From bdc4f7b11f85a0a20cf4cf1ff24008d2ab46ee0a Mon Sep 17 00:00:00 2001
From: machadoum <pablo.nevesmachado@elastic.co>
Date: Fri, 28 Jun 2024 12:18:50 +0200
Subject: [PATCH] Fix alert _id and uuid should match

---
 src/commands/documents.ts | 6 +++---
 src/createAlerts.ts       | 6 ++++--
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/src/commands/documents.ts b/src/commands/documents.ts
index 23f8432..f7660ca 100644
--- a/src/commands/documents.ts
+++ b/src/commands/documents.ts
@@ -1,5 +1,5 @@
 
-import createAlerts from '../createAlerts';
+import createAlerts, { BaseCreateAlertsReturnType } from '../createAlerts';
 import createEvents from '../createEvents';
 import eventMappings from '../mappings/eventMappings.json' assert { type: 'json' };
 import { getEsClient, indexCheck } from './utils/index';
@@ -55,9 +55,9 @@ interface DocumentCreator {
 	(descriptor: { id_field: string, id_value: string }): object;
 }
 
-const alertToBatchOps = (alert: object, index: string): unknown[] => {
+const alertToBatchOps = (alert: BaseCreateAlertsReturnType, index: string): unknown[] => {
   return [
-    { index: { _index: index } },
+    { index: { _index: index, _id: alert['kibana.alert.uuid'] } },
     { ...alert },
   ];
 
diff --git a/src/createAlerts.ts b/src/createAlerts.ts
index 6ba147b..eb2d7e7 100644
--- a/src/createAlerts.ts
+++ b/src/createAlerts.ts
@@ -46,7 +46,7 @@ function baseCreateAlerts({
     'kibana.alert.rule.category': 'Custom Query Rule',
     'kibana.alert.rule.consumer': 'siem',
     'kibana.alert.rule.execution.uuid': faker.string.uuid(),
-    'kibana.alert.rule.name': '1',
+    'kibana.alert.rule.name': 'Alert create by documents-generator',
     'kibana.alert.rule.producer': 'siem',
     'kibana.alert.rule.rule_type_id': 'siem.queryRule',
     'kibana.alert.rule.uuid': faker.string.uuid(),
@@ -105,6 +105,8 @@ function baseCreateAlerts({
   }
 }
 
+export type BaseCreateAlertsReturnType = ReturnType<typeof baseCreateAlerts>;
+
 export default function createAlerts<O extends object>(override: O, {
   userName,
   hostName,
@@ -112,6 +114,6 @@ export default function createAlerts<O extends object>(override: O, {
   userName?: string,
   hostName?: string,
 } = {
-}): O & ReturnType<typeof baseCreateAlerts> {
+}): O & BaseCreateAlertsReturnType {
   return { ...baseCreateAlerts({ userName, hostName}), ...override };
 }