From d59750fc774822d4e61daa09165bfd20c18593a9 Mon Sep 17 00:00:00 2001 From: Georgii Gorbachev Date: Wed, 3 Feb 2021 13:06:55 +0100 Subject: [PATCH] [Security Solution][Detections] Fix UUID generation for signals generated by Threshold rules (#89994) * Fix the bug * Refactor --- .../server/lib/detection_engine/signals/utils.test.ts | 4 ++-- .../server/lib/detection_engine/signals/utils.ts | 7 +++---- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.test.ts index 2574abd73b6c..58b21316720c 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.test.ts @@ -1434,13 +1434,13 @@ describe('utils', () => { it('should generate a uuid without key', () => { const startedAt = new Date('2020-12-17T16:27:00Z'); const signalUuid = calculateThresholdSignalUuid('abcd', startedAt, 'agent.name'); - expect(signalUuid).toEqual('c0cbe4b7-48de-5734-ae81-d8de3e79839d'); + expect(signalUuid).toEqual('a4832768-a379-583a-b1a2-e2ce2ad9e6e9'); }); it('should generate a uuid with key', () => { const startedAt = new Date('2019-11-18T13:32:00Z'); const signalUuid = calculateThresholdSignalUuid('abcd', startedAt, 'host.ip', '1.2.3.4'); - expect(signalUuid).toEqual('f568509e-b570-5d3c-a7ed-7c73fd29ddaf'); + expect(signalUuid).toEqual('ee8870dc-45ff-5e6c-a2f9-80886651ce03'); }); }); }); diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.ts index 274e4feffcc3..6427dcf8c248 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.ts @@ -855,10 +855,9 @@ export const calculateThresholdSignalUuid = ( // used to generate constant Threshold Signals ID when run with the same params const NAMESPACE_ID = '0684ec03-7201-4ee0-8ee0-3a3f6b2479b2'; - let baseString = `${ruleId}${startedAt}${thresholdField}`; - if (key != null) { - baseString = `${baseString}${key}`; - } + const startedAtString = startedAt.toISOString(); + const keyString = key ?? ''; + const baseString = `${ruleId}${startedAtString}${thresholdField}${keyString}`; return uuidv5(baseString, NAMESPACE_ID); };