diff --git a/x-pack/plugins/security_solution/server/assistant/tools/alert_counts/alert_counts_tool.test.ts b/x-pack/plugins/security_solution/server/assistant/tools/alert_counts/alert_counts_tool.test.ts index b128189f3c4f3f..715d656944c86a 100644 --- a/x-pack/plugins/security_solution/server/assistant/tools/alert_counts/alert_counts_tool.test.ts +++ b/x-pack/plugins/security_solution/server/assistant/tools/alert_counts/alert_counts_tool.test.ts @@ -103,31 +103,11 @@ describe('AlertCountsTool', () => { filter: [ { bool: { - must: [], - filter: [ - { - bool: { - should: [ - { match_phrase: { 'kibana.alert.workflow_status': 'open' } }, - { match_phrase: { 'kibana.alert.workflow_status': 'acknowledged' } }, - ], - minimum_should_match: 1, - }, - }, - { - range: { - '@timestamp': { - gte: 'now-1d/d', - lte: 'now/d', - format: 'strict_date_optional_time', - }, - }, - }, - ], - should: [], + filter: [{ match_phrase: { 'kibana.alert.workflow_status': 'open' } }], must_not: [{ exists: { field: 'kibana.alert.building_block_type' } }], }, }, + { range: { '@timestamp': { gte: 'now/d', lte: 'now/d' } } }, ], }, }, diff --git a/x-pack/plugins/security_solution/server/assistant/tools/alert_counts/alert_counts_tool.ts b/x-pack/plugins/security_solution/server/assistant/tools/alert_counts/alert_counts_tool.ts index 837ceb3e753417..e1c265c3dc239b 100644 --- a/x-pack/plugins/security_solution/server/assistant/tools/alert_counts/alert_counts_tool.ts +++ b/x-pack/plugins/security_solution/server/assistant/tools/alert_counts/alert_counts_tool.ts @@ -17,7 +17,7 @@ export interface AlertCountsToolParams extends AssistantToolParams { alertsIndexPattern: string; } export const ALERT_COUNTS_TOOL_DESCRIPTION = - 'Call this for the counts of last 24 hours of open and acknowledged alerts in the environment, grouped by their severity'; + 'Call this for the counts of last 24 hours of open alerts in the environment, grouped by their severity'; export const ALERT_COUNTS_TOOL: AssistantTool = { id: 'alert-counts-tool', diff --git a/x-pack/plugins/security_solution/server/assistant/tools/alert_counts/get_alert_counts_query.test.ts b/x-pack/plugins/security_solution/server/assistant/tools/alert_counts/get_alert_counts_query.test.ts index 46aa6c75e30e1e..27e210d53d51d6 100644 --- a/x-pack/plugins/security_solution/server/assistant/tools/alert_counts/get_alert_counts_query.test.ts +++ b/x-pack/plugins/security_solution/server/assistant/tools/alert_counts/get_alert_counts_query.test.ts @@ -26,36 +26,13 @@ describe('getAlertsCountQuery', () => { filter: [ { bool: { - must: [], filter: [ { - bool: { - should: [ - { - match_phrase: { - 'kibana.alert.workflow_status': 'open', - }, - }, - { - match_phrase: { - 'kibana.alert.workflow_status': 'acknowledged', - }, - }, - ], - minimum_should_match: 1, - }, - }, - { - range: { - '@timestamp': { - gte: 'now-1d/d', - lte: 'now/d', - format: 'strict_date_optional_time', - }, + match_phrase: { + 'kibana.alert.workflow_status': 'open', }, }, ], - should: [], must_not: [ { exists: { @@ -65,6 +42,14 @@ describe('getAlertsCountQuery', () => { ], }, }, + { + range: { + '@timestamp': { + gte: 'now/d', + lte: 'now/d', + }, + }, + }, ], }, }, diff --git a/x-pack/plugins/security_solution/server/assistant/tools/alert_counts/get_alert_counts_query.ts b/x-pack/plugins/security_solution/server/assistant/tools/alert_counts/get_alert_counts_query.ts index 89d613bb0d5542..10ca556ad59e11 100644 --- a/x-pack/plugins/security_solution/server/assistant/tools/alert_counts/get_alert_counts_query.ts +++ b/x-pack/plugins/security_solution/server/assistant/tools/alert_counts/get_alert_counts_query.ts @@ -19,36 +19,13 @@ export const getAlertsCountQuery = (alertsIndexPattern: string) => ({ filter: [ { bool: { - must: [], filter: [ { - bool: { - should: [ - { - match_phrase: { - 'kibana.alert.workflow_status': 'open', - }, - }, - { - match_phrase: { - 'kibana.alert.workflow_status': 'acknowledged', - }, - }, - ], - minimum_should_match: 1, - }, - }, - { - range: { - '@timestamp': { - gte: 'now-1d/d', - lte: 'now/d', - format: 'strict_date_optional_time', - }, + match_phrase: { + 'kibana.alert.workflow_status': 'open', }, }, ], - should: [], must_not: [ { exists: { @@ -58,6 +35,14 @@ export const getAlertsCountQuery = (alertsIndexPattern: string) => ({ ], }, }, + { + range: { + '@timestamp': { + gte: 'now/d', + lte: 'now/d', + }, + }, + }, ], }, },