Fix alert _id and uuid should match (#15)

elastic · Jun 28, 2024 · d5aea57 · d5aea57
1 parent ca5fd4e
commit d5aea57
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 5 deletions.
diff --git a/src/commands/documents.ts b/src/commands/documents.ts
@@ -1,5 +1,5 @@
 
-import createAlerts from '../createAlerts';
+import createAlerts, { BaseCreateAlertsReturnType } from '../createAlerts';
 import createEvents from '../createEvents';
 import eventMappings from '../mappings/eventMappings.json' assert { type: 'json' };
 import { getEsClient, indexCheck } from './utils/index';
@@ -55,9 +55,9 @@ interface DocumentCreator {
 	(descriptor: { id_field: string, id_value: string }): object;
 }
 
-const alertToBatchOps = (alert: object, index: string): unknown[] => {
+const alertToBatchOps = (alert: BaseCreateAlertsReturnType, index: string): unknown[] => {
   return [
-    { index: { _index: index } },
+    { index: { _index: index, _id: alert['kibana.alert.uuid'] } },
     { ...alert },
   ];
 

diff --git a/src/createAlerts.ts b/src/createAlerts.ts
@@ -46,7 +46,7 @@ function baseCreateAlerts({
     'kibana.alert.rule.category': 'Custom Query Rule',
     'kibana.alert.rule.consumer': 'siem',
     'kibana.alert.rule.execution.uuid': faker.string.uuid(),
-    'kibana.alert.rule.name': '1',
+    'kibana.alert.rule.name': 'Alert create by documents-generator',
     'kibana.alert.rule.producer': 'siem',
     'kibana.alert.rule.rule_type_id': 'siem.queryRule',
     'kibana.alert.rule.uuid': faker.string.uuid(),
@@ -105,13 +105,15 @@ function baseCreateAlerts({
   }
 }
 
+export type BaseCreateAlertsReturnType = ReturnType<typeof baseCreateAlerts>;
+
 export default function createAlerts<O extends object>(override: O, {
   userName,
   hostName,
 } : {
   userName?: string,
   hostName?: string,
 } = {
-}): O & ReturnType<typeof baseCreateAlerts> {
+}): O & BaseCreateAlertsReturnType {
   return { ...baseCreateAlerts({ userName, hostName}), ...override };
 }