diff --git a/packages/kbn-rule-data-utils/src/technical_field_names.ts b/packages/kbn-rule-data-utils/src/technical_field_names.ts index 4b3f3fbb6f3705..2aa23195df8997 100644 --- a/packages/kbn-rule-data-utils/src/technical_field_names.ts +++ b/packages/kbn-rule-data-utils/src/technical_field_names.ts @@ -49,7 +49,6 @@ const ALERT_RULE_CREATED_BY = `${ALERT_RULE_NAMESPACE}.created_by` as const; const ALERT_RULE_DESCRIPTION = `${ALERT_RULE_NAMESPACE}.description` as const; const ALERT_RULE_ENABLED = `${ALERT_RULE_NAMESPACE}.enabled` as const; const ALERT_RULE_FROM = `${ALERT_RULE_NAMESPACE}.from` as const; -const ALERT_RULE_ID = `${ALERT_RULE_NAMESPACE}.id` as const; const ALERT_RULE_INTERVAL = `${ALERT_RULE_NAMESPACE}.interval` as const; const ALERT_RULE_LICENSE = `${ALERT_RULE_NAMESPACE}.license` as const; const ALERT_RULE_CATEGORY = `${ALERT_RULE_NAMESPACE}.category` as const; @@ -108,7 +107,6 @@ const fields = { ALERT_RULE_DESCRIPTION, ALERT_RULE_ENABLED, ALERT_RULE_FROM, - ALERT_RULE_ID, ALERT_RULE_INTERVAL, ALERT_RULE_LICENSE, ALERT_RULE_NAME, @@ -166,7 +164,6 @@ export { ALERT_RULE_DESCRIPTION, ALERT_RULE_ENABLED, ALERT_RULE_FROM, - ALERT_RULE_ID, ALERT_RULE_INTERVAL, ALERT_RULE_LICENSE, ALERT_RULE_NAME, diff --git a/x-pack/plugins/rule_registry/common/assets/field_maps/technical_rule_field_map.ts b/x-pack/plugins/rule_registry/common/assets/field_maps/technical_rule_field_map.ts index eb8d88cf697b93..f6566ee75920f9 100644 --- a/x-pack/plugins/rule_registry/common/assets/field_maps/technical_rule_field_map.ts +++ b/x-pack/plugins/rule_registry/common/assets/field_maps/technical_rule_field_map.ts @@ -95,11 +95,6 @@ export const technicalRuleFieldMap = { array: false, required: false, }, - [Fields.ALERT_RULE_ID]: { - type: 'keyword', - array: false, - required: false, - }, [Fields.ALERT_RULE_CREATED_AT]: { type: 'date', array: false, diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx index 0519e3f2d4a750..75bd41037934b7 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx @@ -13,7 +13,6 @@ import { ALERT_STATUS, ALERT_UUID, ALERT_RULE_UUID, - ALERT_RULE_ID, ALERT_RULE_NAME, ALERT_RULE_CATEGORY, } from '@kbn/rule-data-utils'; @@ -190,7 +189,6 @@ export const requiredFieldMappingsForActionsRuleRegistry = { 'alert.status': ALERT_STATUS, 'alert.duration.us': ALERT_DURATION, 'rule.uuid': ALERT_RULE_UUID, - 'rule.id': ALERT_RULE_ID, 'rule.name': ALERT_RULE_NAME, 'rule.category': ALERT_RULE_CATEGORY, producer: ALERT_RULE_PRODUCER, diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/__snapshots__/get_signals_template.test.ts.snap b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/__snapshots__/get_signals_template.test.ts.snap index b93fec8e99ca59..833a9084fdac6d 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/__snapshots__/get_signals_template.test.ts.snap +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/__snapshots__/get_signals_template.test.ts.snap @@ -1838,10 +1838,6 @@ Object { "path": "signal.rule.from", "type": "alias", }, - "kibana.alert.rule.id": Object { - "path": "signal.rule.id", - "type": "alias", - }, "kibana.alert.rule.immutable": Object { "path": "signal.rule.immutable", "type": "alias", @@ -2034,6 +2030,10 @@ Object { "path": "signal.rule.updated_by", "type": "alias", }, + "kibana.alert.rule.uuid": Object { + "path": "signal.rule.id", + "type": "alias", + }, "kibana.alert.rule.version": Object { "path": "signal.rule.version", "type": "alias", diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/signal_aad_mapping.json b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/signal_aad_mapping.json index 68c184b66c562d..8391d490162dfa 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/signal_aad_mapping.json +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/signal_aad_mapping.json @@ -35,7 +35,7 @@ "signal.rule.enabled": "kibana.alert.rule.enabled", "signal.rule.false_positives": "kibana.alert.rule.false_positives", "signal.rule.from": "kibana.alert.rule.from", - "signal.rule.id": "kibana.alert.rule.id", + "signal.rule.id": "kibana.alert.rule.uuid", "signal.rule.immutable": "kibana.alert.rule.immutable", "signal.rule.index": "kibana.alert.rule.index", "signal.rule.interval": "kibana.alert.rule.interval", diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_execution_log/rule_registry_log_client/rule_registry_log_client.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_execution_log/rule_registry_log_client/rule_registry_log_client.ts index 3f2f34c17679f0..5445184c450fee 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_execution_log/rule_registry_log_client/rule_registry_log_client.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_execution_log/rule_registry_log_client/rule_registry_log_client.ts @@ -13,7 +13,7 @@ import { EVENT_KIND, SPACE_IDS, TIMESTAMP, - ALERT_RULE_ID, + ALERT_RULE_UUID, } from '@kbn/rule-data-utils'; import moment from 'moment'; @@ -98,7 +98,7 @@ export class RuleRegistryLogClient implements IRuleRegistryLogClient { } const filter: estypes.QueryDslQueryContainer[] = [ - { terms: { [ALERT_RULE_ID]: ruleIds } }, + { terms: { [ALERT_RULE_UUID]: ruleIds } }, { terms: { [SPACE_IDS]: [spaceId] } }, ]; @@ -117,7 +117,7 @@ export class RuleRegistryLogClient implements IRuleRegistryLogClient { aggs: { rules: { terms: { - field: ALERT_RULE_ID, + field: ALERT_RULE_UUID, size: ruleIds.length, }, aggs: { @@ -151,7 +151,7 @@ export class RuleRegistryLogClient implements IRuleRegistryLogClient { bucket.most_recent_logs.hits.hits.map((event) => { const logEntry = parseRuleExecutionLog(event._source); invariant( - logEntry[ALERT_RULE_ID] ?? '', + logEntry[ALERT_RULE_UUID] ?? '', 'Malformed execution log entry: rule.id field not found' ); @@ -185,7 +185,7 @@ export class RuleRegistryLogClient implements IRuleRegistryLogClient { ] : undefined; - const alertId = logEntry[ALERT_RULE_ID] ?? ''; + const alertId = logEntry[ALERT_RULE_UUID] ?? ''; const statusDate = logEntry[TIMESTAMP]; const lastFailureAt = lastFailure?.[TIMESTAMP]; const lastFailureMessage = lastFailure?.[MESSAGE]; @@ -232,7 +232,7 @@ export class RuleRegistryLogClient implements IRuleRegistryLogClient { [EVENT_ACTION]: metric, [EVENT_KIND]: 'metric', [getMetricField(metric)]: value, - [ALERT_RULE_ID]: ruleId ?? '', + [ALERT_RULE_UUID]: ruleId ?? '', [TIMESTAMP]: new Date().toISOString(), [ALERT_RULE_CONSUMER]: SERVER_APP_ID, [ALERT_RULE_TYPE_ID]: SERVER_APP_ID, @@ -255,7 +255,7 @@ export class RuleRegistryLogClient implements IRuleRegistryLogClient { [EVENT_KIND]: 'event', [EVENT_SEQUENCE]: this.sequence++, [MESSAGE]: message, - [ALERT_RULE_ID]: ruleId ?? '', + [ALERT_RULE_UUID]: ruleId ?? '', [RULE_STATUS_SEVERITY]: statusSeverityDict[newStatus], [RULE_STATUS]: newStatus, [TIMESTAMP]: new Date().toISOString(), diff --git a/x-pack/plugins/timelines/public/components/actions/timeline/cases/add_to_case_action.test.tsx b/x-pack/plugins/timelines/public/components/actions/timeline/cases/add_to_case_action.test.tsx index fb7899165bb3d9..19206c40d18c2d 100644 --- a/x-pack/plugins/timelines/public/components/actions/timeline/cases/add_to_case_action.test.tsx +++ b/x-pack/plugins/timelines/public/components/actions/timeline/cases/add_to_case_action.test.tsx @@ -11,6 +11,7 @@ import { TestProviders, mockGetAllCasesSelectorModal } from '../../../../mock'; import { AddToCaseAction } from './add_to_case_action'; import { SECURITY_SOLUTION_OWNER } from '../../../../../../cases/common'; import { AddToCaseActionButton } from './add_to_case_action_button'; +import { ALERT_RULE_UUID } from '@kbn/rule-data-utils'; jest.mock('react-router-dom', () => ({ useLocation: () => ({ @@ -100,7 +101,7 @@ describe('AddToCaseAction', () => { {...props} event={{ _id: 'test-id', - data: [{ field: 'kibana.alert.rule.id', value: ['rule-id'] }], + data: [{ field: ALERT_RULE_UUID, value: ['rule-id'] }], ecs: { _id: 'test-id', _index: 'test-index', @@ -112,7 +113,7 @@ describe('AddToCaseAction', () => { {...props} event={{ _id: 'test-id', - data: [{ field: 'kibana.alert.rule.id', value: ['rule-id'] }], + data: [{ field: ALERT_RULE_UUID, value: ['rule-id'] }], ecs: { _id: 'test-id', _index: 'test-index', diff --git a/x-pack/plugins/timelines/public/hooks/use_add_to_case.ts b/x-pack/plugins/timelines/public/hooks/use_add_to_case.ts index a519c4869fa324..f5bb27b3a5614c 100644 --- a/x-pack/plugins/timelines/public/hooks/use_add_to_case.ts +++ b/x-pack/plugins/timelines/public/hooks/use_add_to_case.ts @@ -8,7 +8,7 @@ import { isEmpty } from 'lodash'; import { useState, useCallback, useMemo, SyntheticEvent } from 'react'; import { useLocation } from 'react-router-dom'; import { useDispatch } from 'react-redux'; -import { ALERT_RULE_ID, ALERT_RULE_NAME, ALERT_RULE_UUID } from '@kbn/rule-data-utils'; +import { ALERT_RULE_NAME, ALERT_RULE_UUID } from '@kbn/rule-data-utils'; import { useKibana } from '../../../../../src/plugins/kibana_react/public'; import { Case, SubCase } from '../../../cases/common'; import { TimelinesStartServices } from '../types'; @@ -243,15 +243,12 @@ export const useAddToCase = ({ }; export function normalizedEventFields(event?: TimelineItem) { - const ruleId = event && event.data.find(({ field }) => field === ALERT_RULE_ID); const ruleUuid = event && event.data.find(({ field }) => field === ALERT_RULE_UUID); const ruleName = event && event.data.find(({ field }) => field === ALERT_RULE_NAME); - const ruleIdValue = ruleId && ruleId.value && ruleId.value[0]; const ruleUuidValue = ruleUuid && ruleUuid.value && ruleUuid.value[0]; const ruleNameValue = ruleName && ruleName.value && ruleName.value[0]; - const idToUse = ruleIdValue ? ruleIdValue : ruleUuidValue; return { - ruleId: idToUse ?? null, + ruleId: ruleUuidValue ?? null, ruleName: ruleNameValue ?? null, }; } diff --git a/x-pack/test/security_solution_cypress/config.ts b/x-pack/test/security_solution_cypress/config.ts index 0026f5897019e6..d22ff564beb2c8 100644 --- a/x-pack/test/security_solution_cypress/config.ts +++ b/x-pack/test/security_solution_cypress/config.ts @@ -40,6 +40,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { // retrieve rules from the filesystem but not from fleet for Cypress tests '--xpack.securitySolution.prebuiltRulesFromFileSystem=true', '--xpack.securitySolution.prebuiltRulesFromSavedObjects=false', + `--home.disableWelcomeScreen=true`, ], }, };