[CTI] Adds indicator match rule improvements (#97310)
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
This commit is contained in:
parent
15285bf03b
commit
7e4c73ad2e
|
@ -16,7 +16,7 @@ describe('get_threat_signals', () => {
|
|||
index: ['index-123'],
|
||||
listItemIndex: 'list-index-123',
|
||||
});
|
||||
expect(sortOrder).toEqual([{ '@timestamp': 'asc' }]);
|
||||
expect(sortOrder).toEqual([{ '@timestamp': 'desc' }]);
|
||||
});
|
||||
|
||||
test('it should return sort field of just tie_breaker_id if given no sort order for a list item index', () => {
|
||||
|
@ -29,14 +29,14 @@ describe('get_threat_signals', () => {
|
|||
expect(sortOrder).toEqual([{ tie_breaker_id: 'asc' }]);
|
||||
});
|
||||
|
||||
test('it should return sort field of timestamp with asc even if sortOrder is changed as it is hard wired in', () => {
|
||||
test('it should return sort field of timestamp with desc even if sortOrder is changed as it is hard wired in', () => {
|
||||
const sortOrder = getSortWithTieBreaker({
|
||||
sortField: undefined,
|
||||
sortOrder: 'desc',
|
||||
index: ['index-123'],
|
||||
listItemIndex: 'list-index-123',
|
||||
});
|
||||
expect(sortOrder).toEqual([{ '@timestamp': 'asc' }]);
|
||||
expect(sortOrder).toEqual([{ '@timestamp': 'desc' }]);
|
||||
});
|
||||
|
||||
test('it should return sort field of tie_breaker_id with asc even if sortOrder is changed as it is hard wired in for a list item index', () => {
|
||||
|
@ -56,7 +56,7 @@ describe('get_threat_signals', () => {
|
|||
index: ['index-123'],
|
||||
listItemIndex: 'list-index-123',
|
||||
});
|
||||
expect(sortOrder).toEqual([{ 'some-field': 'asc', '@timestamp': 'asc' }]);
|
||||
expect(sortOrder).toEqual([{ 'some-field': 'asc', '@timestamp': 'desc' }]);
|
||||
});
|
||||
|
||||
test('it should return sort field of an extra field if given one for a list item index', () => {
|
||||
|
@ -76,7 +76,7 @@ describe('get_threat_signals', () => {
|
|||
index: ['index-123'],
|
||||
listItemIndex: 'list-index-123',
|
||||
});
|
||||
expect(sortOrder).toEqual([{ 'some-field': 'desc', '@timestamp': 'asc' }]);
|
||||
expect(sortOrder).toEqual([{ 'some-field': 'desc', '@timestamp': 'desc' }]);
|
||||
});
|
||||
|
||||
test('it should return sort field of desc if given one for a list item index', () => {
|
||||
|
|
|
@ -70,6 +70,7 @@ export const getThreatList = async ({
|
|||
listItemIndex: listClient.getListItemIndex(),
|
||||
}),
|
||||
},
|
||||
track_total_hits: false,
|
||||
ignore_unavailable: true,
|
||||
index,
|
||||
size: calculatedPerPage,
|
||||
|
@ -101,9 +102,9 @@ export const getSortWithTieBreaker = ({
|
|||
}
|
||||
} else {
|
||||
if (sortField != null) {
|
||||
return [{ [sortField]: ascOrDesc, '@timestamp': 'asc' }];
|
||||
return [{ [sortField]: ascOrDesc, '@timestamp': 'desc' }];
|
||||
} else {
|
||||
return [{ '@timestamp': 'asc' }];
|
||||
return [{ '@timestamp': 'desc' }];
|
||||
}
|
||||
}
|
||||
};
|
||||
|
|
Loading…
Reference in a new issue