Changed wording, fixed types, and add rest of the plumbing for the ex…

…tra switches to work

x-pack/plugins/security_solution/common/detection_engine/schemas/request/add_prepackaged_rules_schema.ts

@@ -49,7 +49,7 @@ import {
 import {
   threat_index,
   concurrent_searches,
-  number_of_items_per_search,
+  items_per_search,
   threat_query,
   threat_filters,
   threat_mapping,
@@ -133,7 +133,7 @@ export const addPrepackagedRulesSchema = t.intersection([
       threat_index, // defaults to "undefined" if not set during decode
       threat_language, // defaults "undefined" if not set during decode
       concurrent_searches, // defaults to "undefined" if not set during decode
-      number_of_items_per_search, // defaults to "undefined" if not set during decode
+      items_per_search, // defaults to "undefined" if not set during decode
     })
   ),
 ]);

x-pack/plugins/security_solution/common/detection_engine/schemas/request/create_rules_schema.ts

@@ -49,6 +49,8 @@ import {
 } from '../common/schemas';
 import {
   threat_index,
+  concurrent_searches,
+  items_per_search,
   threat_query,
   threat_filters,
   threat_mapping,
@@ -126,6 +128,8 @@ export const createRulesSchema = t.intersection([
       threat_filters, // defaults to "undefined" if not set during decode
       threat_index, // defaults to "undefined" if not set during decode
       threat_language, // defaults "undefined" if not set during decode
+      concurrent_searches, // defaults "undefined" if not set during decode
+      items_per_search, // defaults "undefined" if not set during decode
     })
   ),
 ]);

x-pack/plugins/security_solution/common/detection_engine/schemas/request/import_rules_schema.ts

@@ -55,7 +55,7 @@ import {
 } from '../common/schemas';
 import {
   threat_index,
-  number_of_items_per_search,
+  items_per_search,
   concurrent_searches,
   threat_query,
   threat_filters,
@@ -152,7 +152,7 @@ export const importRulesSchema = t.intersection([
       threat_index, // defaults to "undefined" if not set during decode
       threat_language, // defaults "undefined" if not set during decode
       concurrent_searches, // defaults to "undefined" if not set during decode
-      number_of_items_per_search, // defaults to "undefined" if not set during decode
+      items_per_search, // defaults to "undefined" if not set during decode
     })
   ),
 ]);

x-pack/plugins/security_solution/common/detection_engine/schemas/request/patch_rules_schema.ts

@@ -51,7 +51,7 @@ import {
 import {
   threat_index,
   concurrent_searches,
-  number_of_items_per_search,
+  items_per_search,
   threat_query,
   threat_filters,
   threat_mapping,
@@ -112,7 +112,7 @@ export const patchRulesSchema = t.exact(
     threat_mapping,
     threat_language,
     concurrent_searches,
-    number_of_items_per_search,
+    items_per_search,
   })
 );
 

x-pack/plugins/security_solution/common/detection_engine/schemas/request/update_rules_schema.ts

@@ -52,7 +52,7 @@ import {
 import {
   threat_index,
   concurrent_searches,
-  number_of_items_per_search,
+  items_per_search,
   threat_query,
   threat_filters,
   threat_mapping,
@@ -137,7 +137,7 @@ export const updateRulesSchema = t.intersection([
       threat_index, // defaults to "undefined" if not set during decode
       threat_language, // defaults "undefined" if not set during decode
       concurrent_searches, // defaults to "undefined" if not set during decode
-      number_of_items_per_search, // defaults to "undefined" if not set during decode
+      items_per_search, // defaults to "undefined" if not set during decode
     })
   ),
 ]);

x-pack/plugins/security_solution/common/detection_engine/schemas/response/rules_schema.ts

@@ -64,7 +64,7 @@ import {
 import {
   threat_index,
   concurrent_searches,
-  number_of_items_per_search,
+  items_per_search,
   threat_query,
   threat_filters,
   threat_mapping,
@@ -147,7 +147,7 @@ export const dependentRulesSchema = t.partial({
   threat_index,
   threat_query,
   concurrent_searches,
-  number_of_items_per_search,
+  items_per_search,
   threat_mapping,
   threat_language,
 });
@@ -289,7 +289,7 @@ export const addThreatMatchFields = (typeAndTimelineOnly: TypeAndTimelineOnly):
       t.exact(t.partial({ concurrent_searches: dependentRulesSchema.props.concurrent_searches })),
       t.exact(
         t.partial({
-          number_of_items_per_search: dependentRulesSchema.props.number_of_items_per_search,
+          items_per_search: dependentRulesSchema.props.items_per_search,
         })
       ),
     ];

x-pack/plugins/security_solution/common/detection_engine/schemas/types/threat_mapping.ts

@@ -61,7 +61,7 @@ export type ConcurrentSearches = t.TypeOf<typeof concurrent_searches>;
 export const concurrentSearchesOrUndefined = t.union([concurrent_searches, t.undefined]);
 export type ConcurrentSearchesOrUndefined = t.TypeOf<typeof concurrentSearchesOrUndefined>;
 
-export const number_of_items_per_search = t.number;
-export type NumberOfItemsPerSearch = t.TypeOf<typeof concurrent_searches>;
-export const numberOfItemsPerSearchOrUndefined = t.union([number_of_items_per_search, t.undefined]);
-export type NumberOfItemsPerSearchOrUndefined = t.TypeOf<typeof numberOfItemsPerSearchOrUndefined>;
+export const items_per_search = t.number;
+export type ItemsPerSearch = t.TypeOf<typeof concurrent_searches>;
+export const itemsPerSearchOrUndefined = t.union([items_per_search, t.undefined]);
+export type ItemsPerSearchOrUndefined = t.TypeOf<typeof itemsPerSearchOrUndefined>;

x-pack/plugins/security_solution/server/lib/detection_engine/routes/__mocks__/request_responses.ts

@@ -408,7 +408,7 @@ export const getResult = (): RuleAlertType => ({
     version: 1,
     exceptionsList: getListArrayMock(),
     concurrentSearches: undefined,
-    numberOfItemsPerSearch: undefined,
+    itemsPerSearch: undefined,
   },
   createdAt: new Date('2019-12-13T16:40:33.400Z'),
   updatedAt: new Date('2019-12-13T16:40:33.400Z'),

x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/create_rules_bulk_route.ts

@@ -102,6 +102,8 @@ export const createRulesBulkRoute = (router: IRouter, ml: SetupPlugins['ml']) =>
               threat_mapping: threatMapping,
               threat_query: threatQuery,
               threat_language: threatLanguage,
+              concurrent_searches: concurrentSearches,
+              items_per_search: itemsPerSearch,
               threshold,
               throttle,
               timestamp_override: timestampOverride,
@@ -193,6 +195,8 @@ export const createRulesBulkRoute = (router: IRouter, ml: SetupPlugins['ml']) =>
                 threatQuery,
                 threatIndex,
                 threatLanguage,
+                concurrentSearches,
+                itemsPerSearch,
                 threshold,
                 timestampOverride,
                 references,

x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/create_rules_route.ts

@@ -85,6 +85,8 @@ export const createRulesRoute = (router: IRouter, ml: SetupPlugins['ml']): void
         threat_query: threatQuery,
         threat_mapping: threatMapping,
         threat_language: threatLanguage,
+        concurrent_searches: concurrentSearches,
+        items_per_search: itemsPerSearch,
         throttle,
         timestamp_override: timestampOverride,
         to,
@@ -182,6 +184,8 @@ export const createRulesRoute = (router: IRouter, ml: SetupPlugins['ml']): void
           threatQuery,
           threatMapping,
           threatLanguage,
+          concurrentSearches,
+          itemsPerSearch,
           timestampOverride,
           references,
           note,

x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/import_rules_route.ts

@@ -169,6 +169,8 @@ export const importRulesRoute = (router: IRouter, config: ConfigType, ml: SetupP
                   threat_query: threatQuery,
                   threat_mapping: threatMapping,
                   threat_language: threatLanguage,
+                  concurrent_searches: concurrentSearches,
+                  items_per_search: itemsPerSearch,
                   threshold,
                   timestamp_override: timestampOverride,
                   to,
@@ -235,6 +237,8 @@ export const importRulesRoute = (router: IRouter, config: ConfigType, ml: SetupP
                       threatQuery,
                       threatMapping,
                       threatLanguage,
+                      concurrentSearches,
+                      itemsPerSearch,
                       timestampOverride,
                       references,
                       note,
@@ -284,6 +288,8 @@ export const importRulesRoute = (router: IRouter, config: ConfigType, ml: SetupP
                       threatQuery,
                       threatMapping,
                       threatLanguage,
+                      concurrentSearches,
+                      itemsPerSearch,
                       references,
                       note,
                       version,

x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/patch_rules_bulk_route.ts

@@ -97,6 +97,8 @@ export const patchRulesBulkRoute = (router: IRouter, ml: SetupPlugins['ml']) =>
             threat_query: threatQuery,
             threat_mapping: threatMapping,
             threat_language: threatLanguage,
+            concurrent_searches: concurrentSearches,
+            items_per_search: itemsPerSearch,
             timestamp_override: timestampOverride,
             throttle,
             references,
@@ -162,6 +164,8 @@ export const patchRulesBulkRoute = (router: IRouter, ml: SetupPlugins['ml']) =>
               threatQuery,
               threatMapping,
               threatLanguage,
+              concurrentSearches,
+              itemsPerSearch,
               timestampOverride,
               references,
               note,

x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/patch_rules_route.ts

@@ -83,6 +83,8 @@ export const patchRulesRoute = (router: IRouter, ml: SetupPlugins['ml']) => {
         threat_query: threatQuery,
         threat_mapping: threatMapping,
         threat_language: threatLanguage,
+        concurrent_searches: concurrentSearches,
+        items_per_search: itemsPerSearch,
         timestamp_override: timestampOverride,
         throttle,
         references,
@@ -161,6 +163,8 @@ export const patchRulesRoute = (router: IRouter, ml: SetupPlugins['ml']) => {
           threatQuery,
           threatMapping,
           threatLanguage,
+          concurrentSearches,
+          itemsPerSearch,
           timestampOverride,
           references,
           note,

x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/update_rules_bulk_route.ts

@@ -102,6 +102,8 @@ export const updateRulesBulkRoute = (router: IRouter, ml: SetupPlugins['ml']) =>
             threat_query: threatQuery,
             threat_mapping: threatMapping,
             threat_language: threatLanguage,
+            concurrent_searches: concurrentSearches,
+            items_per_search: itemsPerSearch,
             throttle,
             timestamp_override: timestampOverride,
             references,
@@ -174,6 +176,8 @@ export const updateRulesBulkRoute = (router: IRouter, ml: SetupPlugins['ml']) =>
               threatQuery,
               threatMapping,
               threatLanguage,
+              concurrentSearches,
+              itemsPerSearch,
               timestampOverride,
               references,
               note,

x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/update_rules_route.ts

@@ -86,6 +86,8 @@ export const updateRulesRoute = (router: IRouter, ml: SetupPlugins['ml']) => {
         threat_query: threatQuery,
         threat_mapping: threatMapping,
         threat_language: threatLanguage,
+        concurrent_searches: concurrentSearches,
+        items_per_search: itemsPerSearch,
         throttle,
         timestamp_override: timestampOverride,
         references,
@@ -163,6 +165,8 @@ export const updateRulesRoute = (router: IRouter, ml: SetupPlugins['ml']) => {
           threatQuery,
           threatMapping,
           threatLanguage,
+          concurrentSearches,
+          itemsPerSearch,
           timestampOverride,
           references,
           note,

x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/utils.ts

@@ -151,6 +151,8 @@ export const transformAlertToRule = (
     threat_query: alert.params.threatQuery,
     threat_mapping: alert.params.threatMapping,
     threat_language: alert.params.threatLanguage,
+    concurrent_searches: alert.params.concurrentSearches,
+    items_per_search: alert.params.itemsPerSearch,
     throttle: ruleActions?.ruleThrottle || 'no_actions',
     timestamp_override: alert.params.timestampOverride,
     note: alert.params.note,

x-pack/plugins/security_solution/server/lib/detection_engine/rules/create_rules.mock.ts

@@ -43,6 +43,8 @@ export const getCreateRulesOptionsMock = (): CreateRulesOptions => ({
   threatFilters: undefined,
   threatMapping: undefined,
   threatLanguage: undefined,
+  concurrentSearches: undefined,
+  itemsPerSearch: undefined,
   threatQuery: undefined,
   threatIndex: undefined,
   threshold: undefined,
@@ -94,6 +96,8 @@ export const getCreateMlRulesOptionsMock = (): CreateRulesOptions => ({
   threatMapping: undefined,
   threatQuery: undefined,
   threatLanguage: undefined,
+  concurrentSearches: undefined,
+  itemsPerSearch: undefined,
   threshold: undefined,
   timestampOverride: undefined,
   to: 'now',

x-pack/plugins/security_solution/server/lib/detection_engine/rules/create_rules.ts

@@ -46,6 +46,8 @@ export const createRules = async ({
   threatFilters,
   threatIndex,
   threatLanguage,
+  concurrentSearches,
+  itemsPerSearch,
   threatQuery,
   threatMapping,
   threshold,
@@ -96,6 +98,8 @@ export const createRules = async ({
         threatFilters,
         threatIndex,
         threatQuery,
+        concurrentSearches,
+        itemsPerSearch,
         threatMapping,
         threatLanguage,
         timestampOverride,

x-pack/plugins/security_solution/server/lib/detection_engine/rules/install_prepacked_rules.ts

@@ -51,6 +51,8 @@ export const installPrepackagedRules = (
       threat_filters: threatFilters,
       threat_mapping: threatMapping,
       threat_language: threatLanguage,
+      concurrent_searches: concurrentSearches,
+      items_per_search: itemsPerSearch,
       threat_query: threatQuery,
       threat_index: threatIndex,
       threshold,
@@ -103,6 +105,8 @@ export const installPrepackagedRules = (
         threatFilters,
         threatMapping,
         threatLanguage,
+        concurrentSearches,
+        itemsPerSearch,
         threatQuery,
         threatIndex,
         threshold,

x-pack/plugins/security_solution/server/lib/detection_engine/rules/patch_rules.mock.ts

@@ -154,6 +154,8 @@ export const getPatchRulesOptionsMock = (): PatchRulesOptions => ({
   threatQuery: undefined,
   threatMapping: undefined,
   threatLanguage: undefined,
+  concurrentSearches: undefined,
+  itemsPerSearch: undefined,
   timestampOverride: undefined,
   to: 'now',
   type: 'query',
@@ -203,6 +205,8 @@ export const getPatchMlRulesOptionsMock = (): PatchRulesOptions => ({
   threatQuery: undefined,
   threatMapping: undefined,
   threatLanguage: undefined,
+  concurrentSearches: undefined,
+  itemsPerSearch: undefined,
   timestampOverride: undefined,
   to: 'now',
   type: 'machine_learning',

x-pack/plugins/security_solution/server/lib/detection_engine/rules/patch_rules.ts

@@ -49,6 +49,8 @@ export const patchRules = async ({
   threatQuery,
   threatMapping,
   threatLanguage,
+  concurrentSearches,
+  itemsPerSearch,
   timestampOverride,
   to,
   type,
@@ -97,6 +99,8 @@ export const patchRules = async ({
     threatQuery,
     threatMapping,
     threatLanguage,
+    concurrentSearches,
+    itemsPerSearch,
     timestampOverride,
     to,
     type,
@@ -141,6 +145,8 @@ export const patchRules = async ({
       threatQuery,
       threatMapping,
       threatLanguage,
+      concurrentSearches,
+      itemsPerSearch,
       timestampOverride,
       to,
       type,