Skip to content

Commit

Permalink
Add possibility to update threat_indicator_path for prebuilt rule (el…
Browse files Browse the repository at this point in the history
…astic#116583)

* Add possibility to update threat_indicator_path for prebuiltt rule

* Fix types

* adds update_prepacked_rules test

Co-authored-by: Kibana Machine <[email protected]>
Co-authored-by: Ece Ozalp <[email protected]>
  • Loading branch information
3 people committed Nov 29, 2021
1 parent ce2b03c commit 12f4309
Show file tree
Hide file tree
Showing 10 changed files with 56 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -326,6 +326,7 @@ export const importRulesRoute = (
threshold,
threatFilters,
threatIndex,
threatIndicatorPath,
threatQuery,
threatMapping,
threatLanguage,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,7 @@ export const patchRulesBulkRoute = (
threshold,
threat_filters: threatFilters,
threat_index: threatIndex,
threat_indicator_path: threatIndicatorPath,
threat_query: threatQuery,
threat_mapping: threatMapping,
threat_language: threatLanguage,
Expand Down Expand Up @@ -178,6 +179,7 @@ export const patchRulesBulkRoute = (
threshold,
threatFilters,
threatIndex,
threatIndicatorPath,
threatQuery,
threatMapping,
threatLanguage,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,7 @@ export const patchRulesRoute = (
threshold,
threat_filters: threatFilters,
threat_index: threatIndex,
threat_indicator_path: threatIndicatorPath,
threat_query: threatQuery,
threat_mapping: threatMapping,
threat_language: threatLanguage,
Expand Down Expand Up @@ -179,6 +180,7 @@ export const patchRulesRoute = (
threshold,
threatFilters,
threatIndex,
threatIndicatorPath,
threatQuery,
threatMapping,
threatLanguage,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ export const getPatchRulesOptionsMock = (isRuleRegistryEnabled: boolean): PatchR
threshold: undefined,
threatFilters: undefined,
threatIndex: undefined,
threatIndicatorPath: undefined,
threatQuery: undefined,
threatMapping: undefined,
threatLanguage: undefined,
Expand Down Expand Up @@ -103,6 +104,7 @@ export const getPatchMlRulesOptionsMock = (isRuleRegistryEnabled: boolean): Patc
threshold: undefined,
threatFilters: undefined,
threatIndex: undefined,
threatIndicatorPath: undefined,
threatQuery: undefined,
threatMapping: undefined,
threatLanguage: undefined,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,7 @@ export const patchRules = async ({
threshold,
threatFilters,
threatIndex,
threatIndicatorPath,
threatQuery,
threatMapping,
threatLanguage,
Expand Down Expand Up @@ -123,6 +124,7 @@ export const patchRules = async ({
threshold,
threatFilters,
threatIndex,
threatIndicatorPath,
threatQuery,
threatMapping,
threatLanguage,
Expand Down Expand Up @@ -170,6 +172,7 @@ export const patchRules = async ({
threshold: threshold ? normalizeThresholdObject(threshold) : undefined,
threatFilters,
threatIndex,
threatIndicatorPath,
threatQuery,
threatMapping,
threatLanguage,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -310,6 +310,7 @@ export interface PatchRulesOptions {
threshold: ThresholdOrUndefined;
threatFilters: ThreatFiltersOrUndefined;
threatIndex: ThreatIndexOrUndefined;
threatIndicatorPath: ThreatIndicatorPathOrUndefined;
threatQuery: ThreatQueryOrUndefined;
threatMapping: ThreatMappingOrUndefined;
threatLanguage: ThreatLanguageOrUndefined;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -63,4 +63,42 @@ describe.each([
})
);
});

it('should update threat match rules', async () => {
const updatedThreatParams = {
threat_index: ['test-index'],
threat_indicator_path: 'test.path',
threat_query: 'threat:*',
};
const prepackagedRule = getAddPrepackagedRulesSchemaDecodedMock();
rulesClient.find.mockResolvedValue(getFindResultWithSingleHit(isRuleRegistryEnabled));

await updatePrepackagedRules(
rulesClient,
savedObjectsClient,
'default',
ruleStatusClient,
[{ ...prepackagedRule, ...updatedThreatParams }],
'output-index',
isRuleRegistryEnabled
);

expect(patchRules).toHaveBeenCalledWith(
expect.objectContaining({
threatIndicatorPath: 'test.path',
})
);

expect(patchRules).toHaveBeenCalledWith(
expect.objectContaining({
threatIndex: ['test-index'],
})
);

expect(patchRules).toHaveBeenCalledWith(
expect.objectContaining({
threatQuery: 'threat:*',
})
);
});
});
Original file line number Diff line number Diff line change
Expand Up @@ -124,6 +124,7 @@ export const createPromises = (
threshold,
threat_filters: threatFilters,
threat_index: threatIndex,
threat_indicator_path: threatIndicatorPath,
threat_query: threatQuery,
threat_mapping: threatMapping,
threat_language: threatLanguage,
Expand Down Expand Up @@ -195,6 +196,7 @@ export const createPromises = (
threshold,
threatFilters,
threatIndex,
threatIndicatorPath,
threatQuery,
threatMapping,
threatLanguage,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,7 @@ describe('utils', () => {
threshold: undefined,
threatFilters: undefined,
threatIndex: undefined,
threatIndicatorPath: undefined,
threatQuery: undefined,
threatMapping: undefined,
threatLanguage: undefined,
Expand Down Expand Up @@ -126,6 +127,7 @@ describe('utils', () => {
threshold: undefined,
threatFilters: undefined,
threatIndex: undefined,
threatIndicatorPath: undefined,
threatQuery: undefined,
threatMapping: undefined,
threatLanguage: undefined,
Expand Down Expand Up @@ -177,6 +179,7 @@ describe('utils', () => {
threshold: undefined,
threatFilters: undefined,
threatIndex: undefined,
threatIndicatorPath: undefined,
threatQuery: undefined,
threatMapping: undefined,
threatLanguage: undefined,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ import type {
ItemsPerSearchOrUndefined,
ThreatFiltersOrUndefined,
ThreatIndexOrUndefined,
ThreatIndicatorPathOrUndefined,
ThreatLanguageOrUndefined,
ThreatMappingOrUndefined,
ThreatQueryOrUndefined,
Expand Down Expand Up @@ -113,6 +114,7 @@ export interface UpdateProperties {
threshold: ThresholdOrUndefined;
threatFilters: ThreatFiltersOrUndefined;
threatIndex: ThreatIndexOrUndefined;
threatIndicatorPath: ThreatIndicatorPathOrUndefined;
threatQuery: ThreatQueryOrUndefined;
threatMapping: ThreatMappingOrUndefined;
threatLanguage: ThreatLanguageOrUndefined;
Expand Down

0 comments on commit 12f4309

Please sign in to comment.