From 733d9c6915f8234d58caca3742f627dc9b6a673b Mon Sep 17 00:00:00 2001
From: FrankHassanabad <frank.hassanabad@elastic.co>
Date: Wed, 4 Nov 2020 13:50:40 -0700
Subject: [PATCH] Changed more wording for threat vs indicator in the code

---
 .../rules/step_define_rule/translations.tsx    |  2 +-
 .../signals/signal_rule_alert_type.ts          |  2 +-
 .../threat_mapping/create_threat_signals.ts    | 18 +++++++-----------
 3 files changed, 9 insertions(+), 13 deletions(-)

diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/step_define_rule/translations.tsx b/x-pack/plugins/security_solution/public/detections/components/rules/step_define_rule/translations.tsx
index 164b1df8463e6..221963767caad 100644
--- a/x-pack/plugins/security_solution/public/detections/components/rules/step_define_rule/translations.tsx
+++ b/x-pack/plugins/security_solution/public/detections/components/rules/step_define_rule/translations.tsx
@@ -95,7 +95,7 @@ export const THREAT_MATCH_INDEX_HELPER_TEXT = i18n.translate(
 export const THREAT_MATCH_REQUIRED = i18n.translate(
   'xpack.securitySolution.detectionEngine.createRule.stepDefineRule.customThreatQueryFieldRequiredError',
   {
-    defaultMessage: 'At least one threat match is required.',
+    defaultMessage: 'At least one indicator match is required.',
   }
 );
 
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts
index ccb4cff17e348..1d2b1c23f868f 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts
@@ -362,7 +362,7 @@ export const signalRulesAlertType = ({
           ) {
             throw new Error(
               [
-                'Threat Match rule is missing threatQuery and/or threatIndex and/or threatMapping:',
+                'Indicator match is missing threatQuery and/or threatIndex and/or threatMapping:',
                 `threatQuery: "${threatQuery}"`,
                 `threatIndex: "${threatIndex}"`,
                 `threatMapping: "${threatMapping}"`,
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/create_threat_signals.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/create_threat_signals.ts
index 00296630d8ef9..ae43ab4edce29 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/create_threat_signals.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/create_threat_signals.ts
@@ -50,7 +50,7 @@ export const createThreatSignals = async ({
   concurrentSearches,
   itemsPerSearch,
 }: CreateThreatSignalsOptions): Promise<SearchAfterAndBulkCreateReturnType> => {
-  logger.debug(buildRuleMessage('Starting threat matching'));
+  logger.debug(buildRuleMessage('Indicator matching starting'));
   const perPage = concurrentSearches * itemsPerSearch;
 
   let results: SearchAfterAndBulkCreateReturnType = {
@@ -70,7 +70,7 @@ export const createThreatSignals = async ({
     language: threatLanguage,
     index: threatIndex,
   });
-  logger.debug(buildRuleMessage(`Count of total threat list items is ${threatListCount}`));
+  logger.debug(buildRuleMessage(`Total indicator items are ${threatListCount}`));
 
   let threatList = await getThreatList({
     callCluster: services.callCluster,
@@ -91,7 +91,7 @@ export const createThreatSignals = async ({
   const chunks = chunk(itemsPerSearch, threatList.hits.hits);
   logger.debug(
     buildRuleMessage(
-      `${chunks.length} concurrent threat_match searches starting where each search has ${itemsPerSearch} threat items per search`
+      `${chunks.length} concurrent indicator searches are starting. Each search has ${itemsPerSearch} indicator items`
     )
   );
 
@@ -138,7 +138,7 @@ export const createThreatSignals = async ({
     threatListCount -= threatList.hits.hits.length;
     logger.debug(
       buildRuleMessage(
-        `Concurrent threat_match searches completed with total signals of ${results.createdSignalsCount} found`,
+        `Concurrent indicator match searches completed with ${results.createdSignalsCount} signals found`,
         `search times of ${results.searchAfterTimes}ms,`,
         `bulk create times ${results.bulkCreateTimes}ms,`,
         `all successes are ${results.success}`
@@ -147,16 +147,12 @@ export const createThreatSignals = async ({
     if (results.createdSignalsCount >= params.maxSignals) {
       logger.debug(
         buildRuleMessage(
-          `threat_match detected max signals has been reached, terminating early with approximate number of threat list items not checked left at ${threatListCount}`
+          `Indicator match has reached its max signals count ${params.maxSignals}. Additional indicator items not checked are ${threatListCount}`
         )
       );
       break;
     }
-    logger.debug(
-      buildRuleMessage(
-        `Approximate number of threat list items to left to check are ${threatListCount}`
-      )
-    );
+    logger.debug(buildRuleMessage(`Indicator items left to check are ${threatListCount}`));
 
     threatList = await getThreatList({
       callCluster: services.callCluster,
@@ -175,6 +171,6 @@ export const createThreatSignals = async ({
     });
   }
 
-  logger.debug(buildRuleMessage('Done threat matching'));
+  logger.debug(buildRuleMessage('Indicator Matching completed'));
   return results;
 };