simplify solution and add query

elastic · Mar 1, 2021 · 0cce882 · 0cce882
1 parent 9caf252
commit 0cce882
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 2 deletions.
diff --git a/...k/plugins/security_solution/public/detections/pages/detection_engine/rules/edit/index.tsx b/...k/plugins/security_solution/public/detections/pages/detection_engine/rules/edit/index.tsx
@@ -18,7 +18,6 @@ import { FormattedMessage } from '@kbn/i18n/react';
 import React, { FC, memo, useCallback, useEffect, useMemo, useRef, useState } from 'react';
 import { useParams, useHistory } from 'react-router-dom';
 
-import { DEFAULT_MAX_SIGNALS } from '../../../../../common/constants';
 import { UpdateRulesSchema } from '../../../../../../common/detection_engine/schemas/request';
 import { useRule, useUpdateRule } from '../../../../containers/detection_engine/rules';
 import { useListsConfig } from '../../../../containers/detection_engine/lists/use_lists_config';
@@ -252,7 +251,7 @@ const EditRulePageComponent: FC = () => {
           rule
         ),
         ...(ruleId ? { id: ruleId } : {}),
-        ...(rule != null ? rule.max_signals : DEFAULT_MAX_SIGNALS),
+        ...(rule != null ? { max_signals: rule.max_signals } : {}),
       });
     }
   }, [

diff --git a/...ty_solution/server/lib/detection_engine/scripts/rules/queries/query_with_max_signals.json b/...ty_solution/server/lib/detection_engine/scripts/rules/queries/query_with_max_signals.json
@@ -0,0 +1,9 @@
+{
+  "name": "Query With Max Signals",
+  "description": "Simplest query with max signals set to something other than default",
+  "risk_score": 1,
+  "severity": "high",
+  "type": "query",
+  "query": "user.name: root or user.name: admin",
+  "max_signals": 500
+}