Fix unit tests

Author: marshallmain

x-pack/plugins/security_solution/common/detection_engine/schemas/response/rules_schema.ts

@@ -96,8 +96,8 @@ export const requiredRulesSchema = t.type({
   immutable,
   interval,
   rule_id,
-  max_signals,
   output_index,
+  max_signals,
   risk_score,
   risk_score_mapping: DefaultRiskScoreMappingArray,
   name,
@@ -161,7 +161,6 @@ export const dependentRulesSchema = t.partial({
  * Instead use dependentRulesSchema and check_type_dependents for how to do those.
  */
 export const partialRulesSchema = t.partial({
-  // output_index,
   actions,
   building_block_type,
   license,

x-pack/plugins/security_solution/server/lib/detection_engine/schemas/rule_schemas.mock.ts

@@ -61,6 +61,12 @@ export const getThresholdRuleParams = (): ThresholdRuleParams => {
     threshold: {
       field: ['host.id'],
       value: 5,
+      cardinality: [
+        {
+          field: 'source.ip',
+          value: 11,
+        },
+      ],
     },
   };
 };

x-pack/plugins/security_solution/server/lib/detection_engine/signals/build_bulk_body.test.ts

@@ -142,6 +142,12 @@ describe('buildBulkBody', () => {
           threshold: {
             field: ['host.id'],
             value: 5,
+            cardinality: [
+              {
+                field: 'source.ip',
+                value: 11,
+              },
+            ],
           },
         },
         threshold_result: {

x-pack/plugins/security_solution/server/lib/detection_engine/signals/threshold/find_threshold_signals.test.ts

@@ -31,108 +31,6 @@ describe('findThresholdSignals', () => {
     mockService = alertsMock.createAlertServices();
   });
 
-  it('should generate a threshold signal for pre-7.12 rules', async () => {
-    await findThresholdSignals({
-      from: 'now-6m',
-      to: 'now',
-      inputIndexPattern: ['*'],
-      services: mockService,
-      logger: mockLogger,
-      filter: queryFilter,
-      threshold: {
-        field: 'host.name',
-        value: 100,
-      },
-      buildRuleMessage,
-      timestampOverride: undefined,
-    });
-    expect(mockSingleSearchAfter).toHaveBeenCalledWith(
-      expect.objectContaining({
-        aggregations: {
-          'threshold_0:host.name': {
-            terms: {
-              field: 'host.name',
-              min_doc_count: 100,
-              size: 10000,
-            },
-            aggs: {
-              top_threshold_hits: {
-                top_hits: {
-                  sort: [
-                    {
-                      '@timestamp': {
-                        order: 'desc',
-                      },
-                    },
-                  ],
-                  fields: [
-                    {
-                      field: '*',
-                      include_unmapped: true,
-                    },
-                  ],
-                  size: 1,
-                },
-              },
-            },
-          },
-        },
-      })
-    );
-  });
-
-  it('should generate a signal for pre-7.12 rules with no threshold field', async () => {
-    await findThresholdSignals({
-      from: 'now-6m',
-      to: 'now',
-      inputIndexPattern: ['*'],
-      services: mockService,
-      logger: mockLogger,
-      filter: queryFilter,
-      threshold: {
-        field: '',
-        value: 100,
-      },
-      buildRuleMessage,
-      timestampOverride: undefined,
-    });
-    expect(mockSingleSearchAfter).toHaveBeenCalledWith(
-      expect.objectContaining({
-        aggregations: {
-          threshold_0: {
-            terms: {
-              script: {
-                source: '""',
-                lang: 'painless',
-              },
-              min_doc_count: 100,
-            },
-            aggs: {
-              top_threshold_hits: {
-                top_hits: {
-                  sort: [
-                    {
-                      '@timestamp': {
-                        order: 'desc',
-                      },
-                    },
-                  ],
-                  fields: [
-                    {
-                      field: '*',
-                      include_unmapped: true,
-                    },
-                  ],
-                  size: 1,
-                },
-              },
-            },
-          },
-        },
-      })
-    );
-  });
-
   it('should generate a threshold signal query when only a value is provided', async () => {
     await findThresholdSignals({
       from: 'now-6m',
@@ -144,6 +42,7 @@ describe('findThresholdSignals', () => {
       threshold: {
         field: [],
         value: 100,
+        cardinality: [],
       },
       buildRuleMessage,
       timestampOverride: undefined,
@@ -196,6 +95,7 @@ describe('findThresholdSignals', () => {
       threshold: {
         field: ['host.name'],
         value: 100,
+        cardinality: [],
       },
       buildRuleMessage,
       timestampOverride: undefined,
@@ -246,6 +146,7 @@ describe('findThresholdSignals', () => {
       threshold: {
         field: ['host.name', 'user.name'],
         value: 100,
+        cardinality: [],
       },
       buildRuleMessage,
       timestampOverride: undefined,