From 45bfabcb38262e5407c00c36a2247c61379e4761 Mon Sep 17 00:00:00 2001 From: Maxim Palenov Date: Thu, 21 Nov 2024 17:57:05 +0100 Subject: [PATCH] display EQL options diff --- .../get_subfield_changes/eql_query.ts | 35 +++++++++---------- 1 file changed, 17 insertions(+), 18 deletions(-) diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/comparison_side/get_subfield_changes/eql_query.ts b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/comparison_side/get_subfield_changes/eql_query.ts index 25a4dff97dd21..b68eb44f7f86f 100644 --- a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/comparison_side/get_subfield_changes/eql_query.ts +++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/comparison_side/get_subfield_changes/eql_query.ts @@ -15,26 +15,25 @@ export const getSubfieldChangesForEqlQuery = ( ): SubfieldChange[] => { const changes: SubfieldChange[] = []; - const oldQuery = stringifyToSortedJson(oldFieldValue?.query); - const newQuery = stringifyToSortedJson(newFieldValue?.query); + const subFieldNames: Array = [ + 'query', + 'filters', + 'event_category_override', + 'tiebreaker_field', + 'timestamp_field', + ]; - if (oldQuery !== newQuery) { - changes.push({ - subfieldName: 'query', - oldSubfieldValue: oldQuery, - newSubfieldValue: newQuery, - }); - } - - const oldFilters = stringifyToSortedJson(oldFieldValue?.filters); - const newFilters = stringifyToSortedJson(newFieldValue?.filters); + for (const subFieldName of subFieldNames) { + const oldValue = stringifyToSortedJson(oldFieldValue?.[subFieldName]); + const newValue = stringifyToSortedJson(newFieldValue?.[subFieldName]); - if (oldFilters !== newFilters) { - changes.push({ - subfieldName: 'filters', - oldSubfieldValue: oldFilters, - newSubfieldValue: newFilters, - }); + if (newValue !== oldValue) { + changes.push({ + subfieldName: subFieldName, + oldSubfieldValue: oldValue, + newSubfieldValue: newValue, + }); + } } return changes;