Enabled creation detector without rules (#143)

Signed-off-by: Stevan Buzejic <[email protected]>

Signed-off-by: Stevan Buzejic <[email protected]>
Co-authored-by: Stevan Buzejic <[email protected]>

src/main/java/org/opensearch/securityanalytics/transport/TransportIndexDetectorAction.java

@@ -193,6 +193,7 @@ private void createMonitorFromQueries(String index, List<Pair<String, Rule>> rul
         }
         // Do nothing if detector doesn't have any monitor
         if(monitorRequests.isEmpty()){
+            listener.onResponse(Collections.emptyList());
             return;
         }
 

src/test/java/org/opensearch/securityanalytics/resthandler/DetectorRestApiIT.java

@@ -104,6 +104,54 @@ public void testCreatingADetector() throws IOException {
         Assert.assertEquals(5, noOfSigmaRuleMatches);
     }
 
+    /**
+     * 1. Creates detector with no rules
+     * 2. Detector without rules and monitors created successfully
+     * @throws IOException
+     */
+    public void testCreateDetectorWithoutRules() throws IOException {
+        String index = createTestIndex(randomIndex(), windowsIndexMapping());
+
+        // Execute CreateMappingsAction to add alias mapping for index
+        Request createMappingRequest = new Request("POST", SecurityAnalyticsPlugin.MAPPER_BASE_URI);
+        // both req params and req body are supported
+        createMappingRequest.setJsonEntity(
+            "{ \"index_name\":\"" + index + "\"," +
+                "  \"rule_topic\":\"" + randomDetectorType() + "\", " +
+                "  \"partial\":true" +
+                "}"
+        );
+
+        Response createMappingResponse = client().performRequest(createMappingRequest);
+        assertEquals(HttpStatus.SC_OK, createMappingResponse.getStatusLine().getStatusCode());
+
+        Detector detector = randomDetector(Collections.emptyList());
+
+        Response createResponse = makeRequest(client(), "POST", SecurityAnalyticsPlugin.DETECTOR_BASE_URI, Collections.emptyMap(), toHttpEntity(detector));
+        Assert.assertEquals("Create detector failed", RestStatus.CREATED, restStatus(createResponse));
+
+        Map<String, Object> responseBody = asMap(createResponse);
+
+        // Verify rules
+        String request = "{\n" +
+            "   \"query\" : {\n" +
+            "     \"match_all\":{\n" +
+            "     }\n" +
+            "   }\n" +
+            "}";
+        SearchResponse response = executeSearchAndGetResponse(DetectorMonitorConfig.getRuleIndex(randomDetectorType()), request, true);
+        Assert.assertEquals(0, response.getHits().getTotalHits().value);
+
+        String createdId = responseBody.get("_id").toString();
+        int createdVersion = Integer.parseInt(responseBody.get("_version").toString());
+        Assert.assertNotEquals("response is missing Id", Detector.NO_ID, createdId);
+        Assert.assertTrue("incorrect version", createdVersion > 0);
+        Assert.assertEquals("Incorrect Location header", String.format(Locale.getDefault(), "%s/%s", SecurityAnalyticsPlugin.DETECTOR_BASE_URI, createdId), createResponse.getHeader("Location"));
+        Assert.assertFalse(((Map<String, Object>) responseBody.get("detector")).containsKey("rule_topic_index"));
+        Assert.assertFalse(((Map<String, Object>) responseBody.get("detector")).containsKey("findings_index"));
+        Assert.assertFalse(((Map<String, Object>) responseBody.get("detector")).containsKey("alert_index"));
+    }
+
     public void testGettingADetector() throws IOException {
         String index = createTestIndex(randomIndex(), windowsIndexMapping());