[Detections] Add validation for Threshold value field (#72611) (#72776)

Co-authored-by: Patryk Kopyciński <patryk.kopycinski@elastic.co>
2025-04-25 02:09:32 -04:00 · 2020-07-21 22:44:52 -06:00 · 2020-07-21 22:44:52 -06:00 · 1ba3dbcfcf
commit 1ba3dbcfcf
parent 996f0ad10e
3 changed files with 50 additions and 1 deletions
--- a/x-pack/plugins/security_solution/public/detections/components/rules/step_define_rule/schema.tsx
+++ b/x-pack/plugins/security_solution/public/detections/components/rules/step_define_rule/schema.tsx
@ -202,6 +202,20 @@ export const schema: FormSchema = {
          defaultMessage: 'Threshold',
        }
      ),
      validations: [
        {
          validator: fieldValidators.numberGreaterThanField({
            than: 1,
            message: i18n.translate(
              'xpack.securitySolution.detectionEngine.validations.thresholdValueFieldData.numberGreaterThanOrEqualOneErrorMessage',
              {
                defaultMessage: 'Value must be greater than or equal one.',
              }
            ),
            allowEquality: true,
          }),
        },
      ],
    },
  },
 };
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/bulk_create_threshold_signals.test.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/bulk_create_threshold_signals.test.ts
@ -193,4 +193,39 @@ describe('getThresholdSignalQueryFields', () => {
      'event.dataset': 'traefik.access',
    });
  });
  it('should return proper object for exists filters', () => {
    const filters = {
      bool: {
        should: [
          {
            bool: {
              should: [
                {
                  exists: {
                    field: 'process.name',
                  },
                },
              ],
              minimum_should_match: 1,
            },
          },
          {
            bool: {
              should: [
                {
                  exists: {
                    field: 'event.type',
                  },
                },
              ],
              minimum_should_match: 1,
            },
          },
        ],
        minimum_should_match: 1,
      },
    };
    expect(getThresholdSignalQueryFields(filters)).toEqual({});
  });
 });
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/bulk_create_threshold_signals.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/bulk_create_threshold_signals.ts
@ -83,7 +83,7 @@ export const getThresholdSignalQueryFields = (filter: unknown) => {
        return { ...acc, ...item.match_phrase };
      }
-      if (item.bool.should && (item.bool.should[0].match || item.bool.should[0].match_phrase)) {
+      if (item.bool?.should && (item.bool.should[0].match || item.bool.should[0].match_phrase)) {
        return { ...acc, ...(item.bool.should[0].match || item.bool.should[0].match_phrase) };
      }