Skip to content

Commit

Permalink
Reverts alert counts query updates for acknowledged rules
Browse files Browse the repository at this point in the history
  • Loading branch information
@spong
spong committed Dec 14, 2023
1 parent 70186ab commit 91d868b
Show file tree
Hide file tree
Showing 4 changed files with 23 additions and 73 deletions.
24 changes: 2 additions & 22 deletions ...k/plugins/security_solution/server/assistant/tools/alert_counts/alert_counts_tool.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,31 +103,11 @@ describe('AlertCountsTool', () => {
filter: [
{
bool: {
must: [],
filter: [
{
bool: {
should: [
{ match_phrase: { 'kibana.alert.workflow_status': 'open' } },
{ match_phrase: { 'kibana.alert.workflow_status': 'acknowledged' } },
],
minimum_should_match: 1,
},
},
{
range: {
'@timestamp': {
gte: 'now-1d/d',
lte: 'now/d',
format: 'strict_date_optional_time',
},
},
},
],
should: [],
filter: [{ match_phrase: { 'kibana.alert.workflow_status': 'open' } }],
must_not: [{ exists: { field: 'kibana.alert.building_block_type' } }],
},
},
{ range: { '@timestamp': { gte: 'now/d', lte: 'now/d' } } },
],
},
},
Expand Down
2 changes: 1 addition & 1 deletion x-pack/plugins/security_solution/server/assistant/tools/alert_counts/alert_counts_tool.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ export interface AlertCountsToolParams extends AssistantToolParams {
alertsIndexPattern: string;
}
export const ALERT_COUNTS_TOOL_DESCRIPTION =
'Call this for the counts of last 24 hours of open and acknowledged alerts in the environment, grouped by their severity';
'Call this for the counts of last 24 hours of open alerts in the environment, grouped by their severity';

export const ALERT_COUNTS_TOOL: AssistantTool = {
id: 'alert-counts-tool',
Expand Down
35 changes: 10 additions & 25 deletions ...gins/security_solution/server/assistant/tools/alert_counts/get_alert_counts_query.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,36 +26,13 @@ describe('getAlertsCountQuery', () => {
filter: [
{
bool: {
must: [],
filter: [
{
bool: {
should: [
{
match_phrase: {
'kibana.alert.workflow_status': 'open',
},
},
{
match_phrase: {
'kibana.alert.workflow_status': 'acknowledged',
},
},
],
minimum_should_match: 1,
},
},
{
range: {
'@timestamp': {
gte: 'now-1d/d',
lte: 'now/d',
format: 'strict_date_optional_time',
},
match_phrase: {
'kibana.alert.workflow_status': 'open',
},
},
],
should: [],
must_not: [
{
exists: {
Expand All @@ -65,6 +42,14 @@ describe('getAlertsCountQuery', () => {
],
},
},
{
range: {
'@timestamp': {
gte: 'now/d',
lte: 'now/d',
},
},
},
],
},
},
Expand Down
35 changes: 10 additions & 25 deletions ...k/plugins/security_solution/server/assistant/tools/alert_counts/get_alert_counts_query.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,36 +19,13 @@ export const getAlertsCountQuery = (alertsIndexPattern: string) => ({
filter: [
{
bool: {
must: [],
filter: [
{
bool: {
should: [
{
match_phrase: {
'kibana.alert.workflow_status': 'open',
},
},
{
match_phrase: {
'kibana.alert.workflow_status': 'acknowledged',
},
},
],
minimum_should_match: 1,
},
},
{
range: {
'@timestamp': {
gte: 'now-1d/d',
lte: 'now/d',
format: 'strict_date_optional_time',
},
match_phrase: {
'kibana.alert.workflow_status': 'open',
},
},
],
should: [],
must_not: [
{
exists: {
Expand All @@ -58,6 +35,14 @@ export const getAlertsCountQuery = (alertsIndexPattern: string) => ({
],
},
},
{
range: {
'@timestamp': {
gte: 'now/d',
lte: 'now/d',
},
},
},
],
},
},
Expand Down

0 comments on commit 91d868b

Please sign in to comment.