* merge multiple timestamp queries into one single search
* fix types and unit tests
* remove unused code for sending secondary search
* removes unused excludeDocsWithTimestampOverride
* adds integration tests to cover cases that should / should not generate signals when timestamp override is present in rule
* adds integration test to ensure unmapped sort fields do not break search after functionality of detection rules
* Need to figure out why moving the tests around fixed them...
* updates tests with new es archive data and fixes bug where exclusion filter was hardcoded to event.ingested :yikes:
* remove dead commented out code
* fixes typo in test file, removes redundant delete signals call in integration test, fixes logic for possibility of receving a null value in sort ids, removes unused utility function for checking valid sort ids
* a unit test for checking if an empty string of a sort id is present was failing because we moved the logic for checking that out of the build search query function and up into the big loop. So I moved that unit test into the search after bulk create test file.
* fix types
* removes isEmpty since it doesn't check for empty strings
4d2414e7f5