From 643f54d3a4480c02de894999056b96e97e3ca792 Mon Sep 17 00:00:00 2001
From: Ryland Herrick <ryalnd@gmail.com>
Date: Fri, 20 Mar 2020 21:32:51 -0500
Subject: [PATCH] [SIEM] Fix patching of ML Rules (#60830)

* Allow ML Rules to be patched

* Test passing of params from our patch routes to our helpers

Since patchRules accepts a partial there's no way to verify this in
typescript, we need regression tests instead.

* Update lists when importing with overwrite

This was simply missed earlier.

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
---
 .../routes/rules/import_rules_route.ts        |  1 +
 .../rules/patch_rules_bulk_route.test.ts      | 26 +++++++++++++++++++
 .../routes/rules/patch_rules_bulk_route.ts    |  4 +++
 .../routes/rules/patch_rules_route.test.ts    | 24 +++++++++++++++++
 .../routes/rules/patch_rules_route.ts         |  4 +++
 5 files changed, 59 insertions(+)

diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/import_rules_route.ts b/x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/import_rules_route.ts
index 72a6e70cbb14a..4a5ea33025d49 100644
--- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/import_rules_route.ts
+++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/import_rules_route.ts
@@ -234,6 +234,7 @@ export const importRulesRoute = (router: IRouter, config: LegacyServices['config
                         references,
                         note,
                         version,
+                        lists,
                         anomalyThreshold,
                         machineLearningJobId,
                       });
diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/patch_rules_bulk_route.test.ts b/x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/patch_rules_bulk_route.test.ts
index 4c980c8cc60d2..4c00cfa51c8ee 100644
--- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/patch_rules_bulk_route.test.ts
+++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/patch_rules_bulk_route.test.ts
@@ -56,6 +56,32 @@ describe('patch_rules_bulk', () => {
       ]);
     });
 
+    test('allows ML Params to be patched', async () => {
+      const request = requestMock.create({
+        method: 'patch',
+        path: `${DETECTION_ENGINE_RULES_URL}/bulk_update`,
+        body: [
+          {
+            rule_id: 'my-rule-id',
+            anomaly_threshold: 4,
+            machine_learning_job_id: 'some_job_id',
+          },
+        ],
+      });
+      await server.inject(request, context);
+
+      expect(clients.alertsClient.update).toHaveBeenCalledWith(
+        expect.objectContaining({
+          data: expect.objectContaining({
+            params: expect.objectContaining({
+              anomalyThreshold: 4,
+              machineLearningJobId: 'some_job_id',
+            }),
+          }),
+        })
+      );
+    });
+
     test('returns 404 if alertClient is not available on the route', async () => {
       context.alerting!.getAlertsClient = jest.fn();
       const response = await server.inject(getPatchBulkRequest(), context);
diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/patch_rules_bulk_route.ts b/x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/patch_rules_bulk_route.ts
index 698f58438a5e6..a80f3fee6b433 100644
--- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/patch_rules_bulk_route.ts
+++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/patch_rules_bulk_route.ts
@@ -75,6 +75,8 @@ export const patchRulesBulkRoute = (router: IRouter) => {
             references,
             note,
             version,
+            anomaly_threshold: anomalyThreshold,
+            machine_learning_job_id: machineLearningJobId,
           } = payloadRule;
           const idOrRuleIdOrUnknown = id ?? ruleId ?? '(unknown id)';
           try {
@@ -111,6 +113,8 @@ export const patchRulesBulkRoute = (router: IRouter) => {
               references,
               note,
               version,
+              anomalyThreshold,
+              machineLearningJobId,
             });
             if (rule != null) {
               const ruleStatuses = await savedObjectsClient.find<
diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/patch_rules_route.test.ts b/x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/patch_rules_route.test.ts
index b92c18827557c..07519733db291 100644
--- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/patch_rules_route.test.ts
+++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/patch_rules_route.test.ts
@@ -85,6 +85,30 @@ describe('patch_rules', () => {
         status_code: 500,
       });
     });
+
+    test('allows ML Params to be patched', async () => {
+      const request = requestMock.create({
+        method: 'patch',
+        path: DETECTION_ENGINE_RULES_URL,
+        body: {
+          rule_id: 'my-rule-id',
+          anomaly_threshold: 4,
+          machine_learning_job_id: 'some_job_id',
+        },
+      });
+      await server.inject(request, context);
+
+      expect(clients.alertsClient.update).toHaveBeenCalledWith(
+        expect.objectContaining({
+          data: expect.objectContaining({
+            params: expect.objectContaining({
+              anomalyThreshold: 4,
+              machineLearningJobId: 'some_job_id',
+            }),
+          }),
+        })
+      );
+    });
   });
 
   describe('request validation', () => {
diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/patch_rules_route.ts b/x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/patch_rules_route.ts
index 4493bb380d03d..c5ecb109f4595 100644
--- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/patch_rules_route.ts
+++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/patch_rules_route.ts
@@ -59,6 +59,8 @@ export const patchRulesRoute = (router: IRouter) => {
         references,
         note,
         version,
+        anomaly_threshold: anomalyThreshold,
+        machine_learning_job_id: machineLearningJobId,
       } = request.body;
       const siemResponse = buildSiemResponse(response);
 
@@ -108,6 +110,8 @@ export const patchRulesRoute = (router: IRouter) => {
           references,
           note,
           version,
+          anomalyThreshold,
+          machineLearningJobId,
         });
         if (rule != null) {
           const ruleStatuses = await savedObjectsClient.find<