[Security Solution][Detections][Threshold Rules] Add `threshold_resul…

…t` to alert notification context (elastic#95354) * Don't remove threshold_result from _source prematurely * Fix type error Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> # Conflicts: # x-pack/plugins/security_solution/server/lib/detection_engine/signals/build_bulk_body.ts
madirey · Apr 6, 2021 · 61d8f62 · 61d8f62
1 parent fde0fe3
commit 61d8f62
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/build_bulk_body.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/build_bulk_body.ts
@@ -73,10 +73,12 @@ export const buildBulkBody = ({
     ...buildSignal([doc], rule),
     ...additionalSignalFields(doc),
   };
-  delete doc._source.threshold_result;
   const event = buildEventTypeSignal(doc);
+  const { threshold_result: thresholdResult, ...filteredSource } = doc._source || {
+    threshold_result: null,
+  };
   const signalHit: SignalHit = {
-    ...doc._source,
+    ...filteredSource,
     '@timestamp': new Date().toISOString(),
     event,
     signal,