Skip to content

Commit 23079d2

Browse files
ecezalpkibanamachine
ecezalp
and
kibanamachine
committed
[CTI] Adds indicator match rule improvements (#97310)
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
1 parent 50d6106 commit 23079d2

2 files changed

Lines changed: 8 additions & 7 deletions

File tree

x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/get_threat_list.test.ts

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ describe('get_threat_signals', () => {
1616
index: ['index-123'],
1717
listItemIndex: 'list-index-123',
1818
});
19-
expect(sortOrder).toEqual([{ '@timestamp': 'asc' }]);
19+
expect(sortOrder).toEqual([{ '@timestamp': 'desc' }]);
2020
});
2121

2222
test('it should return sort field of just tie_breaker_id if given no sort order for a list item index', () => {
@@ -29,14 +29,14 @@ describe('get_threat_signals', () => {
2929
expect(sortOrder).toEqual([{ tie_breaker_id: 'asc' }]);
3030
});
3131

32-
test('it should return sort field of timestamp with asc even if sortOrder is changed as it is hard wired in', () => {
32+
test('it should return sort field of timestamp with desc even if sortOrder is changed as it is hard wired in', () => {
3333
const sortOrder = getSortWithTieBreaker({
3434
sortField: undefined,
3535
sortOrder: 'desc',
3636
index: ['index-123'],
3737
listItemIndex: 'list-index-123',
3838
});
39-
expect(sortOrder).toEqual([{ '@timestamp': 'asc' }]);
39+
expect(sortOrder).toEqual([{ '@timestamp': 'desc' }]);
4040
});
4141

4242
test('it should return sort field of tie_breaker_id with asc even if sortOrder is changed as it is hard wired in for a list item index', () => {
@@ -56,7 +56,7 @@ describe('get_threat_signals', () => {
5656
index: ['index-123'],
5757
listItemIndex: 'list-index-123',
5858
});
59-
expect(sortOrder).toEqual([{ 'some-field': 'asc', '@timestamp': 'asc' }]);
59+
expect(sortOrder).toEqual([{ 'some-field': 'asc', '@timestamp': 'desc' }]);
6060
});
6161

6262
test('it should return sort field of an extra field if given one for a list item index', () => {
@@ -76,7 +76,7 @@ describe('get_threat_signals', () => {
7676
index: ['index-123'],
7777
listItemIndex: 'list-index-123',
7878
});
79-
expect(sortOrder).toEqual([{ 'some-field': 'desc', '@timestamp': 'asc' }]);
79+
expect(sortOrder).toEqual([{ 'some-field': 'desc', '@timestamp': 'desc' }]);
8080
});
8181

8282
test('it should return sort field of desc if given one for a list item index', () => {

x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/get_threat_list.ts

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -70,6 +70,7 @@ export const getThreatList = async ({
7070
listItemIndex: listClient.getListItemIndex(),
7171
}),
7272
},
73+
track_total_hits: false,
7374
ignore_unavailable: true,
7475
index,
7576
size: calculatedPerPage,
@@ -101,9 +102,9 @@ export const getSortWithTieBreaker = ({
101102
}
102103
} else {
103104
if (sortField != null) {
104-
return [{ [sortField]: ascOrDesc, '@timestamp': 'asc' }];
105+
return [{ [sortField]: ascOrDesc, '@timestamp': 'desc' }];
105106
} else {
106-
return [{ '@timestamp': 'asc' }];
107+
return [{ '@timestamp': 'desc' }];
107108
}
108109
}
109110
};

0 commit comments

Comments
 (0)