diff --git a/x-pack/platform/plugins/private/translations/translations/fr-FR.json b/x-pack/platform/plugins/private/translations/translations/fr-FR.json index b9186a2e33a93..66f491e92d625 100644 --- a/x-pack/platform/plugins/private/translations/translations/fr-FR.json +++ b/x-pack/platform/plugins/private/translations/translations/fr-FR.json @@ -37709,7 +37709,6 @@ "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.SavedQueryFormRowLabel": "Requête enregistrée", "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.source": "Source", "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.Su.perRuleExecutionWarning": "L'option d'exécution par règles n'est pas disponible pour le type de règle Seuil", - "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.threatMatchIndexForbiddenError": "Le modèle d'indexation ne peut pas être { forbiddenString }. Veuillez choisir un modèle d'indexation plus spécifique.", "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.thresholdField.thresholdFieldPlaceholderText": "Tous les résultats", "xpack.securitySolution.detectionEngine.createRule.stepRuleActions.docsLinkText": "En savoir plus", "xpack.securitySolution.detectionEngine.createRule.stepRuleActions.invalidMustacheTemplateErrorMessage": "{key} n'est pas un modèle de moustache valide", diff --git a/x-pack/platform/plugins/private/translations/translations/ja-JP.json b/x-pack/platform/plugins/private/translations/translations/ja-JP.json index 06ee630838cda..ffc06d21eb6bc 100644 --- a/x-pack/platform/plugins/private/translations/translations/ja-JP.json +++ b/x-pack/platform/plugins/private/translations/translations/ja-JP.json @@ -37567,7 +37567,6 @@ "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.SavedQueryFormRowLabel": "保存されたクエリ", "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.source": "送信元", "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.Su.perRuleExecutionWarning": "しきい値ルールタイプでは、ルール実行単位オプションは使用できません。", - "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.threatMatchIndexForbiddenError": "インデックスパターンを{ forbiddenString }にすることはできません。特定のインデックスパターンを選択してください。", "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.thresholdField.thresholdFieldPlaceholderText": "すべての結果", "xpack.securitySolution.detectionEngine.createRule.stepRuleActions.docsLinkText": "詳細", "xpack.securitySolution.detectionEngine.createRule.stepRuleActions.invalidMustacheTemplateErrorMessage": "{key}は有効なmustacheテンプレートではありません", diff --git a/x-pack/platform/plugins/private/translations/translations/zh-CN.json b/x-pack/platform/plugins/private/translations/translations/zh-CN.json index ec4b775482836..3cd8c51bda12b 100644 --- a/x-pack/platform/plugins/private/translations/translations/zh-CN.json +++ b/x-pack/platform/plugins/private/translations/translations/zh-CN.json @@ -36999,7 +36999,6 @@ "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.SavedQueryFormRowLabel": "已保存查询", "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.source": "源", "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.Su.perRuleExecutionWarning": "每次规则执行选项不可用于阈值规则类型", - "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.threatMatchIndexForbiddenError": "索引模式不能是{ forbiddenString }。请选择更具体的索引模式。", "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.thresholdField.thresholdFieldPlaceholderText": "所有结果", "xpack.securitySolution.detectionEngine.createRule.stepRuleActions.docsLinkText": "了解详情", "xpack.securitySolution.detectionEngine.createRule.stepRuleActions.invalidMustacheTemplateErrorMessage": "{key} 不是有效的 Mustache 模板", diff --git a/x-pack/solutions/security/plugins/security_solution/public/common/components/threat_match/reducer.test.ts b/x-pack/solutions/security/plugins/security_solution/public/common/components/threat_match/reducer.test.ts deleted file mode 100644 index 3cd980bd9ae95..0000000000000 --- a/x-pack/solutions/security/plugins/security_solution/public/common/components/threat_match/reducer.test.ts +++ /dev/null @@ -1,111 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { ThreatMapEntries } from './types'; -import type { State } from './reducer'; -import { reducer } from './reducer'; -import { getDefaultEmptyEntry } from './helpers'; -import type { ThreatMapEntry } from '@kbn/securitysolution-io-ts-alerting-types'; - -jest.mock('uuid', () => ({ - v4: jest.fn().mockReturnValue('123'), -})); - -const initialState: State = { - andLogicIncluded: false, - entries: [], - entriesToDelete: [], -}; - -const getEntry = (): ThreatMapEntry => ({ - field: 'host.name', - type: 'mapping', - value: 'host.name', -}); - -describe('reducer', () => { - afterEach(() => { - jest.clearAllMocks(); - }); - - describe('#setEntries', () => { - test('should return "andLogicIncluded" ', () => { - const update = reducer()(initialState, { - type: 'setEntries', - entries: [], - }); - const expected: State = { - andLogicIncluded: false, - entries: [], - entriesToDelete: [], - }; - expect(update).toEqual(expected); - }); - - test('should set "andLogicIncluded" to true if any of the entries include entries with length greater than 1 ', () => { - const entries: ThreatMapEntries[] = [ - { - entries: [getEntry(), getEntry()], - }, - ]; - const { andLogicIncluded } = reducer()(initialState, { - type: 'setEntries', - entries, - }); - - expect(andLogicIncluded).toBeTruthy(); - }); - - test('should set "andLogicIncluded" to false if any of the entries include entries with length greater than 1 ', () => { - const entries: ThreatMapEntries[] = [ - { - entries: [getEntry()], - }, - ]; - const { andLogicIncluded } = reducer()(initialState, { - type: 'setEntries', - entries, - }); - - expect(andLogicIncluded).toBeFalsy(); - }); - }); - - describe('#setDefault', () => { - test('should restore initial state and add default empty entry to item" ', () => { - const entries: ThreatMapEntries[] = [ - { - entries: [getEntry()], - }, - ]; - - const update = reducer()( - { - andLogicIncluded: true, - entries, - entriesToDelete: [], - }, - { - type: 'setDefault', - initialState, - lastEntry: { - entries: [], - }, - } - ); - - expect(update).toEqual({ - ...initialState, - entries: [ - { - entries: [getDefaultEmptyEntry()], - }, - ], - }); - }); - }); -}); diff --git a/x-pack/solutions/security/plugins/security_solution/public/common/components/threat_match/reducer.ts b/x-pack/solutions/security/plugins/security_solution/public/common/components/threat_match/reducer.ts deleted file mode 100644 index 3371cfe0e3317..0000000000000 --- a/x-pack/solutions/security/plugins/security_solution/public/common/components/threat_match/reducer.ts +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { ThreatMapEntries } from './types'; -import { getDefaultEmptyEntry } from './helpers'; - -export interface State { - andLogicIncluded: boolean; - entries: ThreatMapEntries[]; - entriesToDelete: ThreatMapEntries[]; -} - -export type Action = - | { - type: 'setEntries'; - entries: ThreatMapEntries[]; - } - | { - type: 'setDefault'; - initialState: State; - lastEntry: ThreatMapEntries; - }; - -export const reducer = - () => - (state: State, action: Action): State => { - switch (action.type) { - case 'setEntries': { - const isAndLogicIncluded = - action.entries.filter(({ entries }) => entries.length > 1).length > 0; - - const returnState = { - ...state, - andLogicIncluded: isAndLogicIncluded, - entries: action.entries, - }; - return returnState; - } - case 'setDefault': { - return { - ...state, - ...action.initialState, - entries: [{ ...action.lastEntry, entries: [getDefaultEmptyEntry()] }], - }; - } - default: - return state; - } - }; diff --git a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation/components/threat_match_index_edit/validators/translations.tsx b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation/components/threat_match_index_edit/validators/translations.ts similarity index 75% rename from x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation/components/threat_match_index_edit/validators/translations.tsx rename to x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation/components/threat_match_index_edit/validators/translations.ts index 73faa0ccdf5d1..0b4b153d26501 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation/components/threat_match_index_edit/validators/translations.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation/components/threat_match_index_edit/validators/translations.ts @@ -8,14 +8,14 @@ import { i18n } from '@kbn/i18n'; export const THREAT_MATCH_INDEX_FIELD_VALIDATION_REQUIRED_ERROR = i18n.translate( - 'xpack.securitySolution.ruleManagement.ruleFields.threatMatchIndex.validation.requiredError', + 'xpack.securitySolution.detectionEngine.ruleManagement.ruleFields.threatMatchIndex.validation.requiredError', { defaultMessage: 'A minimum of one index pattern is required.', } ); export const THREAT_MATCH_INDEX_FIELD_VALIDATION_FORBIDDEN_PATTERN_ERROR = i18n.translate( - 'xpack.securitySolution.detectionEngine.createRule.stepDefineRule.threatMatchIndexForbiddenError', + 'xpack.securitySolution.detectionEngine.ruleManagement.ruleFields.threatMatchIndexForbiddenError', { defaultMessage: 'The index pattern cannot be "*". Please choose a more specific index pattern.', } diff --git a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation_ui/components/description_step/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation_ui/components/description_step/index.tsx index 53f8893fbbffe..3d72aaf109ec7 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation_ui/components/description_step/index.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation_ui/components/description_step/index.tsx @@ -76,11 +76,11 @@ import { NEW_TERMS_FIELDS_LABEL } from '../../../rule_creation/components/new_te import { HISTORY_WINDOW_START_LABEL } from '../../../rule_creation/components/history_window_start_edit/translations'; import { MACHINE_LEARNING_JOB_ID_LABEL } from '../../../rule_creation/components/machine_learning_job_id_edit/translations'; import { ANOMALY_THRESHOLD_LABEL } from '../../../rule_creation/components/anomaly_threshold_edit/translations'; -import type { FieldValueQueryBar } from '../query_bar_field'; import { THREAT_MATCH_MAPPING_FIELD_LABEL } from '../../../rule_creation/components/threat_match_mapping_edit/translations'; import { THREAT_MATCH_QUERY_FIELD_LABEL } from '../../../rule_creation/components/threat_match_query_edit/translations'; import { THREAT_MATCH_INDEX_FIELD_LABEL } from '../../../rule_creation/components/threat_match_index_edit/translations'; import { THREAT_MATCH_INDICATOR_PATH_FIELD_LABEL } from '../../../rule_creation/components/threat_match_indicator_path_edit/translations'; +import type { FieldValueQueryBar } from '../query_bar_field'; const DescriptionListContainer = styled(EuiDescriptionList)` max-width: 600px; @@ -348,12 +348,6 @@ export const getDescriptionItem = ( }); } else if (field === 'threatMapping') { const threatMap: ThreatMapping = get(field, data); -<<<<<<< HEAD - return buildThreatMappingDescription(label, threatMap); - } else if (field === 'newTermsFields') { - const values: string[] = get(field, data); - return buildStringArrayDescription(NEW_TERMS_FIELDS_LABEL, field, values); -======= return buildThreatMappingDescription(THREAT_MATCH_MAPPING_FIELD_LABEL, threatMap); } else if (field === 'threatIndicatorPath') { return [ @@ -362,7 +356,9 @@ export const getDescriptionItem = ( description: get(field, data), }, ]; ->>>>>>> ab5ed90002e (fix Threat Match readonly labels) + } else if (field === 'newTermsFields') { + const values: string[] = get(field, data); + return buildStringArrayDescription(NEW_TERMS_FIELDS_LABEL, field, values); } else if (Array.isArray(get(field, data)) && field !== 'threatMapping') { const values: string[] = get(field, data); return buildStringArrayDescription(label, field, values); diff --git a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_define_rule/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_define_rule/index.tsx index c28c3da50343b..88423bb64cf05 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_define_rule/index.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_define_rule/index.tsx @@ -64,17 +64,6 @@ import { } from '../../../../../common/detection_engine/utils'; import { EqlQueryEdit } from '../../../rule_creation/components/eql_query_edit'; import { DataViewSelectorField } from '../data_view_selector_field'; -<<<<<<< HEAD -<<<<<<< HEAD -import { ThreatMatchInput } from '../threatmatch_input'; -import { ThreatMatchIndexEdit } from '../../../rule_creation/components/threat_match_index_edit'; -import { ThreatMatchQueryEdit } from '../../../rule_creation/components/threat_match_query_edit'; -import { ThreatMatchMappingEdit } from '../../../rule_creation/components/threat_match_mapping_edit'; -======= -import { ThreatMatchEdit } from '../threat_match_edit/threat_match_edit'; ->>>>>>> 49853eaf618 (add threat mapping persistence functionality) -======= ->>>>>>> 81726efc647 (post-rebase conflicts resolving) import { useFetchIndex } from '../../../../common/containers/source'; import { RequiredFields } from '../../../rule_creation/components/required_fields'; import { DocLink } from '../../../../common/components/links_to_docs/doc_link'; @@ -98,20 +87,13 @@ import { AnomalyThresholdEdit } from '../../../rule_creation/components/anomaly_ import { HistoryWindowStartEdit } from '../../../rule_creation/components/history_window_start_edit'; import { NewTermsFieldsEdit } from '../../../rule_creation/components/new_terms_fields_edit'; import { EsqlQueryEdit } from '../../../rule_creation/components/esql_query_edit'; -<<<<<<< HEAD import { CreateCustomMlJobButton } from '../../../rule_creation/components/create_ml_job_button/create_ml_job_button'; import { ThreatMatchEdit } from '../threat_match_edit'; import { usePersistentNewTermsState } from './use_persistent_new_terms_state'; import { usePersistentAlertSuppressionState } from './use_persistent_alert_suppression_state'; import { usePersistentThresholdState } from './use_persistent_threshold_state'; -======= -import { ThreatMatchEdit } from '../threat_match_edit'; ->>>>>>> 81726efc647 (post-rebase conflicts resolving) import { usePersistentQuery } from './use_persistent_query'; -<<<<<<< HEAD import { usePersistentMachineLearningState } from './use_persistent_machine_learning_state'; -======= ->>>>>>> 49853eaf618 (add threat mapping persistence functionality) import { usePersistentThreatMatchState } from './use_persistent_threat_match_state'; const CommonUseField = getUseField({ component: Field }); @@ -246,8 +228,6 @@ const StepDefineRuleComponent: FC = ({ form, }); usePersistentAlertSuppressionState({ form }); -<<<<<<< HEAD -<<<<<<< HEAD usePersistentThresholdState({ form, ruleTypePath: 'ruleType', thresholdPath: 'threshold' }); usePersistentMachineLearningState({ form, @@ -262,14 +242,6 @@ const StepDefineRuleComponent: FC = ({ historyWindowStartPath: 'historyWindowSize', }); usePersistentThreatMatchState({ form }); -======= - usePersistentThreatMatchState({ - form, - }); ->>>>>>> 49853eaf618 (add threat mapping persistence functionality) -======= - usePersistentThreatMatchState({ form }); ->>>>>>> 30e3c9c1f35 (fix validation upon saving) const handleSetRuleFromTimeline = useCallback( ({ index: timelineIndex, queryBar: timelineQueryBar, eqlOptions }) => { @@ -649,7 +621,6 @@ const StepDefineRuleComponent: FC = ({ )} -<<<<<<< HEAD {isMlRule(ruleType) && ( <> @@ -672,52 +643,6 @@ const StepDefineRuleComponent: FC = ({ )} -======= - - <> - - - - - - <> - - {ThresholdInputChildren} - - - ->>>>>>> 49853eaf618 (add threat mapping persistence functionality) {isThreatMatchRule(ruleType) && ( = ({ threatIndexPatterns={threatIndexPatterns} loading={threatIndexPatternsLoading} /> -<<<<<<< HEAD )} {isNewTermsRule(ruleType) && ( @@ -736,8 +660,6 @@ const StepDefineRuleComponent: FC = ({ -======= ->>>>>>> 49853eaf618 (add threat mapping persistence functionality) )} diff --git a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_define_rule/schema.tsx b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_define_rule/schema.tsx index 50eeb6c4f54ba..666cbecb07207 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_define_rule/schema.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_define_rule/schema.tsx @@ -10,21 +10,12 @@ import { EuiText } from '@elastic/eui'; import React from 'react'; import { -<<<<<<< HEAD - singleEntryThreat, - containsInvalidItems, - customValidators, -} from '../../../../common/components/threat_match/helpers'; -import { -======= ->>>>>>> 6f9d274c27f (after rebase fix) isEsqlRule, - isThreatMatchRule, isSuppressionRuleConfiguredWithGroupBy, } from '../../../../../common/detection_engine/utils'; import { isMlRule } from '../../../../../common/machine_learning/helpers'; -import type { ERROR_CODE, FormSchema, ValidationFunc } from '../../../../shared_imports'; -import { FIELD_TYPES, fieldValidators } from '../../../../shared_imports'; +import type { FormSchema, ValidationFunc } from '../../../../shared_imports'; +import { FIELD_TYPES } from '../../../../shared_imports'; import type { DefineStepRule } from '../../../../detections/pages/detection_engine/rules/types'; import { DataSourceType } from '../../../../detections/pages/detection_engine/rules/types'; import { dataViewIdValidatorFactory } from '../../validators/data_view_id_validator_factory'; @@ -36,16 +27,7 @@ import { ALERT_SUPPRESSION_MISSING_FIELDS_FIELD_NAME, } from '../../../rule_creation/components/alert_suppression_edit'; import * as alertSuppressionEditI81n from '../../../rule_creation/components/alert_suppression_edit/components/translations'; -<<<<<<< HEAD -import { - INDEX_HELPER_TEXT, - THREAT_MATCH_INDEX_HELPER_TEXT, - THREAT_MATCH_REQUIRED, - THREAT_MATCH_EMPTIES, -} from './translations'; -======= import { INDEX_HELPER_TEXT } from './translations'; ->>>>>>> 6f9d274c27f (after rebase fix) import { queryRequiredValidatorFactory } from '../../validators/query_required_validator_factory'; import { kueryValidatorFactory } from '../../validators/kuery_validator_factory'; @@ -183,274 +165,10 @@ export const schema: FormSchema = { } ), }, -<<<<<<< HEAD threshold: {}, - threatIndex: { -======= - threshold: { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldThresholdLabel', - { - defaultMessage: 'Threshold', - } - ), - field: { - type: FIELD_TYPES.COMBO_BOX, - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldThresholdFieldLabel', - { - defaultMessage: 'Group by', - } - ), - helpText: i18n.translate( - 'xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldThresholdFieldHelpText', - { - defaultMessage: "Select fields to group by. Fields are joined together with 'AND'", - } - ), - validations: [ - { - validator: ( - ...args: Parameters - ): ReturnType> | undefined => { - const [{ formData }] = args; - const needsValidation = isThresholdRule(formData.ruleType); - if (!needsValidation) { - return; - } - return fieldValidators.maxLengthField({ - length: 3, - message: i18n.translate( - 'xpack.securitySolution.detectionEngine.validations.thresholdFieldFieldData.arrayLengthGreaterThanMaxErrorMessage', - { - defaultMessage: 'Number of fields must be 3 or less.', - } - ), - })(...args); - }, - }, - ], - }, - value: { - type: FIELD_TYPES.NUMBER, - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldThresholdValueLabel', - { - defaultMessage: 'Threshold', - } - ), - validations: [ - { - validator: ( - ...args: Parameters - ): ReturnType> | undefined => { - const [{ formData }] = args; - const needsValidation = isThresholdRule(formData.ruleType); - if (!needsValidation) { - return; - } - return fieldValidators.numberGreaterThanField({ - than: 1, - message: i18n.translate( - 'xpack.securitySolution.detectionEngine.validations.thresholdValueFieldData.numberGreaterThanOrEqualOneErrorMessage', - { - defaultMessage: 'Value must be greater than or equal to one.', - } - ), - allowEquality: true, - })(...args); - }, - }, - ], - }, - cardinality: { - field: { - defaultValue: [], - fieldsToValidateOnChange: ['threshold.cardinality.field', 'threshold.cardinality.value'], - type: FIELD_TYPES.COMBO_BOX, - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldThresholdCardinalityFieldLabel', - { - defaultMessage: 'Count', - } - ), - validations: [ - { - validator: ( - ...args: Parameters - ): ReturnType> | undefined => { - const [{ formData }] = args; - const needsValidation = isThresholdRule(formData.ruleType); - if (!needsValidation) { - return; - } - if ( - isEmpty(formData['threshold.cardinality.field']) && - !isEmpty(formData['threshold.cardinality.value']) - ) { - return fieldValidators.emptyField( - i18n.translate( - 'xpack.securitySolution.detectionEngine.validations.thresholdCardinalityFieldFieldData.thresholdCardinalityFieldNotSuppliedMessage', - { - defaultMessage: 'A Cardinality Field is required.', - } - ) - )(...args); - } - }, - }, - ], - helpText: i18n.translate( - 'xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldThresholdFieldCardinalityFieldHelpText', - { - defaultMessage: 'Select a field to check cardinality', - } - ), - }, - value: { - fieldsToValidateOnChange: ['threshold.cardinality.field', 'threshold.cardinality.value'], - type: FIELD_TYPES.NUMBER, - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldThresholdCardinalityValueFieldLabel', - { - defaultMessage: 'Unique values', - } - ), - validations: [ - { - validator: ( - ...args: Parameters - ): ReturnType> | undefined => { - const [{ formData }] = args; - const needsValidation = isThresholdRule(formData.ruleType); - if (!needsValidation) { - return; - } - if (!isEmpty(formData['threshold.cardinality.field'])) { - return fieldValidators.numberGreaterThanField({ - than: 1, - message: i18n.translate( - 'xpack.securitySolution.detectionEngine.validations.thresholdCardinalityValueFieldData.numberGreaterThanOrEqualOneErrorMessage', - { - defaultMessage: 'Value must be greater than or equal to one.', - } - ), - allowEquality: true, - })(...args); - } - }, - }, - ], - }, - }, - }, threatIndex: {}, - threatQueryBar: {}, threatMapping: {}, - newTermsFields: { ->>>>>>> ab5ed90002e (fix Threat Match readonly labels) - type: FIELD_TYPES.COMBO_BOX, - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldThreatIndexPatternsLabel', - { - defaultMessage: 'Indicator index patterns', - } - ), - helpText: {THREAT_MATCH_INDEX_HELPER_TEXT}, - validations: [ - { - validator: ( - ...args: Parameters - ): ReturnType> | undefined => { - const [{ formData }] = args; - const needsValidation = isThreatMatchRule(formData.ruleType); - if (!needsValidation) { - return; - } - return fieldValidators.emptyField( - i18n.translate( - 'xpack.securitySolution.detectionEngine.createRule.stepDefineRule.threatMatchoutputIndiceNameFieldRequiredError', - { - defaultMessage: 'A minimum of one index pattern is required.', - } - ) - )(...args); - }, - }, - { - validator: ( - ...args: Parameters - ): ReturnType> | undefined => { - const [{ formData, value }] = args; - const needsValidation = isThreatMatchRule(formData.ruleType); - if (!needsValidation) { - return; - } - - return customValidators.forbiddenField(value, '*'); - }, - }, - ], - }, - threatMapping: { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldThreatMappingLabel', - { - defaultMessage: 'Indicator mapping', - } - ), - validations: [ - { - validator: ( - ...args: Parameters - ): ReturnType> | undefined => { - const [{ path, formData }] = args; - const needsValidation = isThreatMatchRule(formData.ruleType); - if (!needsValidation) { - return; - } - if (singleEntryThreat(formData.threatMapping)) { - return { - code: 'ERR_FIELD_MISSING', - path, - message: THREAT_MATCH_REQUIRED, - }; - } else if (containsInvalidItems(formData.threatMapping)) { - return { - code: 'ERR_FIELD_MISSING', - path, - message: THREAT_MATCH_EMPTIES, - }; - } else { - return undefined; - } - }, - }, - ], - }, - threatQueryBar: { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldThreatQueryBarLabel', - { - defaultMessage: 'Indicator index query', - } - ), - validations: [ - { - validator: (...args) => { - const [{ formData }] = args; - if (!isThreatMatchRule(formData.ruleType)) { - return; - } - - return queryRequiredValidatorFactory(formData.ruleType)(...args); - }, - }, - { - validator: kueryValidatorFactory(), - }, - ], - }, + threatQueryBar: {}, newTermsFields: {}, historyWindowSize: {}, [ALERT_SUPPRESSION_FIELDS_FIELD_NAME]: { diff --git a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation_ui/components/threatmatch_input/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation_ui/components/threatmatch_input/index.tsx index 9fac4ad852805..a8a0c80b37f5b 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation_ui/components/threatmatch_input/index.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation_ui/components/threatmatch_input/index.tsx @@ -65,9 +65,9 @@ function ThreatMatchField({ } }, [isThreatIndexPatternValid, isThreatMappingInvalid, onValidityChange]); - const handleBuilderOnChange = useCallback( - ({ entryItems }: { entryItems: ThreatMapEntries[] }): void => { - field.setValue(entryItems); + const handleMappingsEntryChange = useCallback( + (newEntryItems: ThreatMapEntries[]): void => { + field.setValue(newEntryItems); }, [field] ); @@ -105,12 +105,12 @@ function ThreatMatchField({ fullWidth > diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_upgrade/diffable_rule_fields_mappings.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_upgrade/diffable_rule_fields_mappings.ts index 5261025e70962..86ba3e5dd6bee 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_upgrade/diffable_rule_fields_mappings.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_upgrade/diffable_rule_fields_mappings.ts @@ -136,9 +136,6 @@ const SUBFIELD_MAPPING: Record = { threat_language: 'language', threat_filters: 'filters', building_block_type: 'type', - threat_query: 'query', - threat_language: 'language', - threat_filters: 'filters', rule_name_override: 'field_name', timestamp_override: 'field_name', timestamp_override_fallback_disabled: 'fallback_disabled', diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/indicator_match_rule.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/indicator_match_rule.cy.ts index 8d44be4dc3aaf..deccc1a205f61 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/indicator_match_rule.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/indicator_match_rule.cy.ts @@ -93,6 +93,7 @@ import { getIndicatorOrButton, selectIndicatorMatchType, waitForAlertsToPopulate, + getThreatMatchQueryInvalidationText, } from '../../../../tasks/create_new_rule'; import { SCHEDULE_INTERVAL_AMOUNT_INPUT, @@ -195,7 +196,7 @@ describe('indicator match', { tags: ['@ess', '@serverless', '@skipInServerlessMK }); }); - describe('custom indicator query input', () => { + describe('indicator query input', () => { beforeEach(() => { visit(CREATE_RULE_URL); selectIndicatorMatchType(); @@ -207,7 +208,7 @@ describe('indicator match', { tags: ['@ess', '@serverless', '@skipInServerlessMK it('Shows invalidation text if text is removed', () => { getCustomIndicatorQueryInput().type('{selectall}{del}'); - getCustomQueryInvalidationText().should('exist'); + getThreatMatchQueryInvalidationText().should('exist'); }); }); diff --git a/x-pack/test/security_solution_cypress/cypress/screens/create_new_rule.ts b/x-pack/test/security_solution_cypress/cypress/screens/create_new_rule.ts index 742af60c5c16c..ad66955a6e244 100644 --- a/x-pack/test/security_solution_cypress/cypress/screens/create_new_rule.ts +++ b/x-pack/test/security_solution_cypress/cypress/screens/create_new_rule.ts @@ -104,6 +104,8 @@ export const AT_LEAST_ONE_INDEX_PATTERN = 'A minimum of one index pattern is req export const CUSTOM_QUERY_REQUIRED = 'A custom query is required.'; +export const THREAT_MATCH_QUERY_REQUIRED = 'An indicator index query is required.'; + export const DATA_VIEW_COMBO_BOX = '[data-test-subj="pick-rule-data-source"] [data-test-subj="comboBoxInput"]'; diff --git a/x-pack/test/security_solution_cypress/cypress/tasks/create_new_rule.ts b/x-pack/test/security_solution_cypress/cypress/tasks/create_new_rule.ts index 5890dba3a9e68..d7fbb5e13255e 100644 --- a/x-pack/test/security_solution_cypress/cypress/tasks/create_new_rule.ts +++ b/x-pack/test/security_solution_cypress/cypress/tasks/create_new_rule.ts @@ -134,6 +134,7 @@ import { PREVIEW_LOGGED_REQUESTS_CHECKBOX, ALERT_SUPPRESSION_DURATION_VALUE_INPUT, ALERT_SUPPRESSION_DURATION_UNIT_INPUT, + THREAT_MATCH_QUERY_REQUIRED, } from '../screens/create_new_rule'; import { INDEX_SELECTOR, @@ -784,6 +785,9 @@ export const getCustomIndicatorQueryInput = () => cy.get(THREAT_MATCH_QUERY_INPU /** Returns custom query required content */ export const getCustomQueryInvalidationText = () => cy.contains(CUSTOM_QUERY_REQUIRED); +/** Returns threat match query required content */ +export const getThreatMatchQueryInvalidationText = () => cy.contains(THREAT_MATCH_QUERY_REQUIRED); + /** * Fills in the define indicator match rules and then presses the continue button * @param rule The rule to use to fill in everything