Remove EQL execution placeholder, add back language to eql rule type

marshallmain · marshallmain · commit f445d87a7904 · 2020-09-23T11:14:45.000-04:00
diff --git a/x-pack/plugins/security_solution/common/detection_engine/schemas/response/rules_schema.ts b/x-pack/plugins/security_solution/common/detection_engine/schemas/response/rules_schema.ts
@@ -122,7 +122,7 @@ export const dependentRulesSchema = t.partial({
   language,
   query,
 
-  // eql fields
+  // eql only fields
   event_category_override,
 
   // when type = saved_query, saved_id is required
@@ -264,6 +264,7 @@ export const addEqlFields = (typeAndTimelineOnly: TypeAndTimelineOnly): t.Mixed[
         t.partial({ event_category_override: dependentRulesSchema.props.event_category_override })
       ),
       t.exact(t.type({ query: dependentRulesSchema.props.query })),
+      t.exact(t.type({ language: dependentRulesSchema.props.language })),
     ];
   } else {
     return [];
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts
@@ -277,8 +277,6 @@ export const signalRulesAlertType = ({
               bulkCreateTimes: bulkCreateDuration ? [bulkCreateDuration] : [],
             }),
           ]);
-        } else if (isEqlRule(type)) {
-          throw new Error('EQL Rules are under development, execution is not yet implemented');
         } else if (isThresholdRule(type) && threshold) {
           const inputIndex = await getInputIndex(services, version, index);
           const esFilter = await getFilter({
