remove sort and add comment explaining why

x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/painless/index.test.ts

@@ -17,7 +17,7 @@ describe('getPainlessScripts', () => {
         "combine": "return state;",
         "init": "state.inputs = []",
         "map": "Map fields = new HashMap();fields.put('id', doc['kibana.alert.uuid'].value);fields.put('index', doc['_index'].value);fields.put('time', doc['@timestamp'].value);fields.put('rule_name', doc['kibana.alert.rule.name'].value);fields.put('category', doc['event.kind'].value);fields.put('score', doc['kibana.alert.risk_score'].value);state.inputs.add(fields); ",
-        "reduce": "Map results = new HashMap();results['notes'] = [];results['category_1_score'] = 0.0;results['category_1_count'] = 0;results['risk_inputs'] = [];results['score'] = 0.0;List inputs = [];for (state in states) { inputs.addAll(state.inputs)}Collections.sort(inputs, (a, b) -> b.get('score').compareTo(a.get('score')));for (int i = 0; i < inputs.length; i++) { double current_score = inputs[i].score / Math.pow(i + 1, params.p); if (i < 10) { inputs[i][\\"contribution\\"] = 100 * current_score / params.risk_cap; results['risk_inputs'].add(inputs[i]); } if (inputs[i].category == 'signal') { results['category_1_score'] += current_score; results['category_1_count'] += 1; } results['score'] += current_score;}results['score'] *= params.global_identifier_type_weight;results['normalized_score'] = 100 * results['score'] / params.risk_cap;return results;",
+        "reduce": "Map results = new HashMap();results['notes'] = [];results['category_1_score'] = 0.0;results['category_1_count'] = 0;results['risk_inputs'] = [];results['score'] = 0.0;List inputs = [];for (state in states) { inputs.addAll(state.inputs)}for (int i = 0; i < inputs.length; i++) { double current_score = inputs[i].score / Math.pow(i + 1, params.p); if (i < 10) { inputs[i][\\"contribution\\"] = 100 * current_score / params.risk_cap; results['risk_inputs'].add(inputs[i]); } if (inputs[i].category == 'signal') { results['category_1_score'] += current_score; results['category_1_count'] += 1; } results['score'] += current_score;}results['score'] *= params.global_identifier_type_weight;results['normalized_score'] = 100 * results['score'] / params.risk_cap;return results;",
       }
     `);
   });

x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/painless/index.ts

@@ -6,6 +6,7 @@
  */
 
 import fs from 'fs';
+import { flow } from 'lodash';
 
 const PHASES = ['init', 'map', 'combine', 'reduce'] as const;
 
@@ -14,7 +15,9 @@ export type PainlessScripts = Record<Phase, string>;
 
 const removeNewlines = (content: string) => content.replace(/\n/g, '');
 const condenseMultipleSpaces = (content: string) => content.replace(/\s+/g, ' ');
-const minifyContent = (content: string) => condenseMultipleSpaces(removeNewlines(content));
+const removeComments = (content: string) => content.replace(/\/\/.*/g, '');
+const minifyContent = flow(removeComments, removeNewlines, condenseMultipleSpaces);
+
 const readScript = async (phase: Phase) => {
   const content = await fs.promises.readFile(`${__dirname}/risk_scoring_${phase}.painless`, 'utf8');
   return minifyContent(content);

x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/painless/risk_scoring_reduce.painless

@@ -9,7 +9,9 @@ List inputs = [];
 for (state in states) {
   inputs.addAll(state.inputs)
 }
-Collections.sort(inputs, (a, b) -> b.get('score').compareTo(a.get('score')));
+// Currently the alerts index only has one shard so there will only be one state and we do not need to sort them
+// If there are multiple shards we will need this line
+// Collections.sort(inputs, (a, b) -> b.get('score').compareTo(a.get('score')));
 
 for (int i = 0; i < inputs.length; i++) {
   double current_score = inputs[i].score / Math.pow(i + 1, params.p);