[7.x] [Security Solution][Detection Engine] Test cases for alias failure test cases where we don't copy aliases correctly (#101437) #101490
Commits on Jun 7, 2021
-
[Security Solution][Detection Engine] Test cases for alias failure te…
…st cases where we don't copy aliases correctly (elastic#101437) ## Summary Test cases for signals and aliases, including a failure of where we do not copy alias data at the moment even if the target is an ECS compatible field. For example with this mapping: ```json { "dynamic": "strict", "properties": { "@timestamp": { "type": "date" }, "host": { "properties": { "name": { "type": "alias", "path": "host_alias.name" } } }, "host_alias": { "properties": { "name": { "type": "keyword" } } } } } ``` If we detect this as a signal hit we should be copying over both: * `host_alias.name` -> `host.name` * `host_alias.name` -> `host_alias.name` to the target signal index, but we only copy: * `host_alias.name` -> `host_alias.name` ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.