Skip to content

Commit

Permalink
[RAC][Security Solution] Remove ALERT_RULE_ID in favor of ALERT_RULE_…
Browse files Browse the repository at this point in the history
…UUID (#108922)

* Remove ALERT_RULE_ID in favor of ALERT_RULE_UUID

* Update snapshot

* KEVINNN

* fix test

* Add back home.disableWelcomeScreen=true

* Only disable welcome screen in security solution cypress tests

Co-authored-by: Kibana Machine <[email protected]>
# Conflicts:
#	x-pack/plugins/timelines/public/hooks/use_add_to_case.ts
  • Loading branch information
marshallmain committed Sep 14, 2021
1 parent 92186da commit 90f22a6
Show file tree
Hide file tree
Showing 9 changed files with 18 additions and 29 deletions.
3 changes: 0 additions & 3 deletions packages/kbn-rule-data-utils/src/technical_field_names.ts
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,6 @@ const ALERT_RULE_CREATED_BY = `${ALERT_RULE_NAMESPACE}.created_by` as const;
const ALERT_RULE_DESCRIPTION = `${ALERT_RULE_NAMESPACE}.description` as const;
const ALERT_RULE_ENABLED = `${ALERT_RULE_NAMESPACE}.enabled` as const;
const ALERT_RULE_FROM = `${ALERT_RULE_NAMESPACE}.from` as const;
const ALERT_RULE_ID = `${ALERT_RULE_NAMESPACE}.id` as const;
const ALERT_RULE_INTERVAL = `${ALERT_RULE_NAMESPACE}.interval` as const;
const ALERT_RULE_LICENSE = `${ALERT_RULE_NAMESPACE}.license` as const;
const ALERT_RULE_CATEGORY = `${ALERT_RULE_NAMESPACE}.category` as const;
Expand Down Expand Up @@ -106,7 +105,6 @@ const fields = {
ALERT_RULE_DESCRIPTION,
ALERT_RULE_ENABLED,
ALERT_RULE_FROM,
ALERT_RULE_ID,
ALERT_RULE_INTERVAL,
ALERT_RULE_LICENSE,
ALERT_RULE_NAME,
Expand Down Expand Up @@ -162,7 +160,6 @@ export {
ALERT_RULE_DESCRIPTION,
ALERT_RULE_ENABLED,
ALERT_RULE_FROM,
ALERT_RULE_ID,
ALERT_RULE_INTERVAL,
ALERT_RULE_LICENSE,
ALERT_RULE_NAME,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -94,11 +94,6 @@ export const technicalRuleFieldMap = {
array: false,
required: true,
},
[Fields.ALERT_RULE_ID]: {
type: 'keyword',
array: false,
required: false,
},
[Fields.ALERT_RULE_CREATED_AT]: {
type: 'date',
array: false,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@ import {
ALERT_WORKFLOW_STATUS,
ALERT_UUID,
ALERT_RULE_UUID,
ALERT_RULE_ID,
ALERT_RULE_NAME,
ALERT_RULE_CATEGORY,
} from '@kbn/rule-data-utils';
Expand Down Expand Up @@ -284,7 +283,6 @@ export const requiredFieldMappingsForActionsRuleRegistry = {
'alert.workflow_status': ALERT_WORKFLOW_STATUS,
'alert.duration.us': ALERT_DURATION,
'rule.uuid': ALERT_RULE_UUID,
'rule.id': ALERT_RULE_ID,
'rule.name': ALERT_RULE_NAME,
'rule.category': ALERT_RULE_CATEGORY,
producer: ALERT_RULE_PRODUCER,
Expand Down

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@
"signal.rule.enabled": "kibana.alert.rule.enabled",
"signal.rule.false_positives": "kibana.alert.rule.false_positives",
"signal.rule.from": "kibana.alert.rule.from",
"signal.rule.id": "kibana.alert.rule.id",
"signal.rule.id": "kibana.alert.rule.uuid",
"signal.rule.immutable": "kibana.alert.rule.immutable",
"signal.rule.index": "kibana.alert.rule.index",
"signal.rule.interval": "kibana.alert.rule.interval",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ import {
EVENT_KIND,
SPACE_IDS,
TIMESTAMP,
ALERT_RULE_ID,
ALERT_RULE_UUID,
} from '@kbn/rule-data-utils';
import moment from 'moment';

Expand Down Expand Up @@ -94,7 +94,7 @@ export class RuleRegistryLogClient implements IRuleRegistryLogClient {
}

const filter: estypes.QueryDslQueryContainer[] = [
{ terms: { [ALERT_RULE_ID]: ruleIds } },
{ terms: { [ALERT_RULE_UUID]: ruleIds } },
{ terms: { [SPACE_IDS]: [spaceId] } },
];

Expand All @@ -113,7 +113,7 @@ export class RuleRegistryLogClient implements IRuleRegistryLogClient {
aggs: {
rules: {
terms: {
field: ALERT_RULE_ID,
field: ALERT_RULE_UUID,
size: ruleIds.length,
},
aggs: {
Expand Down Expand Up @@ -147,7 +147,7 @@ export class RuleRegistryLogClient implements IRuleRegistryLogClient {
bucket.most_recent_logs.hits.hits.map<IRuleStatusSOAttributes>((event) => {
const logEntry = parseRuleExecutionLog(event._source);
invariant(
logEntry[ALERT_RULE_ID] ?? '',
logEntry[ALERT_RULE_UUID] ?? '',
'Malformed execution log entry: rule.id field not found'
);

Expand Down Expand Up @@ -181,7 +181,7 @@ export class RuleRegistryLogClient implements IRuleRegistryLogClient {
]
: undefined;

const alertId = logEntry[ALERT_RULE_ID] ?? '';
const alertId = logEntry[ALERT_RULE_UUID] ?? '';
const statusDate = logEntry[TIMESTAMP];
const lastFailureAt = lastFailure?.[TIMESTAMP];
const lastFailureMessage = lastFailure?.[MESSAGE];
Expand Down Expand Up @@ -228,7 +228,7 @@ export class RuleRegistryLogClient implements IRuleRegistryLogClient {
[EVENT_ACTION]: metric,
[EVENT_KIND]: 'metric',
[getMetricField(metric)]: value,
[ALERT_RULE_ID]: ruleId ?? '',
[ALERT_RULE_UUID]: ruleId ?? '',
[TIMESTAMP]: new Date().toISOString(),
[ALERT_RULE_CONSUMER]: SERVER_APP_ID,
[ALERT_RULE_TYPE_ID]: SERVER_APP_ID,
Expand All @@ -251,7 +251,7 @@ export class RuleRegistryLogClient implements IRuleRegistryLogClient {
[EVENT_KIND]: 'event',
[EVENT_SEQUENCE]: this.sequence++,
[MESSAGE]: message,
[ALERT_RULE_ID]: ruleId ?? '',
[ALERT_RULE_UUID]: ruleId ?? '',
[RULE_STATUS_SEVERITY]: statusSeverityDict[newStatus],
[RULE_STATUS]: newStatus,
[TIMESTAMP]: new Date().toISOString(),
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ import { TestProviders, mockGetAllCasesSelectorModal } from '../../../../mock';
import { AddToCaseAction } from './add_to_case_action';
import { SECURITY_SOLUTION_OWNER } from '../../../../../../cases/common';
import { AddToCaseActionButton } from './add_to_case_action_button';
import { ALERT_RULE_UUID } from '@kbn/rule-data-utils';

jest.mock('react-router-dom', () => ({
useLocation: () => ({
Expand Down Expand Up @@ -100,7 +101,7 @@ describe('AddToCaseAction', () => {
{...props}
event={{
_id: 'test-id',
data: [{ field: 'kibana.alert.rule.id', value: ['rule-id'] }],
data: [{ field: ALERT_RULE_UUID, value: ['rule-id'] }],
ecs: {
_id: 'test-id',
_index: 'test-index',
Expand All @@ -112,7 +113,7 @@ describe('AddToCaseAction', () => {
{...props}
event={{
_id: 'test-id',
data: [{ field: 'kibana.alert.rule.id', value: ['rule-id'] }],
data: [{ field: ALERT_RULE_UUID, value: ['rule-id'] }],
ecs: {
_id: 'test-id',
_index: 'test-index',
Expand Down
7 changes: 2 additions & 5 deletions x-pack/plugins/timelines/public/hooks/use_add_to_case.ts
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ import { get, isEmpty } from 'lodash/fp';
import { useState, useCallback, useMemo, SyntheticEvent } from 'react';
import { useLocation } from 'react-router-dom';
import { useDispatch } from 'react-redux';
import { ALERT_RULE_ID, ALERT_RULE_NAME, ALERT_RULE_UUID } from '@kbn/rule-data-utils';
import { ALERT_RULE_NAME, ALERT_RULE_UUID } from '@kbn/rule-data-utils';
import { useKibana } from '../../../../../src/plugins/kibana_react/public';
import { Case, SubCase } from '../../../cases/common';
import { TimelinesStartServices } from '../types';
Expand Down Expand Up @@ -243,15 +243,12 @@ export const useAddToCase = ({
};

export function normalizedEventFields(event?: TimelineItem) {
const ruleId = event && event.data.find(({ field }) => field === ALERT_RULE_ID);
const ruleUuid = event && event.data.find(({ field }) => field === ALERT_RULE_UUID);
const ruleName = event && event.data.find(({ field }) => field === ALERT_RULE_NAME);
const ruleIdValue = ruleId && ruleId.value && ruleId.value[0];
const ruleUuidValue = ruleUuid && ruleUuid.value && ruleUuid.value[0];
const ruleNameValue = ruleName && ruleName.value && ruleName.value[0];
const idToUse = ruleIdValue ? ruleIdValue : ruleUuidValue;
const id =
idToUse ??
ruleUuidValue ??
get(`ecs.${ALERT_RULE_UUID}[0]`, event) ??
get(`ecs.signal.rule.id[0]`, event) ??
null;
Expand Down
1 change: 1 addition & 0 deletions x-pack/test/security_solution_cypress/config.ts
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) {
// retrieve rules from the filesystem but not from fleet for Cypress tests
'--xpack.securitySolution.prebuiltRulesFromFileSystem=true',
'--xpack.securitySolution.prebuiltRulesFromSavedObjects=false',
`--home.disableWelcomeScreen=true`,
],
},
};
Expand Down

0 comments on commit 90f22a6

Please sign in to comment.