[SIEM] [Detection Engine] Change Status to Last response (#55886) (#5…

…5924) * do not change rule status if rule is enabled/disabled * keep the 'going to run' status when enabling rule
elastic · Jan 25, 2020 · 7a0bc9d · 7a0bc9d
1 parent 313016d
commit 7a0bc9d
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 22 deletions.
diff --git a/...y/plugins/siem/public/pages/detection_engine/rules/components/rule_status/translations.ts b/...y/plugins/siem/public/pages/detection_engine/rules/components/rule_status/translations.ts
@@ -7,7 +7,7 @@
 import { i18n } from '@kbn/i18n';
 
 export const STATUS = i18n.translate('xpack.siem.detectionEngine.ruleStatus.statusDescription', {
-  defaultMessage: 'Status',
+  defaultMessage: 'Last response',
 });
 
 export const STATUS_AT = i18n.translate(

diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/update_rules.ts b/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/update_rules.ts
@@ -170,31 +170,20 @@ export const updateRules = async ({
     }
   );
 
-  const ruleCurrentStatus = savedObjectsClient
-    ? await savedObjectsClient.find<IRuleSavedAttributesSavedObjectAttributes>({
-        type: ruleStatusSavedObjectType,
-        perPage: 1,
-        sortField: 'statusDate',
-        sortOrder: 'desc',
-        search: rule.id,
-        searchFields: ['alertId'],
-      })
-    : null;
-
   if (rule.enabled && enabled === false) {
     await alertsClient.disable({ id: rule.id });
-    // set current status for this rule to null to represent disabled,
-    // but keep last_success_at / last_failure_at properties intact for
-    // use on frontend while rule is disabled.
-    if (ruleCurrentStatus && ruleCurrentStatus.saved_objects.length > 0) {
-      const currentStatusToDisable = ruleCurrentStatus.saved_objects[0];
-      currentStatusToDisable.attributes.status = null;
-      await savedObjectsClient?.update(ruleStatusSavedObjectType, currentStatusToDisable.id, {
-        ...currentStatusToDisable.attributes,
-      });
-    }
   } else if (!rule.enabled && enabled === true) {
     await alertsClient.enable({ id: rule.id });
+    const ruleCurrentStatus = savedObjectsClient
+      ? await savedObjectsClient.find<IRuleSavedAttributesSavedObjectAttributes>({
+          type: ruleStatusSavedObjectType,
+          perPage: 1,
+          sortField: 'statusDate',
+          sortOrder: 'desc',
+          search: rule.id,
+          searchFields: ['alertId'],
+        })
+      : null;
     // set current status for this rule to be 'going to run'
     if (ruleCurrentStatus && ruleCurrentStatus.saved_objects.length > 0) {
       const currentStatusToDisable = ruleCurrentStatus.saved_objects[0];