From ba79465ee094f560c01fe537f8c3f48b8481ce0c Mon Sep 17 00:00:00 2001 From: Ece Ozalp Date: Thu, 15 Apr 2021 15:01:29 -0400 Subject: [PATCH] [CTI] Adds indicator match rule improvements --- .../signals/threat_mapping/get_threat_list.test.ts | 10 +++++----- .../signals/threat_mapping/get_threat_list.ts | 5 +++-- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/get_threat_list.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/get_threat_list.test.ts index 8d301f221b3472..65dc3794123c70 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/get_threat_list.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/get_threat_list.test.ts @@ -16,7 +16,7 @@ describe('get_threat_signals', () => { index: ['index-123'], listItemIndex: 'list-index-123', }); - expect(sortOrder).toEqual([{ '@timestamp': 'asc' }]); + expect(sortOrder).toEqual([{ '@timestamp': 'desc' }]); }); test('it should return sort field of just tie_breaker_id if given no sort order for a list item index', () => { @@ -29,14 +29,14 @@ describe('get_threat_signals', () => { expect(sortOrder).toEqual([{ tie_breaker_id: 'asc' }]); }); - test('it should return sort field of timestamp with asc even if sortOrder is changed as it is hard wired in', () => { + test('it should return sort field of timestamp with desc even if sortOrder is changed as it is hard wired in', () => { const sortOrder = getSortWithTieBreaker({ sortField: undefined, sortOrder: 'desc', index: ['index-123'], listItemIndex: 'list-index-123', }); - expect(sortOrder).toEqual([{ '@timestamp': 'asc' }]); + expect(sortOrder).toEqual([{ '@timestamp': 'desc' }]); }); test('it should return sort field of tie_breaker_id with asc even if sortOrder is changed as it is hard wired in for a list item index', () => { @@ -56,7 +56,7 @@ describe('get_threat_signals', () => { index: ['index-123'], listItemIndex: 'list-index-123', }); - expect(sortOrder).toEqual([{ 'some-field': 'asc', '@timestamp': 'asc' }]); + expect(sortOrder).toEqual([{ 'some-field': 'asc', '@timestamp': 'desc' }]); }); test('it should return sort field of an extra field if given one for a list item index', () => { @@ -76,7 +76,7 @@ describe('get_threat_signals', () => { index: ['index-123'], listItemIndex: 'list-index-123', }); - expect(sortOrder).toEqual([{ 'some-field': 'desc', '@timestamp': 'asc' }]); + expect(sortOrder).toEqual([{ 'some-field': 'desc', '@timestamp': 'desc' }]); }); test('it should return sort field of desc if given one for a list item index', () => { diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/get_threat_list.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/get_threat_list.ts index c3d3d6c6a99e13..23664afd5a1033 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/get_threat_list.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/get_threat_list.ts @@ -70,6 +70,7 @@ export const getThreatList = async ({ listItemIndex: listClient.getListItemIndex(), }), }, + track_total_hits: false, ignore_unavailable: true, index, size: calculatedPerPage, @@ -101,9 +102,9 @@ export const getSortWithTieBreaker = ({ } } else { if (sortField != null) { - return [{ [sortField]: ascOrDesc, '@timestamp': 'asc' }]; + return [{ [sortField]: ascOrDesc, '@timestamp': 'desc' }]; } else { - return [{ '@timestamp': 'asc' }]; + return [{ '@timestamp': 'desc' }]; } } };