diff --git a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation/components/threat_match_mapping_edit/threat_match_mapping_edit.tsx b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation/components/threat_match_mapping_edit/threat_match_mapping_edit.tsx index 04cbfd3f3a012..3e4bb5d686419 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation/components/threat_match_mapping_edit/threat_match_mapping_edit.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation/components/threat_match_mapping_edit/threat_match_mapping_edit.tsx @@ -30,7 +30,10 @@ export const ThreatMatchMappingEdit = memo(function ThreatMatchMappingEdit({ label: i18n.THREAT_MATCH_MAPPING_FIELD_LABEL, validations: [ { - validator: threatMatchMappingValidatorFactory({ indexPatterns, threatIndexPatterns }), + validator: threatMatchMappingValidatorFactory({ + indexPatterns, + threatIndexPatterns, + }), }, ], }), diff --git a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation/components/threat_match_mapping_edit/threat_match_mapping_field.tsx b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation/components/threat_match_mapping_edit/threat_match_mapping_field.tsx index 2463aa3923868..13ec918502a91 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation/components/threat_match_mapping_edit/threat_match_mapping_field.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation/components/threat_match_mapping_edit/threat_match_mapping_field.tsx @@ -5,7 +5,7 @@ * 2.0. */ -import React, { useCallback } from 'react'; +import React, { useCallback, useEffect } from 'react'; import { EuiFormRow } from '@elastic/eui'; import type { DataViewBase } from '@kbn/es-query'; import { createOrNewEntryItem } from '../../../../common/components/threat_match/helpers'; @@ -18,17 +18,33 @@ export const DEFAULT_THREAT_MAPPING_VALUE = [createOrNewEntryItem()]; interface ThreatMatchMappingFieldProps { field: FieldHook; - threatIndexPatterns: DataViewBase; indexPatterns: DataViewBase; + threatIndexPatterns: DataViewBase; } export function ThreatMatchMappingField({ field, - threatIndexPatterns, indexPatterns, + threatIndexPatterns, }: ThreatMatchMappingFieldProps): JSX.Element { const { isInvalid, errorMessage } = getFieldValidityAndErrorMessage(field); - const { setValue } = field; + const { setValue, validate } = field; + + // We have to make sure validation runs against the latest source events index patterns + // and threat match index patterns. + // Form lib's `fieldsToValidateOnChange` on the corresponding index patterns edit fields + // doesn't help here. It leads to running threat match mapping validation before render + // of this component happens. In the end validation runs against previous index patterns + // producing invalid validation results. + // + // Validating the field imperatively here fixes this issue. + // + // Additional pitfall here is `validate` function changing its reference every render. Including it + // in useEffect's deps leads to infinite re-render. + useEffect(() => { + validate(); + // eslint-disable-next-line react-hooks/exhaustive-deps + }, [indexPatterns, threatIndexPatterns]); const handleMappingChange = useCallback( (entryItems: ThreatMapEntries[]): void => { diff --git a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation/components/threat_match_mapping_edit/validators/threat_match_mapping_validator_factory.ts b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation/components/threat_match_mapping_edit/validators/threat_match_mapping_validator_factory.ts index 15ecc7a600cbb..fe5987471cb43 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation/components/threat_match_mapping_edit/validators/threat_match_mapping_validator_factory.ts +++ b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation/components/threat_match_mapping_edit/validators/threat_match_mapping_validator_factory.ts @@ -96,7 +96,7 @@ export function threatMatchMappingValidatorFactory({ }; } - if (unknownSourceIndicesFields.length > 0) { + if (unknownThreatMatchIndicesFields.length > 0) { return { code: THREAT_MATCH_MAPPING_ERROR_CODES.ERR_FIELDS_UNKNOWN, path,