4d2414e7f5
* merge multiple timestamp queries into one single search * fix types and unit tests * remove unused code for sending secondary search * removes unused excludeDocsWithTimestampOverride * adds integration tests to cover cases that should / should not generate signals when timestamp override is present in rule * adds integration test to ensure unmapped sort fields do not break search after functionality of detection rules * Need to figure out why moving the tests around fixed them... * updates tests with new es archive data and fixes bug where exclusion filter was hardcoded to event.ingested :yikes: * remove dead commented out code * fixes typo in test file, removes redundant delete signals call in integration test, fixes logic for possibility of receving a null value in sort ids, removes unused utility function for checking valid sort ids * a unit test for checking if an empty string of a sort id is present was failing because we moved the logic for checking that out of the build search query function and up into the big loop. So I moved that unit test into the search after bulk create test file. * fix types * removes isEmpty since it doesn't check for empty strings |
||
---|---|---|
.. | ||
basic | ||
common | ||
security_and_spaces | ||
utils.ts |