, searchAfterTimes: ['10', '20', '30'], bulkCreateTimes: ['5', '15', '25'], lastLookBackDate: new Date('2020-09-16T03:34:32.390Z'), - createdSignalsCount: 3, createdSignals: Array(3).fill(sampleSignalHit()), errors: [], - warningMessages: [], + warnings: [], }; const combinedResults = combineResults(existingResult, newResult); expect(combinedResults).toEqual( @@ -168,26 +152,22 @@ describe('utils', () => { test('it should combine errors together without duplicates', () => { const existingResult: SearchAfterAndBulkCreateReturnType = { success: false, - warning: false, searchAfterTimes: ['10', '20', '30'], bulkCreateTimes: ['5', '15', '25'], lastLookBackDate: undefined, - createdSignalsCount: 3, createdSignals: Array(3).fill(sampleSignalHit()), errors: ['error 1', 'error 2', 'error 3'], - warningMessages: [], + warnings: [], }; const newResult: SearchAfterAndBulkCreateReturnType = { success: true, - warning: false, searchAfterTimes: ['10', '20', '30'], bulkCreateTimes: ['5', '15', '25'], lastLookBackDate: new Date('2020-09-16T03:34:32.390Z'), - createdSignalsCount: 3, createdSignals: Array(3).fill(sampleSignalHit()), errors: ['error 4', 'error 1', 'error 3', 'error 5'], - warningMessages: [], + warnings: [], }; const combinedResults = combineResults(existingResult, newResult); expect(combinedResults).toEqual( @@ -292,25 +272,21 @@ describe('utils', () => { test('it should use the maximum found if given an empty array for newResults', () => { const existingResult: SearchAfterAndBulkCreateReturnType = { success: true, - warning: false, searchAfterTimes: ['10', '20', '30'], bulkCreateTimes: ['5', '15', '25'], lastLookBackDate: undefined, - createdSignalsCount: 3, createdSignals: Array(3).fill(sampleSignalHit()), errors: [], - warningMessages: [], + warnings: [], }; const expectedResult: SearchAfterAndBulkCreateReturnType = { success: true, - warning: false, searchAfterTimes: ['30'], // max value from existingResult.searchAfterTimes bulkCreateTimes: ['25'], // max value from existingResult.bulkCreateTimes lastLookBackDate: undefined, - createdSignalsCount: 3, createdSignals: Array(3).fill(sampleSignalHit()), errors: [], - warningMessages: [], + warnings: [], }; const combinedResults = combineConcurrentResults(existingResult, []); expect(combinedResults).toEqual(expectedResult); @@ -319,36 +295,30 @@ describe('utils', () => { test('it should work with empty arrays for searchAfterTimes and bulkCreateTimes and createdSignals', () => { const existingResult: SearchAfterAndBulkCreateReturnType = { success: true, - warning: false, searchAfterTimes: ['10', '20', '30'], bulkCreateTimes: ['5', '15', '25'], lastLookBackDate: undefined, - createdSignalsCount: 3, createdSignals: Array(3).fill(sampleSignalHit()), errors: [], - warningMessages: [], + warnings: [], }; const newResult: SearchAfterAndBulkCreateReturnType = { success: true, - warning: false, searchAfterTimes: [], bulkCreateTimes: [], lastLookBackDate: undefined, - createdSignalsCount: 0, createdSignals: [], errors: [], - warningMessages: [], + warnings: [], }; const expectedResult: SearchAfterAndBulkCreateReturnType = { success: true, - warning: false, searchAfterTimes: ['30'], // max value from existingResult.searchAfterTimes bulkCreateTimes: ['25'], // max value from existingResult.bulkCreateTimes lastLookBackDate: undefined, - createdSignalsCount: 3, createdSignals: Array(3).fill(sampleSignalHit()), errors: [], - warningMessages: [], + warnings: [], }; const combinedResults = combineConcurrentResults(existingResult, [newResult]); @@ -358,48 +328,40 @@ describe('utils', () => { test('it should get the max of two new results and then combine the result with an existingResult correctly', () => { const existingResult: SearchAfterAndBulkCreateReturnType = { success: true, - warning: false, searchAfterTimes: ['10', '20', '30'], // max is 30 bulkCreateTimes: ['5', '15', '25'], // max is 25 lastLookBackDate: undefined, - createdSignalsCount: 3, createdSignals: Array(3).fill(sampleSignalHit()), errors: [], - warningMessages: [], + warnings: [], }; const newResult1: SearchAfterAndBulkCreateReturnType = { success: true, - warning: false, searchAfterTimes: ['10', '20', '30'], bulkCreateTimes: ['5', '15', '25'], lastLookBackDate: new Date('2020-09-16T03:34:32.390Z'), - createdSignalsCount: 5, createdSignals: Array(5).fill(sampleSignalHit()), errors: [], - warningMessages: [], + warnings: [], }; const newResult2: SearchAfterAndBulkCreateReturnType = { success: true, - warning: false, searchAfterTimes: ['40', '5', '15'], bulkCreateTimes: ['50', '5', '15'], lastLookBackDate: new Date('2020-09-16T04:34:32.390Z'), - createdSignalsCount: 8, createdSignals: Array(8).fill(sampleSignalHit()), errors: [], - warningMessages: [], + warnings: [], }; const expectedResult: SearchAfterAndBulkCreateReturnType = { success: true, - warning: false, searchAfterTimes: ['70'], // max value between newResult1 and newResult2 + max array value of existingResult (40 + 30 = 70) bulkCreateTimes: ['75'], // max value between newResult1 and newResult2 + max array value of existingResult (50 + 25 = 75) lastLookBackDate: new Date('2020-09-16T04:34:32.390Z'), // max lastLookBackDate - createdSignalsCount: 16, // all the signals counted together (8 + 5 + 3) createdSignals: Array(16).fill(sampleSignalHit()), errors: [], - warningMessages: [], + warnings: [], }; const combinedResults = combineConcurrentResults(existingResult, [newResult1, newResult2]); @@ -409,48 +371,40 @@ describe('utils', () => { test('it should get the max of two new results and then combine the result with an existingResult correctly when the results are flipped around', () => { const existingResult: SearchAfterAndBulkCreateReturnType = { success: true, - warning: false, searchAfterTimes: ['10', '20', '30'], // max is 30 bulkCreateTimes: ['5', '15', '25'], // max is 25 lastLookBackDate: undefined, - createdSignalsCount: 3, createdSignals: Array(3).fill(sampleSignalHit()), errors: [], - warningMessages: [], + warnings: [], }; const newResult1: SearchAfterAndBulkCreateReturnType = { success: true, - warning: false, searchAfterTimes: ['10', '20', '30'], bulkCreateTimes: ['5', '15', '25'], lastLookBackDate: new Date('2020-09-16T03:34:32.390Z'), - createdSignalsCount: 5, createdSignals: Array(5).fill(sampleSignalHit()), errors: [], - warningMessages: [], + warnings: [], }; const newResult2: SearchAfterAndBulkCreateReturnType = { success: true, - warning: false, searchAfterTimes: ['40', '5', '15'], bulkCreateTimes: ['50', '5', '15'], lastLookBackDate: new Date('2020-09-16T04:34:32.390Z'), - createdSignalsCount: 8, createdSignals: Array(8).fill(sampleSignalHit()), errors: [], - warningMessages: [], + warnings: [], }; const expectedResult: SearchAfterAndBulkCreateReturnType = { success: true, - warning: false, searchAfterTimes: ['70'], // max value between newResult1 and newResult2 + max array value of existingResult (40 + 30 = 70) bulkCreateTimes: ['75'], // max value between newResult1 and newResult2 + max array value of existingResult (50 + 25 = 75) lastLookBackDate: new Date('2020-09-16T04:34:32.390Z'), // max lastLookBackDate - createdSignalsCount: 16, // all the signals counted together (8 + 5 + 3) createdSignals: Array(16).fill(sampleSignalHit()), errors: [], - warningMessages: [], + warnings: [], }; const combinedResults = combineConcurrentResults(existingResult, [newResult2, newResult1]); // two array elements are flipped @@ -460,48 +414,40 @@ describe('utils', () => { test('it should return the max date correctly if one date contains a null', () => { const existingResult: SearchAfterAndBulkCreateReturnType = { success: true, - warning: false, searchAfterTimes: ['10', '20', '30'], // max is 30 bulkCreateTimes: ['5', '15', '25'], // max is 25 lastLookBackDate: undefined, - createdSignalsCount: 3, createdSignals: Array(3).fill(sampleSignalHit()), errors: [], - warningMessages: [], + warnings: [], }; const newResult1: SearchAfterAndBulkCreateReturnType = { success: true, - warning: false, searchAfterTimes: ['10', '20', '30'], bulkCreateTimes: ['5', '15', '25'], lastLookBackDate: new Date('2020-09-16T03:34:32.390Z'), - createdSignalsCount: 5, createdSignals: Array(5).fill(sampleSignalHit()), errors: [], - warningMessages: [], + warnings: [], }; const newResult2: SearchAfterAndBulkCreateReturnType = { success: true, - warning: false, searchAfterTimes: ['40', '5', '15'], bulkCreateTimes: ['50', '5', '15'], lastLookBackDate: null, - createdSignalsCount: 8, createdSignals: Array(8).fill(sampleSignalHit()), errors: [], - warningMessages: [], + warnings: [], }; const expectedResult: SearchAfterAndBulkCreateReturnType = { success: true, - warning: false, searchAfterTimes: ['70'], // max value between newResult1 and newResult2 + max array value of existingResult (40 + 30 = 70) bulkCreateTimes: ['75'], // max value between newResult1 and newResult2 + max array value of existingResult (50 + 25 = 75) lastLookBackDate: new Date('2020-09-16T03:34:32.390Z'), // max lastLookBackDate - createdSignalsCount: 16, // all the signals counted together (8 + 5 + 3) createdSignals: Array(16).fill(sampleSignalHit()), errors: [], - warningMessages: [], + warnings: [], }; const combinedResults = combineConcurrentResults(existingResult, [newResult1, newResult2]); @@ -511,26 +457,22 @@ describe('utils', () => { test('it should combine two results with success set to "true" if both are "true"', () => { const existingResult: SearchAfterAndBulkCreateReturnType = { success: true, - warning: false, searchAfterTimes: ['10', '20', '30'], bulkCreateTimes: ['5', '15', '25'], lastLookBackDate: undefined, - createdSignalsCount: 3, createdSignals: Array(3).fill(sampleSignalHit()), errors: [], - warningMessages: [], + warnings: [], }; const newResult: SearchAfterAndBulkCreateReturnType = { success: true, - warning: false, searchAfterTimes: ['10', '20', '30'], bulkCreateTimes: ['5', '15', '25'], lastLookBackDate: undefined, - createdSignalsCount: 3, createdSignals: Array(3).fill(sampleSignalHit()), errors: [], - warningMessages: [], + warnings: [], }; const combinedResults = combineConcurrentResults(existingResult, [newResult]); expect(combinedResults.success).toEqual(true); @@ -539,26 +481,22 @@ describe('utils', () => { test('it should combine two results with success set to "false" if one of them is "false"', () => { const existingResult: SearchAfterAndBulkCreateReturnType = { success: false, - warning: false, searchAfterTimes: ['10', '20', '30'], bulkCreateTimes: ['5', '15', '25'], lastLookBackDate: undefined, - createdSignalsCount: 3, createdSignals: Array(3).fill(sampleSignalHit()), errors: [], - warningMessages: [], + warnings: [], }; const newResult: SearchAfterAndBulkCreateReturnType = { success: true, - warning: false, searchAfterTimes: ['10', '20', '30'], bulkCreateTimes: ['5', '15', '25'], lastLookBackDate: undefined, - createdSignalsCount: 3, createdSignals: Array(3).fill(sampleSignalHit()), errors: [], - warningMessages: [], + warnings: [], }; const combinedResults = combineConcurrentResults(existingResult, [newResult]); expect(combinedResults.success).toEqual(false); @@ -567,26 +505,22 @@ describe('utils', () => { test('it should use the latest date if it is set in the new result', () => { const existingResult: SearchAfterAndBulkCreateReturnType = { success: false, - warning: false, searchAfterTimes: ['10', '20', '30'], bulkCreateTimes: ['5', '15', '25'], lastLookBackDate: undefined, - createdSignalsCount: 3, createdSignals: Array(3).fill(sampleSignalHit()), errors: [], - warningMessages: [], + warnings: [], }; const newResult: SearchAfterAndBulkCreateReturnType = { success: true, - warning: false, searchAfterTimes: ['10', '20', '30'], bulkCreateTimes: ['5', '15', '25'], lastLookBackDate: new Date('2020-09-16T03:34:32.390Z'), - createdSignalsCount: 3, createdSignals: Array(3).fill(sampleSignalHit()), errors: [], - warningMessages: [], + warnings: [], }; const combinedResults = combineConcurrentResults(existingResult, [newResult]); expect(combinedResults.lastLookBackDate?.toISOString()).toEqual('2020-09-16T03:34:32.390Z'); @@ -595,26 +529,22 @@ describe('utils', () => { test('it should combine the searchAfterTimes and the bulkCreateTimes', () => { const existingResult: SearchAfterAndBulkCreateReturnType = { success: false, - warning: false, searchAfterTimes: ['10', '20', '30'], bulkCreateTimes: ['5', '15', '25'], lastLookBackDate: undefined, - createdSignalsCount: 3, createdSignals: Array(3).fill(sampleSignalHit()), errors: [], - warningMessages: [], + warnings: [], }; const newResult: SearchAfterAndBulkCreateReturnType = { success: true, - warning: false, searchAfterTimes: ['10', '20', '30'], bulkCreateTimes: ['5', '15', '25'], lastLookBackDate: new Date('2020-09-16T03:34:32.390Z'), - createdSignalsCount: 3, createdSignals: Array(3).fill(sampleSignalHit()), errors: [], - warningMessages: [], + warnings: [], }; const combinedResults = combineConcurrentResults(existingResult, [newResult]); expect(combinedResults).toEqual( @@ -628,26 +558,22 @@ describe('utils', () => { test('it should combine errors together without duplicates', () => { const existingResult: SearchAfterAndBulkCreateReturnType = { success: false, - warning: false, searchAfterTimes: ['10', '20', '30'], bulkCreateTimes: ['5', '15', '25'], lastLookBackDate: undefined, - createdSignalsCount: 3, createdSignals: Array(3).fill(sampleSignalHit()), errors: ['error 1', 'error 2', 'error 3'], - warningMessages: [], + warnings: [], }; const newResult: SearchAfterAndBulkCreateReturnType = { success: true, - warning: false, searchAfterTimes: ['10', '20', '30'], bulkCreateTimes: ['5', '15', '25'], lastLookBackDate: new Date('2020-09-16T03:34:32.390Z'), - createdSignalsCount: 3, createdSignals: Array(3).fill(sampleSignalHit()), errors: ['error 4', 'error 1', 'error 3', 'error 5'], - warningMessages: [], + warnings: [], }; const combinedResults = combineConcurrentResults(existingResult, [newResult]); expect(combinedResults).toEqual( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/utils.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/utils.ts index 4d9fda43f032e..9fd25ddf5aa34 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/utils.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/utils.ts @@ -66,16 +66,14 @@ export const combineResults = ( newResult: SearchAfterAndBulkCreateReturnType ): SearchAfterAndBulkCreateReturnType => ({ success: currentResult.success === false ? false : newResult.success, - warning: currentResult.warning || newResult.warning, bulkCreateTimes: calculateAdditiveMax(currentResult.bulkCreateTimes, newResult.bulkCreateTimes), searchAfterTimes: calculateAdditiveMax( currentResult.searchAfterTimes, newResult.searchAfterTimes ), lastLookBackDate: newResult.lastLookBackDate, - createdSignalsCount: currentResult.createdSignalsCount + newResult.createdSignalsCount, createdSignals: [...currentResult.createdSignals, ...newResult.createdSignals], - warningMessages: [...currentResult.warningMessages, ...newResult.warningMessages], + warnings: [...currentResult.warnings, ...newResult.warnings], errors: [...new Set([...currentResult.errors, ...newResult.errors])], }); @@ -95,26 +93,22 @@ export const combineConcurrentResults = ( const lastLookBackDate = calculateMaxLookBack(accum.lastLookBackDate, item.lastLookBackDate); return { success: accum.success && item.success, - warning: accum.warning || item.warning, searchAfterTimes: [maxSearchAfterTime], bulkCreateTimes: [maxBulkCreateTimes], lastLookBackDate, - createdSignalsCount: accum.createdSignalsCount + item.createdSignalsCount, createdSignals: [...accum.createdSignals, ...item.createdSignals], - warningMessages: [...accum.warningMessages, ...item.warningMessages], + warnings: [...accum.warnings, ...item.warnings], errors: [...new Set([...accum.errors, ...item.errors])], }; }, { success: true, - warning: false, searchAfterTimes: [], bulkCreateTimes: [], lastLookBackDate: undefined, - createdSignalsCount: 0, createdSignals: [], errors: [], - warningMessages: [], + warnings: [], } ); diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.test.ts index 4d5ac05957a4b..a9b7ded0a8ae2 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.test.ts @@ -1076,14 +1076,12 @@ describe('utils', () => { }); const expected: SearchAfterAndBulkCreateReturnType = { bulkCreateTimes: [], - createdSignalsCount: 0, createdSignals: [], errors: [], lastLookBackDate: null, searchAfterTimes: [], success: true, - warning: false, - warningMessages: [], + warnings: [], }; expect(newSearchResult).toEqual(expected); }); @@ -1096,14 +1094,12 @@ describe('utils', () => { }); const expected: SearchAfterAndBulkCreateReturnType = { bulkCreateTimes: [], - createdSignalsCount: 0, createdSignals: [], errors: [], lastLookBackDate: new Date('2020-04-20T21:27:45.000Z'), searchAfterTimes: [], success: true, - warning: false, - warningMessages: [], + warnings: [], }; expect(newSearchResult).toEqual(expected); }); @@ -1414,14 +1410,12 @@ describe('utils', () => { const searchAfterReturnType = createSearchAfterReturnType(); const expected: SearchAfterAndBulkCreateReturnType = { bulkCreateTimes: [], - createdSignalsCount: 0, createdSignals: [], errors: [], lastLookBackDate: null, searchAfterTimes: [], success: true, - warning: false, - warningMessages: [], + warnings: [], }; expect(searchAfterReturnType).toEqual(expected); }); @@ -1429,45 +1423,38 @@ describe('utils', () => { test('createSearchAfterReturnType can override all values', () => { const searchAfterReturnType = createSearchAfterReturnType({ bulkCreateTimes: ['123'], - createdSignalsCount: 5, createdSignals: Array(5).fill(sampleSignalHit()), errors: ['error 1'], lastLookBackDate: new Date('2020-09-21T18:51:25.193Z'), searchAfterTimes: ['123'], success: false, - warning: true, - warningMessages: ['test warning'], + warnings: ['test warning'], }); const expected: SearchAfterAndBulkCreateReturnType = { bulkCreateTimes: ['123'], - createdSignalsCount: 5, createdSignals: Array(5).fill(sampleSignalHit()), errors: ['error 1'], lastLookBackDate: new Date('2020-09-21T18:51:25.193Z'), searchAfterTimes: ['123'], success: false, - warning: true, - warningMessages: ['test warning'], + warnings: ['test warning'], }; expect(searchAfterReturnType).toEqual(expected); }); test('createSearchAfterReturnType can override select values', () => { const searchAfterReturnType = createSearchAfterReturnType({ - createdSignalsCount: 5, createdSignals: Array(5).fill(sampleSignalHit()), errors: ['error 1'], }); const expected: SearchAfterAndBulkCreateReturnType = { bulkCreateTimes: [], - createdSignalsCount: 5, createdSignals: Array(5).fill(sampleSignalHit()), errors: ['error 1'], lastLookBackDate: null, searchAfterTimes: [], success: true, - warning: false, - warningMessages: [], + warnings: [], }; expect(searchAfterReturnType).toEqual(expected); }); @@ -1478,14 +1465,12 @@ describe('utils', () => { const merged = mergeReturns([createSearchAfterReturnType(), createSearchAfterReturnType()]); const expected: SearchAfterAndBulkCreateReturnType = { bulkCreateTimes: [], - createdSignalsCount: 0, createdSignals: [], errors: [], lastLookBackDate: null, searchAfterTimes: [], success: true, - warning: false, - warningMessages: [], + warnings: [], }; expect(merged).toEqual(expected); }); @@ -1534,36 +1519,31 @@ describe('utils', () => { const merged = mergeReturns([ createSearchAfterReturnType({ bulkCreateTimes: ['123'], - createdSignalsCount: 3, createdSignals: Array(3).fill(sampleSignalHit()), errors: ['error 1', 'error 2'], lastLookBackDate: new Date('2020-08-21T18:51:25.193Z'), searchAfterTimes: ['123'], success: true, - warningMessages: ['warning1'], + warnings: ['warning1'], }), createSearchAfterReturnType({ bulkCreateTimes: ['456'], - createdSignalsCount: 2, createdSignals: Array(2).fill(sampleSignalHit()), errors: ['error 3'], lastLookBackDate: new Date('2020-09-21T18:51:25.193Z'), searchAfterTimes: ['567'], success: true, - warningMessages: ['warning2'], - warning: true, + warnings: ['warning2'], }), ]); const expected: SearchAfterAndBulkCreateReturnType = { bulkCreateTimes: ['123', '456'], // concatenates the prev and next together - createdSignalsCount: 5, // Adds the 3 and 2 together createdSignals: Array(5).fill(sampleSignalHit()), errors: ['error 1', 'error 2', 'error 3'], // concatenates the prev and next together lastLookBackDate: new Date('2020-09-21T18:51:25.193Z'), // takes the next lastLookBackDate searchAfterTimes: ['123', '567'], // concatenates the searchAfterTimes together success: true, // Defaults to success true is all of it was successful - warning: true, - warningMessages: ['warning1', 'warning2'], + warnings: ['warning1', 'warning2'], }; expect(merged).toEqual(expected); });