[RAC][Security Solution] Remove ALERT_RULE_ID in favor of ALERT_RULE_UUID (#108922)

* Remove ALERT_RULE_ID in favor of ALERT_RULE_UUID * Update snapshot * KEVINNN * fix test * Add back home.disableWelcomeScreen=true * Only disable welcome screen in security solution cypress tests Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
2025-04-24 01:38:56 -04:00 · 2021-08-18 07:37:14 -07:00 · 2021-08-18 07:37:14 -07:00 · 05d1e326a4
commit 05d1e326a4
parent 8f7e10aaba
9 changed files with 18 additions and 29 deletions
--- a/packages/kbn-rule-data-utils/src/technical_field_names.ts
+++ b/packages/kbn-rule-data-utils/src/technical_field_names.ts
@ -49,7 +49,6 @@ const ALERT_RULE_CREATED_BY = `${ALERT_RULE_NAMESPACE}.created_by` as const;
 const ALERT_RULE_DESCRIPTION = `${ALERT_RULE_NAMESPACE}.description` as const;
 const ALERT_RULE_ENABLED = `${ALERT_RULE_NAMESPACE}.enabled` as const;
 const ALERT_RULE_FROM = `${ALERT_RULE_NAMESPACE}.from` as const;
-const ALERT_RULE_ID = `${ALERT_RULE_NAMESPACE}.id` as const;
 const ALERT_RULE_INTERVAL = `${ALERT_RULE_NAMESPACE}.interval` as const;
 const ALERT_RULE_LICENSE = `${ALERT_RULE_NAMESPACE}.license` as const;
 const ALERT_RULE_CATEGORY = `${ALERT_RULE_NAMESPACE}.category` as const;
@ -108,7 +107,6 @@ const fields = {
  ALERT_RULE_DESCRIPTION,
  ALERT_RULE_ENABLED,
  ALERT_RULE_FROM,
-  ALERT_RULE_ID,
  ALERT_RULE_INTERVAL,
  ALERT_RULE_LICENSE,
  ALERT_RULE_NAME,
@ -166,7 +164,6 @@ export {
  ALERT_RULE_DESCRIPTION,
  ALERT_RULE_ENABLED,
  ALERT_RULE_FROM,
-  ALERT_RULE_ID,
  ALERT_RULE_INTERVAL,
  ALERT_RULE_LICENSE,
  ALERT_RULE_NAME,
--- a/x-pack/plugins/rule_registry/common/assets/field_maps/technical_rule_field_map.ts
+++ b/x-pack/plugins/rule_registry/common/assets/field_maps/technical_rule_field_map.ts
@ -95,11 +95,6 @@ export const technicalRuleFieldMap = {
    array: false,
    required: false,
  },
-  [Fields.ALERT_RULE_ID]: {
-    type: 'keyword',
-    array: false,
-    required: false,
-  },
  [Fields.ALERT_RULE_CREATED_AT]: {
    type: 'date',
    array: false,
--- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx
+++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx
@ -13,7 +13,6 @@ import {
  ALERT_STATUS,
  ALERT_UUID,
  ALERT_RULE_UUID,
-  ALERT_RULE_ID,
  ALERT_RULE_NAME,
  ALERT_RULE_CATEGORY,
 } from '@kbn/rule-data-utils';
@ -190,7 +189,6 @@ export const requiredFieldMappingsForActionsRuleRegistry = {
  'alert.status': ALERT_STATUS,
  'alert.duration.us': ALERT_DURATION,
  'rule.uuid': ALERT_RULE_UUID,
-  'rule.id': ALERT_RULE_ID,
  'rule.name': ALERT_RULE_NAME,
  'rule.category': ALERT_RULE_CATEGORY,
  producer: ALERT_RULE_PRODUCER,
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/snapshots/get_signals_template.test.ts.snap
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/snapshots/get_signals_template.test.ts.snap
@ -1838,10 +1838,6 @@ Object {
          "path": "signal.rule.from",
          "type": "alias",
        },
-        "kibana.alert.rule.id": Object {
-          "path": "signal.rule.id",
-          "type": "alias",
-        },
        "kibana.alert.rule.immutable": Object {
          "path": "signal.rule.immutable",
          "type": "alias",
@ -2034,6 +2030,10 @@ Object {
          "path": "signal.rule.updated_by",
          "type": "alias",
        },
+        "kibana.alert.rule.uuid": Object {
+          "path": "signal.rule.id",
+          "type": "alias",
+        },
        "kibana.alert.rule.version": Object {
          "path": "signal.rule.version",
          "type": "alias",
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/signal_aad_mapping.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/signal_aad_mapping.json
@ -35,7 +35,7 @@
  "signal.rule.enabled": "kibana.alert.rule.enabled",
  "signal.rule.false_positives": "kibana.alert.rule.false_positives",
  "signal.rule.from": "kibana.alert.rule.from",
-  "signal.rule.id": "kibana.alert.rule.id",
+  "signal.rule.id": "kibana.alert.rule.uuid",
  "signal.rule.immutable": "kibana.alert.rule.immutable",
  "signal.rule.index": "kibana.alert.rule.index",
  "signal.rule.interval": "kibana.alert.rule.interval",
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_execution_log/rule_registry_log_client/rule_registry_log_client.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_execution_log/rule_registry_log_client/rule_registry_log_client.ts
@ -13,7 +13,7 @@ import {
  EVENT_KIND,
  SPACE_IDS,
  TIMESTAMP,
-  ALERT_RULE_ID,
+  ALERT_RULE_UUID,
 } from '@kbn/rule-data-utils';
 import moment from 'moment';

@ -98,7 +98,7 @@ export class RuleRegistryLogClient implements IRuleRegistryLogClient {
    }

    const filter: estypes.QueryDslQueryContainer[] = [
-      { terms: { [ALERT_RULE_ID]: ruleIds } },
+      { terms: { [ALERT_RULE_UUID]: ruleIds } },
      { terms: { [SPACE_IDS]: [spaceId] } },
    ];

@ -117,7 +117,7 @@ export class RuleRegistryLogClient implements IRuleRegistryLogClient {
        aggs: {
          rules: {
            terms: {
-              field: ALERT_RULE_ID,
+              field: ALERT_RULE_UUID,
              size: ruleIds.length,
            },
            aggs: {
@ -151,7 +151,7 @@ export class RuleRegistryLogClient implements IRuleRegistryLogClient {
        bucket.most_recent_logs.hits.hits.map<IRuleStatusSOAttributes>((event) => {
          const logEntry = parseRuleExecutionLog(event._source);
          invariant(
-            logEntry[ALERT_RULE_ID] ?? '',
+            logEntry[ALERT_RULE_UUID] ?? '',
            'Malformed execution log entry: rule.id field not found'
          );

@ -185,7 +185,7 @@ export class RuleRegistryLogClient implements IRuleRegistryLogClient {
              ]
            : undefined;

-          const alertId = logEntry[ALERT_RULE_ID] ?? '';
+          const alertId = logEntry[ALERT_RULE_UUID] ?? '';
          const statusDate = logEntry[TIMESTAMP];
          const lastFailureAt = lastFailure?.[TIMESTAMP];
          const lastFailureMessage = lastFailure?.[MESSAGE];
@ -232,7 +232,7 @@ export class RuleRegistryLogClient implements IRuleRegistryLogClient {
        [EVENT_ACTION]: metric,
        [EVENT_KIND]: 'metric',
        [getMetricField(metric)]: value,
-        [ALERT_RULE_ID]: ruleId ?? '',
+        [ALERT_RULE_UUID]: ruleId ?? '',
        [TIMESTAMP]: new Date().toISOString(),
        [ALERT_RULE_CONSUMER]: SERVER_APP_ID,
        [ALERT_RULE_TYPE_ID]: SERVER_APP_ID,
@ -255,7 +255,7 @@ export class RuleRegistryLogClient implements IRuleRegistryLogClient {
        [EVENT_KIND]: 'event',
        [EVENT_SEQUENCE]: this.sequence++,
        [MESSAGE]: message,
-        [ALERT_RULE_ID]: ruleId ?? '',
+        [ALERT_RULE_UUID]: ruleId ?? '',
        [RULE_STATUS_SEVERITY]: statusSeverityDict[newStatus],
        [RULE_STATUS]: newStatus,
        [TIMESTAMP]: new Date().toISOString(),
--- a/x-pack/plugins/timelines/public/components/actions/timeline/cases/add_to_case_action.test.tsx
+++ b/x-pack/plugins/timelines/public/components/actions/timeline/cases/add_to_case_action.test.tsx
@ -11,6 +11,7 @@ import { TestProviders, mockGetAllCasesSelectorModal } from '../../../../mock';
 import { AddToCaseAction } from './add_to_case_action';
 import { SECURITY_SOLUTION_OWNER } from '../../../../../../cases/common';
 import { AddToCaseActionButton } from './add_to_case_action_button';
+import { ALERT_RULE_UUID } from '@kbn/rule-data-utils';

 jest.mock('react-router-dom', () => ({
  useLocation: () => ({
@ -100,7 +101,7 @@ describe('AddToCaseAction', () => {
          {...props}
          event={{
            _id: 'test-id',
-            data: [{ field: 'kibana.alert.rule.id', value: ['rule-id'] }],
+            data: [{ field: ALERT_RULE_UUID, value: ['rule-id'] }],
            ecs: {
              _id: 'test-id',
              _index: 'test-index',
@ -112,7 +113,7 @@ describe('AddToCaseAction', () => {
          {...props}
          event={{
            _id: 'test-id',
-            data: [{ field: 'kibana.alert.rule.id', value: ['rule-id'] }],
+            data: [{ field: ALERT_RULE_UUID, value: ['rule-id'] }],
            ecs: {
              _id: 'test-id',
              _index: 'test-index',
--- a/x-pack/plugins/timelines/public/hooks/use_add_to_case.ts
+++ b/x-pack/plugins/timelines/public/hooks/use_add_to_case.ts
@ -8,7 +8,7 @@ import { isEmpty } from 'lodash';
 import { useState, useCallback, useMemo, SyntheticEvent } from 'react';
 import { useLocation } from 'react-router-dom';
 import { useDispatch } from 'react-redux';
-import { ALERT_RULE_ID, ALERT_RULE_NAME, ALERT_RULE_UUID } from '@kbn/rule-data-utils';
+import { ALERT_RULE_NAME, ALERT_RULE_UUID } from '@kbn/rule-data-utils';
 import { useKibana } from '../../../../../src/plugins/kibana_react/public';
 import { Case, SubCase } from '../../../cases/common';
 import { TimelinesStartServices } from '../types';
@ -243,15 +243,12 @@ export const useAddToCase = ({
 };

 export function normalizedEventFields(event?: TimelineItem) {
-  const ruleId = event && event.data.find(({ field }) => field === ALERT_RULE_ID);
  const ruleUuid = event && event.data.find(({ field }) => field === ALERT_RULE_UUID);
  const ruleName = event && event.data.find(({ field }) => field === ALERT_RULE_NAME);
-  const ruleIdValue = ruleId && ruleId.value && ruleId.value[0];
  const ruleUuidValue = ruleUuid && ruleUuid.value && ruleUuid.value[0];
  const ruleNameValue = ruleName && ruleName.value && ruleName.value[0];
-  const idToUse = ruleIdValue ? ruleIdValue : ruleUuidValue;
  return {
-    ruleId: idToUse ?? null,
+    ruleId: ruleUuidValue ?? null,
    ruleName: ruleNameValue ?? null,
  };
 }
--- a/x-pack/test/security_solution_cypress/config.ts
+++ b/x-pack/test/security_solution_cypress/config.ts
@ -40,6 +40,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) {
        // retrieve rules from the filesystem but not from fleet for Cypress tests
        '--xpack.securitySolution.prebuiltRulesFromFileSystem=true',
        '--xpack.securitySolution.prebuiltRulesFromSavedObjects=false',
+        `--home.disableWelcomeScreen=true`,
      ],
    },
  };