diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.test.ts index cdd3e667df71f..b87889106e8e9 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.test.ts @@ -194,13 +194,16 @@ describe('rules_notification_alert_type', () => { 'myfa*': { read: true, }, + 'anotherindex*': { + read: true, + }, 'some*': { read: false, }, }, application: {}, }); - payload.params.index = ['some*', 'myfa*']; + payload.params.index = ['some*', 'myfa*', 'anotherindex*']; await alert.executor(payload); expect(ruleStatusService.partialFailure).toHaveBeenCalled(); expect(ruleStatusService.partialFailure.mock.calls[0][0]).toContain( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts index 60be3b04881c9..dd658c232ace1 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts @@ -179,10 +179,7 @@ export const signalRulesAlertType = ({ (indexName) => privileges.index[indexName].read ); - if ( - indexesWithReadPrivileges.length > 0 && - indexesWithNoReadPrivileges.length >= indexesWithReadPrivileges.length - ) { + if (indexesWithReadPrivileges.length > 0 && indexesWithNoReadPrivileges.length > 0) { // some indices have read privileges others do not. // set a partial failure status const errorString = `Missing required read permissions on indexes: ${JSON.stringify(