diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/eql/create_eql_alert_type.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/eql/create_eql_alert_type.ts index 679e2828ff11a..0db1b348e91b2 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/eql/create_eql_alert_type.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/eql/create_eql_alert_type.ts @@ -20,7 +20,7 @@ import { getIsAlertSuppressionActive } from '../utils/get_is_alert_suppression_a export const createEqlAlertType = ( createOptions: CreateRuleOptions ): SecurityAlertType => { - const { version, licensing } = createOptions; + const { experimentalFeatures, version, licensing } = createOptions; return { id: EQL_RULE_TYPE_ID, name: 'Event Correlation Rule', @@ -78,7 +78,6 @@ export const createEqlAlertType = ( alertTimestampOverride, publicBaseUrl, alertWithSuppression, - experimentalFeatures, }, services, state, @@ -104,7 +103,7 @@ export const createEqlAlertType = ( }); const isNonSeqAlertSuppressionActive = await getIsAlertSuppressionActive({ alertSuppression: completeRule.ruleParams.alertSuppression, - isFeatureDisabled: !experimentalFeatures?.alertSuppressionForNonSequenceEqlRuleEnabled, + isFeatureDisabled: !experimentalFeatures.alertSuppressionForNonSequenceEqlRuleEnabled, licensing, }); const result = await eqlExecutor({ diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/eql/eql.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/eql/eql.test.ts index 15e348c473c8c..6b92a2d7efb1b 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/eql/eql.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/eql/eql.test.ts @@ -10,6 +10,7 @@ import type { RuleExecutorServicesMock } from '@kbn/alerting-plugin/server/mocks import { alertsMock } from '@kbn/alerting-plugin/server/mocks'; import { getExceptionListItemSchemaMock } from '@kbn/lists-plugin/common/schemas/response/exception_list_item_schema.mock'; import { DEFAULT_INDEX_PATTERN } from '../../../../../common/constants'; +import type { ExperimentalFeatures } from '../../../../../common'; import { getIndexVersion } from '../../routes/index/get_index_version'; import { SIGNALS_TEMPLATE_VERSION } from '../../routes/index/get_signals_template'; import type { EqlRuleParams } from '../../rule_schema'; @@ -31,6 +32,7 @@ describe('eql_executor', () => { to: dateMath.parse(params.to)!, maxSignals: params.maxSignals, }; + const mockExperimentalFeatures = {} as ExperimentalFeatures; beforeEach(() => { jest.clearAllMocks(); @@ -64,6 +66,7 @@ describe('eql_executor', () => { alertTimestampOverride: undefined, alertWithSuppression: jest.fn(), isAlertSuppressionActive: false, + experimentalFeatures: mockExperimentalFeatures, }); expect(result.warningMessages).toEqual([ `The following exceptions won't be applied to rule execution: ${ @@ -112,6 +115,7 @@ describe('eql_executor', () => { alertTimestampOverride: undefined, alertWithSuppression: jest.fn(), isAlertSuppressionActive: true, + experimentalFeatures: mockExperimentalFeatures, }); expect(result.warningMessages).toContain( @@ -140,6 +144,11 @@ describe('eql_executor', () => { primaryTimestamp: '@timestamp', exceptionFilter: undefined, unprocessedExceptions: [], + wrapSuppressedHits: jest.fn(), + alertTimestampOverride: undefined, + alertWithSuppression: jest.fn(), + isAlertSuppressionActive: true, + experimentalFeatures: mockExperimentalFeatures, }); expect(result.userError).toEqual(true); });