elastic
diff --git a/‎x-pack/plugins/security_solution/public/alerts/components/rules/description_step/index.tsx‎
Lines changed: 16 additions & 3 deletions b/‎x-pack/plugins/security_solution/public/alerts/components/rules/description_step/index.tsx‎
Lines changed: 16 additions & 3 deletions
diff --git a/‎x-pack/plugins/security_solution/public/alerts/components/rules/risk_score_mapping/index.tsx‎
Lines changed: 23 additions & 7 deletions b/‎x-pack/plugins/security_solution/public/alerts/components/rules/risk_score_mapping/index.tsx‎
Lines changed: 23 additions & 7 deletions
diff --git a/‎x-pack/plugins/security_solution/public/alerts/components/rules/severity_mapping/index.tsx‎
Lines changed: 34 additions & 13 deletions b/‎x-pack/plugins/security_solution/public/alerts/components/rules/severity_mapping/index.tsx‎
Lines changed: 34 additions & 13 deletions
diff --git a/‎x-pack/plugins/security_solution/public/alerts/components/rules/step_about_rule/default_value.ts‎
Lines changed: 2 additions & 2 deletions b/‎x-pack/plugins/security_solution/public/alerts/components/rules/step_about_rule/default_value.ts‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎x-pack/plugins/security_solution/public/alerts/components/rules/step_about_rule/index.test.tsx‎
Lines changed: 4 additions & 4 deletions b/‎x-pack/plugins/security_solution/public/alerts/components/rules/step_about_rule/index.test.tsx‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎x-pack/plugins/security_solution/public/alerts/components/rules/step_about_rule/schema.tsx‎
Lines changed: 7 additions & 2 deletions b/‎x-pack/plugins/security_solution/public/alerts/components/rules/step_about_rule/schema.tsx‎
Lines changed: 7 additions & 2 deletions
diff --git a/‎x-pack/plugins/security_solution/public/alerts/pages/detection_engine/rules/all/__mocks__/mock.ts‎
Lines changed: 8 additions & 2 deletions b/‎x-pack/plugins/security_solution/public/alerts/pages/detection_engine/rules/all/__mocks__/mock.ts‎
Lines changed: 8 additions & 2 deletions
diff --git a/‎x-pack/plugins/security_solution/public/alerts/pages/detection_engine/rules/create/helpers.test.ts‎
Lines changed: 20 additions & 16 deletions b/‎x-pack/plugins/security_solution/public/alerts/pages/detection_engine/rules/create/helpers.test.ts‎
Lines changed: 20 additions & 16 deletions
@@ -18,7 +18,11 @@ import {
 } from '../../../../../../../../src/plugins/data/public';
 import { DEFAULT_TIMELINE_TITLE } from '../../../../timelines/components/timeline/translations';
 import { useKibana } from '../../../../common/lib/kibana';
-import { IMitreEnterpriseAttack } from '../../../pages/detection_engine/rules/types';
+import {
+  AboutStepRiskScore,
+  AboutStepSeverity,
+  IMitreEnterpriseAttack,
+} from '../../../pages/detection_engine/rules/types';
 import { FieldValueTimeline } from '../pick_timeline';
 import { FormSchema } from '../../../../shared_imports';
 import { ListItems } from './types';
@@ -184,9 +188,18 @@ export const getDescriptionItem = (
   } else if (Array.isArray(get(field, data))) {
     const values: string[] = get(field, data);
     return buildStringArrayDescription(label, field, values);
+    // TODO: Add custom UI for Risk/Severity Mappings (and fix missing label)
+  } else if (field === 'riskScore') {
+    const val: AboutStepRiskScore = get(field, data);
+    return [
+      {
+        title: label,
+        description: val.value,
+      },
+    ];
   } else if (field === 'severity') {
-    const val: string = get(field, data);
-    return buildSeverityDescription(label, val);
+    const val: AboutStepSeverity = get(field, data);
+    return buildSeverityDescription(label, val.value);
   } else if (field === 'timeline') {
     const timeline = get(field, data) as FieldValueTimeline;
     return [
 
@@ -15,7 +15,7 @@ import {
   EuiIcon,
   EuiSpacer,
 } from '@elastic/eui';
-import React, { useMemo, useState } from 'react';
+import React, { useCallback, useMemo, useState } from 'react';
 import styled from 'styled-components';
 import * as i18n from './translations';
 import { FieldHook } from '../../../../../../../../src/plugins/es_ui_shared/static/forms/hook_form_lib';
@@ -41,10 +41,23 @@ interface RiskScoreFieldProps {
 }
 
 export const RiskScoreField = ({ dataTestSubj, field, idAria, indices }: RiskScoreFieldProps) => {
-  // const isInvalid = field.errors.length > 0 && form.isSubmitted;
-  // const errorMessage = field.errors.length ? (field.errors[0].message as string) : null;
   const [isRiskScoreMappingSelected, setIsRiskScoreMappingSelected] = useState(false);
-  // const [riskScoreField, setRiskScoreField] = useState<string | undefined>();
+
+  const updateRiskScoreMapping = useCallback(
+    (event) => {
+      field.setValue({
+        value: field.value.value,
+        mapping: [
+          {
+            field: event.target.value,
+            operator: 'equals',
+            value: '',
+          },
+        ],
+      });
+    },
+    [field]
+  );
 
   const severityLabel = useMemo(() => {
     return (
@@ -97,7 +110,7 @@ export const RiskScoreField = ({ dataTestSubj, field, idAria, indices }: RiskSco
           describedByIds={idAria ? [idAria] : undefined}
         >
           <CommonUseField
-            path="riskScore"
+            path="riskScore.value"
             componentProps={{
               idAria: 'detectionEngineStepAboutRuleRiskScore',
               'data-test-subj': 'detectionEngineStepAboutRuleRiskScore',
@@ -150,8 +163,11 @@ export const RiskScoreField = ({ dataTestSubj, field, idAria, indices }: RiskSco
                   <EuiFlexGroup alignItems="center" gutterSize="s">
                     <EuiFlexItem>
                       <EuiFieldText
-                        onChange={(e) => {}}
-                        aria-label="Use aria labels when no actual label is in use"
+                        data-test-subj={`detectionEngineStepAboutRuleRiskScoreMappingValue`}
+                        idAria={`detectionEngineStepAboutRuleRiskScoreMappingValue`}
+                        isDisabled={false}
+                        onChange={updateRiskScoreMapping.bind(null)}
+                        value={field.value.mapping?.[0]?.field ?? ''}
                       />
                     </EuiFlexItem>
                     <EuiFlexItemIconColumn grow={false}>
 
@@ -15,7 +15,7 @@ import {
   EuiIcon,
   EuiSpacer,
 } from '@elastic/eui';
-import React, { useMemo, useState } from 'react';
+import React, { useCallback, useMemo, useState } from 'react';
 import styled from 'styled-components';
 import * as i18n from './translations';
 import { FieldHook } from '../../../../../../../../src/plugins/es_ui_shared/static/forms/hook_form_lib';
@@ -46,13 +46,29 @@ export const SeverityField = ({
   dataTestSubj,
   field,
   idAria,
-  indices,
+  indices, // TODO: To be used with autocomplete fields once https://github.com/elastic/kibana/pull/67013 is merged
   options,
 }: SeverityFieldProps) => {
-  // const isInvalid = field.errors.length > 0 && form.isSubmitted;
-  // const errorMessage = field.errors.length ? (field.errors[0].message as string) : null;
   const [isSeverityMappingChecked, setIsSeverityMappingChecked] = useState(false);
-  // const [severityField, setSeverityField] = useState<string | undefined>();
+
+  const updateSeverityMapping = useCallback(
+    (index: number, severity: string, mappingField: string, event) => {
+      field.setValue({
+        value: field.value.value,
+        mapping: [
+          ...field.value.mapping.slice(0, index),
+          {
+            ...field.value.mapping[index],
+            [mappingField]: event.target.value,
+            operator: 'equals',
+            severity,
+          },
+          ...field.value.mapping.slice(index + 1),
+        ],
+      });
+    },
+    [field]
+  );
 
   const severityLabel = useMemo(() => {
     return (
@@ -159,18 +175,23 @@ export const SeverityField = ({
                   <EuiFlexItem key={option.value}>
                     <EuiFlexGroup alignItems="center" gutterSize="s">
                       <EuiFlexItem>
-                        <CommonUseField
-                          path={`severity[${index}].mapping`}
-                          componentProps={{
-                            'data-test-subj': 'detectionEngineStepAboutRuleRiskScore111',
-                            idAria: 'detectionEngineStepAboutRuleRiskScore111',
-                            isDisabled: false,
-                          }}
+                        <EuiFieldText
+                          data-test-subj={`detectionEngineStepAboutRuleSeverityMappingField${option.value}`}
+                          idAria={`detectionEngineStepAboutRuleSeverityMappingField${option.value}`}
+                          isDisabled={false}
+                          onChange={updateSeverityMapping.bind(null, index, option.value, 'field')}
+                          value={field.value.mapping?.[index]?.field ?? ''}
                         />
                       </EuiFlexItem>
 
                       <EuiFlexItem>
-                        <EuiFieldText onChange={() => {}} />
+                        <EuiFieldText
+                          data-test-subj={`detectionEngineStepAboutRuleSeverityMappingValue${option.value}`}
+                          idAria={`detectionEngineStepAboutRuleSeverityMappingValue${option.value}`}
+                          isDisabled={false}
+                          onChange={updateSeverityMapping.bind(null, index, option.value, 'value')}
+                          value={field.value.mapping?.[index]?.value ?? ''}
+                        />
                       </EuiFlexItem>
                       <EuiFlexItemIconColumn grow={false}>
                         <EuiIcon type={'sortRight'} />
 
@@ -20,8 +20,8 @@ export const stepAboutDefaultValue: AboutStepRule = {
   description: '',
   isBuildingBlock: false,
   isNew: true,
-  severity: { value: 'low' },
-  riskScore: 50,
+  severity: { value: 'low', mapping: [] },
+  riskScore: { value: 50, mapping: [] },
   references: [''],
   falsePositives: [''],
   license: '',
 
@@ -174,8 +174,8 @@ describe('StepAboutRuleComponent', () => {
       name: 'Test name text',
       note: '',
       references: [''],
-      riskScore: 50,
-      severity: { value: 'low' },
+      riskScore: { value: 50, mapping: [] },
+      severity: { value: 'low', mapping: [] },
       tags: [],
       threat: [
         {
@@ -232,8 +232,8 @@ describe('StepAboutRuleComponent', () => {
       name: 'Test name text',
       note: '',
       references: [''],
-      riskScore: 80,
-      severity: { value: 'low' },
+      riskScore: { value: 80, mapping: [] },
+      severity: { value: 'low', mapping: [] },
       tags: [],
       threat: [
         {
 
@@ -112,8 +112,13 @@ export const schema: FormSchema = {
     },
   },
   riskScore: {
-    type: FIELD_TYPES.RANGE,
-    serializer: (input: string) => Number(input),
+    value: {
+      type: FIELD_TYPES.RANGE,
+      serializer: (input: string) => Number(input),
+    },
+    mapping: {
+      type: FIELD_TYPES.TEXT,
+    },
   },
   references: {
     label: i18n.translate(
 
@@ -78,6 +78,7 @@ export const mockRule = (id: string): Rule => ({
 
 export const mockRuleWithEverything = (id: string): Rule => ({
   actions: [],
+  author: [],
   created_at: '2020-01-10T21:11:45.839Z',
   updated_at: '2020-01-10T21:11:45.839Z',
   created_by: 'elastic',
@@ -113,9 +114,12 @@ export const mockRuleWithEverything = (id: string): Rule => ({
   interval: '5m',
   rule_id: 'b5ba41ab-aaf3-4f43-971b-bdf9434ce0ea',
   language: 'kuery',
+  license: 'Elastic License',
   output_index: '.siem-signals-default',
   max_signals: 100,
   risk_score: 21,
+  risk_score_mapping: [],
+  rule_name_override: 'message',
   name: 'Query with rule-id',
   query: 'user.name: root or user.name: admin',
   references: ['www.test.co'],
@@ -124,6 +128,7 @@ export const mockRuleWithEverything = (id: string): Rule => ({
   timeline_title: 'Titled timeline',
   meta: { from: '0m' },
   severity: 'low',
+  severity_mapping: [],
   updated_by: 'elastic',
   tags: ['tag1', 'tag2'],
   to: 'now',
@@ -146,6 +151,7 @@ export const mockRuleWithEverything = (id: string): Rule => ({
     },
   ],
   throttle: 'no_actions',
+  timestamp_override: 'event.ingested',
   note: '# this is some markdown documentation',
   version: 1,
 });
@@ -160,8 +166,8 @@ export const mockAboutStepRule = (isNew = false): AboutStepRule => ({
   license: 'Elastic License',
   name: 'Query with rule-id',
   description: '24/7',
-  severity: { value: 'low' },
-  riskScore: 21,
+  severity: { value: 'low', mapping: [] },
+  riskScore: { value: 21, mapping: [] },
   references: ['www.test.co'],
   falsePositives: ['test'],
   tags: ['tag1', 'tag2'],
 
@@ -342,14 +342,15 @@ describe('helpers', () => {
         author: ['Elastic'],
         description: '24/7',
         false_positives: ['test'],
-        isBuildingBlock: false,
         license: 'Elastic License',
         name: 'Query with rule-id',
         note: '# this is some markdown documentation',
         references: ['www.test.co'],
         risk_score: 21,
-        ruleNameOverride: '',
-        severity: { value: 'low' },
+        risk_score_mapping: [],
+        rule_name_override: '',
+        severity: 'low',
+        severity_mapping: [],
         tags: ['tag1', 'tag2'],
         threat: [
           {
@@ -368,7 +369,7 @@ describe('helpers', () => {
             ],
           },
         ],
-        timestampOverride: '',
+        timestamp_override: '',
       };
 
       expect(result).toEqual(expected);
@@ -385,14 +386,15 @@ describe('helpers', () => {
         author: ['Elastic'],
         description: '24/7',
         false_positives: ['test'],
-        isBuildingBlock: false,
         license: 'Elastic License',
         name: 'Query with rule-id',
         note: '# this is some markdown documentation',
         references: ['www.test.co'],
         risk_score: 21,
-        ruleNameOverride: '',
-        severity: { value: 'low' },
+        risk_score_mapping: [],
+        rule_name_override: '',
+        severity: 'low',
+        severity_mapping: [],
         tags: ['tag1', 'tag2'],
         threat: [
           {
@@ -411,7 +413,7 @@ describe('helpers', () => {
             ],
           },
         ],
-        timestampOverride: '',
+        timestamp_override: '',
       };
 
       expect(result).toEqual(expected);
@@ -427,13 +429,14 @@ describe('helpers', () => {
         author: ['Elastic'],
         description: '24/7',
         false_positives: ['test'],
-        isBuildingBlock: false,
         license: 'Elastic License',
         name: 'Query with rule-id',
         references: ['www.test.co'],
         risk_score: 21,
-        ruleNameOverride: '',
-        severity: { value: 'low' },
+        risk_score_mapping: [],
+        rule_name_override: '',
+        severity: 'low',
+        severity_mapping: [],
         tags: ['tag1', 'tag2'],
         threat: [
           {
@@ -452,7 +455,7 @@ describe('helpers', () => {
             ],
           },
         ],
-        timestampOverride: '',
+        timestamp_override: '',
       };
 
       expect(result).toEqual(expected);
@@ -497,16 +500,17 @@ describe('helpers', () => {
       const result: AboutStepRuleJson = formatAboutStepData(mockStepData);
       const expected = {
         author: ['Elastic'],
-        isBuildingBlock: false,
         license: 'Elastic License',
         description: '24/7',
         false_positives: ['test'],
         name: 'Query with rule-id',
         note: '# this is some markdown documentation',
         references: ['www.test.co'],
         risk_score: 21,
-        ruleNameOverride: '',
-        severity: { value: 'low' },
+        risk_score_mapping: [],
+        rule_name_override: '',
+        severity: 'low',
+        severity_mapping: [],
         tags: ['tag1', 'tag2'],
         threat: [
           {
@@ -515,7 +519,7 @@ describe('helpers', () => {
             technique: [{ id: '456', name: 'technique1', reference: 'technique reference' }],
           },
         ],
-        timestampOverride: '',
+        timestamp_override: '',
       };
 
       expect(result).toEqual(expected);