From e6afd8b02ee534cac6db86934fe9ec88846dcc3b Mon Sep 17 00:00:00 2001 From: Joanne Wang Date: Wed, 11 Sep 2024 15:01:37 -0700 Subject: [PATCH] fix correlation finding severity Signed-off-by: Joanne Wang --- public/store/CorrelationsStore.ts | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/public/store/CorrelationsStore.ts b/public/store/CorrelationsStore.ts index b117d97b..229fbc91 100644 --- a/public/store/CorrelationsStore.ts +++ b/public/store/CorrelationsStore.ts @@ -19,6 +19,8 @@ import { NotificationsStart } from 'opensearch-dashboards/public'; import { errorNotificationToast } from '../utils/helpers'; import { DEFAULT_EMPTY_DATA } from '../utils/constants'; import { DataStore } from './DataStore'; +import { RuleSource } from '../../server/models/interfaces'; +import { RuleSeverityPriority, RuleSeverityValue } from '../pages/Rules/utils/constants'; export interface ICorrelationsCache { [key: string]: CorrelationRule[]; @@ -275,7 +277,17 @@ export class CorrelationsStore implements ICorrelationsStore { const findings = await DataStore.findings.getFindingsByIds(findingIds); findings.forEach((f) => { const detector = detectorsMap[f.detectorId]; - const rule = allRules.find((rule) => rule._id === f.queries[0].id); + const queryIds = f.queries.map((query) => query.id); + const matchedRules = allRules.filter((rule) => queryIds.includes(rule._id)); + matchedRules.sort((a, b) => { + return RuleSeverityPriority[a._source.level as RuleSeverityValue] < + RuleSeverityPriority[b._source.level as RuleSeverityValue] + ? -1 + : 1; + }); + + const rule = allRules.find((rule) => rule._id === matchedRules[0]?._id); + findingsMap[f.id] = { ...f, id: f.id,