From 2c61c2623ecfcae11eb359ef65983891218e874f Mon Sep 17 00:00:00 2001 From: Madison Caldwell Date: Wed, 25 Nov 2020 20:16:44 +0000 Subject: [PATCH] Timestamp fixes --- .../server/lib/detection_engine/signals/build_signal.ts | 2 +- .../lib/detection_engine/signals/signal_rule_alert_type.ts | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/build_signal.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/build_signal.ts index 381984f6b0ec7..9cf2462526cfc 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/build_signal.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/build_signal.ts @@ -96,7 +96,7 @@ export const buildSignal = (docs: BaseSignalHit[], rule: RulesSchema): Signal => export const additionalSignalFields = (doc: BaseSignalHit) => { return { parent: buildParent(removeClashes(doc)), - original_time: doc._source['@timestamp'], + original_time: doc._source['@timestamp'], // This field has already been replaced with timestampOverride, if provided. original_event: doc._source.event ?? undefined, threshold_result: doc._source.threshold_result, original_signal: diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts index 201ef0542ee15..f0b1825c7cc99 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts @@ -331,7 +331,7 @@ export const signalRulesAlertType = ({ }, { range: { - '@timestamp': { + [timestampOverride ?? '@timestamp']: { lte: bucket.lastSignalTimestamp.value_as_string, }, },