updates security solution custom rule script, integration test alerts…

…, and a bit of cleanup

x-pack/plugins/rule_registry/server/utils/create_persistence_rule_type_factory.ts

@@ -79,7 +79,8 @@ export const createPersistenceRuleTypeFactory: CreatePersistenceRuleTypeFactory
                 return {
                   ...event,
                   'event.kind': 'signal',
-                  'kibana.rac.alert.id': '???',
+                  'rule.id': 'siem.customRule',
+                  'kibana.rac.alert.id': v4(),
                   'kibana.rac.alert.status': 'open',
                   'kibana.rac.alert.uuid': v4(),
                   'kibana.rac.alert.ancestors': isAlert

x-pack/plugins/security_solution/common/constants.ts

@@ -25,7 +25,7 @@ export const DEFAULT_TIME_RANGE = 'timepicker:timeDefaults';
 export const DEFAULT_REFRESH_RATE_INTERVAL = 'timepicker:refreshIntervalDefaults';
 export const DEFAULT_APP_TIME_RANGE = 'securitySolution:timeDefaults';
 export const DEFAULT_APP_REFRESH_INTERVAL = 'securitySolution:refreshIntervalDefaults';
-export const DEFAULT_ALERTS_INDEX = '.alerts-security-solution';
+export const DEFAULT_ALERTS_INDEX = '.alerts-security.alerts';
 export const DEFAULT_SIGNALS_INDEX = '.siem-signals';
 export const DEFAULT_LISTS_INDEX = '.lists';
 export const DEFAULT_ITEMS_INDEX = '.items';

x-pack/plugins/security_solution/server/lib/detection_engine/reference_rules/query.ts

@@ -73,7 +73,6 @@ export const createQueryAlertType = (ruleDataClient: RuleDataClient, logger: Log
         };
 
         const alerts = await findAlerts(query);
-        // console.log('alerts', alerts);
         alertWithPersistence(alerts).forEach((alert) => {
           alert.scheduleActions('default', { server: 'server-test' });
         });

x-pack/plugins/security_solution/server/lib/detection_engine/reference_rules/scripts/create_reference_rule_query.sh

@@ -6,7 +6,7 @@
 # 2.0.
 #
 
-curl -X POST http://localhost:5601/${BASE_PATH}/api/alerts/alert \
+curl -X POST ${KIBANA_URL}${SPACE_URL}/api/alerts/alert \
      -u ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD} \
      -H 'kbn-xsrf: true' \
      -H 'Content-Type: application/json' \

x-pack/test/api_integration/config.ts

@@ -34,6 +34,8 @@ export async function getApiIntegrationConfig({ readConfigFile }: FtrConfigProvi
         '--xpack.data_enhanced.search.sessions.notTouchedTimeout=15s', // shorten notTouchedTimeout for quicker testing
         '--xpack.data_enhanced.search.sessions.trackingInterval=5s', // shorten trackingInterval for quicker testing
         '--xpack.data_enhanced.search.sessions.cleanupInterval=5s', // shorten cleanupInterval for quicker testing
+        '--xpack.securitySolution.enableExperimental=["ruleRegistryEnabled"]',
+        '--xpack.ruleRegistry.write.enabled=true',
       ],
     },
     esTestCluster: {

x-pack/test/functional/es_archives/rule_registry/alerts/data.json

@@ -4,6 +4,7 @@
     "index": ".alerts-observability-apm",
     "id": "NoxgpHkBqbdrfX07MqXV",
     "source": {
+      "event.kind" : "signal",
       "@timestamp": "2020-12-16T15:16:18.570Z",
       "rule.id": "apm.error_rate",
       "message": "hello world 1",
@@ -20,6 +21,7 @@
     "index": ".alerts-observability-apm",
     "id": "space1alert",
     "source": {
+      "event.kind" : "signal",
       "@timestamp": "2020-12-16T15:16:18.570Z",
       "rule.id": "apm.error_rate",
       "message": "hello world 1",
@@ -36,6 +38,7 @@
     "index": ".alerts-observability-apm",
     "id": "space2alert",
     "source": {
+      "event.kind" : "signal",
       "@timestamp": "2020-12-16T15:16:18.570Z",
       "rule.id": "apm.error_rate",
       "message": "hello world 1",
@@ -52,8 +55,9 @@
     "index": ".alerts-security.alerts",
     "id": "020202",
     "source": {
+      "event.kind" : "signal",
       "@timestamp": "2020-12-16T15:16:18.570Z",
-      "rule.id": "siem.signals",
+      "rule.id": "siem.customRule",
       "message": "hello world security",
       "kibana.rac.alert.owner": "siem",
       "kibana.rac.alert.status": "open",