[Security Solution][Detections][Threshold Rules] Add threshold_result to alert notification context (#95354)

* Don't remove threshold_result from _source prematurely * Fix type error Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
2025-04-23 17:28:26 -04:00 · 2021-04-01 09:58:54 -04:00 · 2021-04-01 09:58:54 -04:00 · 9c5641dbd7
commit 9c5641dbd7
parent 6238ef7bad
1 changed files with 4 additions and 3 deletions
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/build_bulk_body.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/build_bulk_body.ts
@ -73,11 +73,12 @@ export const buildBulkBody = ({
    ...buildSignal([doc], rule),
    ...additionalSignalFields(doc),
  };
-  // @ts-expect-error @elastic/elasticsearch _source is optional
-  delete doc._source.threshold_result;
  const event = buildEventTypeSignal(doc);
+  const { threshold_result: thresholdResult, ...filteredSource } = doc._source || {
+    threshold_result: null,
+  };
  const signalHit: SignalHit = {
-    ...doc._source,
+    ...filteredSource,
    '@timestamp': new Date().toISOString(),
    event,
    signal,