[Security Solution][Detections] Await promises to ensure promise reje…

…ction does not crash kibana (#88564) (#88761)

* Await promises to ensure promise rejection does not crash kibana

* Fix test

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>

x-pack/plugins/security_solution/server/lib/detection_engine/signals/search_after_bulk_create.test.ts

@@ -225,7 +225,7 @@ describe('searchAfterAndBulkCreate', () => {
       buildRuleMessage,
     });
     expect(success).toEqual(true);
-    expect(mockService.callCluster).toHaveBeenCalledTimes(8);
+    expect(mockService.callCluster).toHaveBeenCalledTimes(7);
     expect(createdSignalsCount).toEqual(3);
     expect(lastLookBackDate).toEqual(new Date('2020-04-20T21:27:45+0000'));
   });

x-pack/plugins/security_solution/server/lib/detection_engine/signals/search_after_bulk_create.ts

@@ -87,25 +87,14 @@ export const searchAfterAndBulkCreate = async ({
         let mergedSearchResults = createSearchResultReturnType();
         logger.debug(buildRuleMessage(`sortIds: ${sortId}`));
 
-        // perform search_after with optionally undefined sortId
-        const singleSearchAfterPromise = singleSearchAfter({
-          buildRuleMessage,
-          searchAfterSortId: sortId,
-          index: inputIndexPattern,
-          from: tuple.from.toISOString(),
-          to: tuple.to.toISOString(),
-          services,
-          logger,
-          filter,
-          pageSize: tuple.maxSignals < pageSize ? Math.ceil(tuple.maxSignals) : pageSize, // maximum number of docs to receive per search result.
-          timestampOverride: ruleParams.timestampOverride,
-          excludeDocsWithTimestampOverride: false,
-        });
-
         // if there is a timestampOverride param we always want to do a secondary search against @timestamp
         if (ruleParams.timestampOverride != null && hasBackupSortId) {
           // only execute search if we have something to sort on or if it is the first search
-          const singleSearchAfterDefaultTimestamp = singleSearchAfter({
+          const {
+            searchResult: searchResultB,
+            searchDuration: searchDurationB,
+            searchErrors: searchErrorsB,
+          } = await singleSearchAfter({
             buildRuleMessage,
             searchAfterSortId: backupSortId,
             index: inputIndexPattern,
@@ -118,11 +107,6 @@ export const searchAfterAndBulkCreate = async ({
             timestampOverride: ruleParams.timestampOverride,
             excludeDocsWithTimestampOverride: true,
           });
-          const {
-            searchResult: searchResultB,
-            searchDuration: searchDurationB,
-            searchErrors: searchErrorsB,
-          } = await singleSearchAfterDefaultTimestamp;
 
           // call this function setSortIdOrExit()
           const lastSortId = searchResultB?.hits?.hits[searchResultB.hits.hits.length - 1]?.sort;
@@ -153,7 +137,19 @@ export const searchAfterAndBulkCreate = async ({
 
         if (hasSortId) {
           // only execute search if we have something to sort on or if it is the first search
-          const { searchResult, searchDuration, searchErrors } = await singleSearchAfterPromise;
+          const { searchResult, searchDuration, searchErrors } = await singleSearchAfter({
+            buildRuleMessage,
+            searchAfterSortId: sortId,
+            index: inputIndexPattern,
+            from: tuple.from.toISOString(),
+            to: tuple.to.toISOString(),
+            services,
+            logger,
+            filter,
+            pageSize: tuple.maxSignals < pageSize ? Math.ceil(tuple.maxSignals) : pageSize, // maximum number of docs to receive per search result.
+            timestampOverride: ruleParams.timestampOverride,
+            excludeDocsWithTimestampOverride: false,
+          });
           mergedSearchResults = mergeSearchResults([mergedSearchResults, searchResult]);
           toReturn = mergeReturns([
             toReturn,