maxmustermann/kibana
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

[CTI] Adds indicator match rule improvements (#97310)

Browse source 
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
This commit is contained in:
Ece Özalp 2021-07-19 15:36:22 -04:00 committed by GitHub
parent 15285bf03b
commit 7e4c73ad2e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/get_threat_list.test.ts
View file

@ -16,7 +16,7 @@ describe('get_threat_signals', () => {
index: ['index-123'],
listItemIndex: 'list-index-123',
});
expect(sortOrder).toEqual([{ '@timestamp': 'asc' }]);
expect(sortOrder).toEqual([{ '@timestamp': 'desc' }]);
});
test('it should return sort field of just tie_breaker_id if given no sort order for a list item index', () => {
@ -29,14 +29,14 @@ describe('get_threat_signals', () => {
expect(sortOrder).toEqual([{ tie_breaker_id: 'asc' }]);
});
test('it should return sort field of timestamp with asc even if sortOrder is changed as it is hard wired in', () => {
test('it should return sort field of timestamp with desc even if sortOrder is changed as it is hard wired in', () => {
const sortOrder = getSortWithTieBreaker({
sortField: undefined,
sortOrder: 'desc',
index: ['index-123'],
listItemIndex: 'list-index-123',
});
expect(sortOrder).toEqual([{ '@timestamp': 'asc' }]);
expect(sortOrder).toEqual([{ '@timestamp': 'desc' }]);
});
test('it should return sort field of tie_breaker_id with asc even if sortOrder is changed as it is hard wired in for a list item index', () => {
@ -56,7 +56,7 @@ describe('get_threat_signals', () => {
index: ['index-123'],
listItemIndex: 'list-index-123',
});
expect(sortOrder).toEqual([{ 'some-field': 'asc', '@timestamp': 'asc' }]);
expect(sortOrder).toEqual([{ 'some-field': 'asc', '@timestamp': 'desc' }]);
});
test('it should return sort field of an extra field if given one for a list item index', () => {
@ -76,7 +76,7 @@ describe('get_threat_signals', () => {
index: ['index-123'],
listItemIndex: 'list-index-123',
});
expect(sortOrder).toEqual([{ 'some-field': 'desc', '@timestamp': 'asc' }]);
expect(sortOrder).toEqual([{ 'some-field': 'desc', '@timestamp': 'desc' }]);
});
test('it should return sort field of desc if given one for a list item index', () => {

5
x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/get_threat_list.ts
View file

@ -70,6 +70,7 @@ export const getThreatList = async ({
listItemIndex: listClient.getListItemIndex(),
}),
},
track_total_hits: false,
ignore_unavailable: true,
index,
size: calculatedPerPage,
@ -101,9 +102,9 @@ export const getSortWithTieBreaker = ({
}
} else {
if (sortField != null) {
return [{ [sortField]: ascOrDesc, '@timestamp': 'asc' }];
return [{ [sortField]: ascOrDesc, '@timestamp': 'desc' }];
} else {
return [{ '@timestamp': 'asc' }];
return [{ '@timestamp': 'desc' }];
}
}
};