diff --git a/x-pack/plugins/security_solution/common/utils/expand_dotted.test.ts b/x-pack/plugins/security_solution/common/utils/expand_dotted.test.ts index 4505e89f101840..95fdb6183b4e14 100644 --- a/x-pack/plugins/security_solution/common/utils/expand_dotted.test.ts +++ b/x-pack/plugins/security_solution/common/utils/expand_dotted.test.ts @@ -134,4 +134,24 @@ describe('Expand Dotted', () => { }, }); }); + it('should merge objects when field represented as an object followed by similar dotted field', () => { + const dottedObj = { + kibana: { test2: 'b', test3: 'c' }, + 'kibana.test1': 'a', + 'kibana.test3': 'd', + }; + expect(expandDottedObject(dottedObj)).toEqual({ + kibana: { test1: 'a', test2: 'b', test3: 'd' }, + }); + }); + it('should merge objects when dotted field followed by similar field represented as an object', () => { + const dottedObj = { + 'kibana.test1': 'a', + 'kibana.test3': 'd', + kibana: { test2: 'b', test3: 'c' }, + }; + expect(expandDottedObject(dottedObj)).toEqual({ + kibana: { test1: 'a', test2: 'b', test3: 'c' }, + }); + }); }); diff --git a/x-pack/plugins/security_solution/common/utils/expand_dotted.ts b/x-pack/plugins/security_solution/common/utils/expand_dotted.ts index 0e6ccf5e52fbc0..e919b71dcdcf46 100644 --- a/x-pack/plugins/security_solution/common/utils/expand_dotted.ts +++ b/x-pack/plugins/security_solution/common/utils/expand_dotted.ts @@ -5,7 +5,7 @@ * 2.0. */ -import { setWith } from 'lodash'; +import { merge, setWith } from 'lodash'; /* * Expands an object with "dotted" fields to a nested object with unflattened fields. @@ -47,7 +47,7 @@ export const expandDottedObject = ( const isOneElementArray = changeArrayOfLengthOneToString && Array.isArray(value) && value.length === 1; - setWith(returnObj, key, isOneElementArray ? value[0] : value, Object); + merge(returnObj, setWith({}, key, isOneElementArray ? value[0] : value, Object)); }); return returnObj; }; diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions_legacy/logic/notifications/schedule_notification_actions.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions_legacy/logic/notifications/schedule_notification_actions.test.ts index 02e162c0d7ff12..18f6bf5f21fc8d 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions_legacy/logic/notifications/schedule_notification_actions.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions_legacy/logic/notifications/schedule_notification_actions.test.ts @@ -149,4 +149,67 @@ describe('schedule_notification_actions', () => { }) ); }); + + describe('formatAlertsForNotificationActions', () => { + it('should properly format alerts with the field represented as an object followed by similar dotted field', () => { + const signals = [ + { + 'kibana.alert.uuid': '1', + user: { + risk: { + calculated_level: 'Unknown', + calculated_score_norm: 5, + }, + }, + 'user.name': 'my-user', + }, + ]; + expect(formatAlertsForNotificationActions(signals)).toEqual([ + { + kibana: { + alert: { + uuid: '1', + }, + }, + user: { + risk: { + calculated_level: 'Unknown', + calculated_score_norm: 5, + }, + name: 'my-user', + }, + }, + ]); + }); + it('should properly format alerts with the dotted field followed by similar field represented as an object', () => { + const signals = [ + { + 'kibana.alert.uuid': '1', + 'user.name': 'my-user', + user: { + risk: { + calculated_level: 'Unknown', + calculated_score_norm: 5, + }, + }, + }, + ]; + expect(formatAlertsForNotificationActions(signals)).toEqual([ + { + kibana: { + alert: { + uuid: '1', + }, + }, + user: { + risk: { + calculated_level: 'Unknown', + calculated_score_norm: 5, + }, + name: 'my-user', + }, + }, + ]); + }); + }); });