From ab31bc4b967bd8aaddb1f308ea77c2836796474f Mon Sep 17 00:00:00 2001 From: Ece Ozalp Date: Fri, 14 May 2021 14:41:37 -0400 Subject: [PATCH] renames wrapHits --- .../signals/bulk_create_ml_signals.ts | 22 ++---- .../detection_engine/signals/executors/ml.ts | 6 +- .../signals/executors/query.ts | 6 +- .../signals/executors/threat_match.ts | 6 +- .../signals/executors/threshold.ts | 8 +- .../signals/search_after_bulk_create.ts | 75 +------------------ .../signals/signal_rule_alert_type.ts | 47 ++++++++++-- .../threat_mapping/create_threat_signal.ts | 4 +- .../threat_mapping/create_threat_signals.ts | 4 +- .../signals/threat_mapping/types.ts | 4 +- .../bulk_create_threshold_signals.ts | 22 ++---- .../lib/detection_engine/signals/types.ts | 6 +- 12 files changed, 80 insertions(+), 130 deletions(-) diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/bulk_create_ml_signals.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/bulk_create_ml_signals.ts index a99b94ffb401ff..4b4521c1b501dd 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/bulk_create_ml_signals.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/bulk_create_ml_signals.ts @@ -14,12 +14,11 @@ import { AlertInstanceState, AlertServices, } from '../../../../../alerting/server'; -import { SingleBulkCreateResponse } from './single_bulk_create'; +import { GenericBulkCreateResponse } from './single_bulk_create'; import { AnomalyResults, Anomaly } from '../../machine_learning'; import { BuildRuleMessage } from './rule_messages'; -import { AlertAttributes, BulkCreate } from './types'; +import { AlertAttributes, BulkCreate, WrapHits } from './types'; import { MachineLearningRuleParams } from '../schemas/rule_schemas'; -import { filterAndWrapDocuments } from './search_after_bulk_create'; interface BulkCreateMlSignalsParams { someResult: AnomalyResults; @@ -30,6 +29,7 @@ interface BulkCreateMlSignalsParams { signalsIndex: string; buildRuleMessage: BuildRuleMessage; bulkCreate: BulkCreate; + wrapHits: WrapHits; } interface EcsAnomaly extends Anomaly { @@ -85,20 +85,10 @@ const transformAnomalyResultsToEcs = ( export const bulkCreateMlSignals = async ( params: BulkCreateMlSignalsParams -): Promise => { +): Promise> => { const anomalyResults = params.someResult; const ecsResults = transformAnomalyResultsToEcs(anomalyResults); - const buildRuleMessage = params.buildRuleMessage; - console.log('wrapping documents'); - const wrappedDocs = filterAndWrapDocuments({ - enrichedEvents: ecsResults, - buildRuleMessage, - id: params.id, - logger: params.logger, - signalsIndex: params.signalsIndex, - ruleSO: params.ruleSO, - }); - console.log(JSON.stringify(wrappedDocs)); - console.log('bulk creating ml signals'); + + const wrappedDocs = params.wrapHits(ecsResults.hits.hits); return params.bulkCreate(wrappedDocs); }; diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/ml.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/ml.ts index 228164cd75ef87..3a4bbb4b56b30e 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/ml.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/ml.ts @@ -22,7 +22,7 @@ import { filterEventsAgainstList } from '../filters/filter_events_against_list'; import { findMlSignals } from '../find_ml_signals'; import { BuildRuleMessage } from '../rule_messages'; import { RuleStatusService } from '../rule_status_service'; -import { AlertAttributes, BulkCreate } from '../types'; +import { AlertAttributes, BulkCreate, WrapHits } from '../types'; import { createErrorsFromShard, createSearchAfterReturnType, mergeReturns } from '../utils'; export const mlExecutor = async ({ @@ -35,6 +35,7 @@ export const mlExecutor = async ({ logger, buildRuleMessage, bulkCreate, + wrapHits, }: { rule: SavedObject>; ml: SetupPlugins['ml']; @@ -45,6 +46,7 @@ export const mlExecutor = async ({ logger: Logger; buildRuleMessage: BuildRuleMessage; bulkCreate: BulkCreate; + wrapHits: WrapHits; }) => { const result = createSearchAfterReturnType(); const ruleParams = rule.attributes.params; @@ -121,8 +123,8 @@ export const mlExecutor = async ({ signalsIndex: ruleParams.outputIndex, buildRuleMessage, bulkCreate, + wrapHits, }); - console.log('finished bulk create ml signals'); // The legacy ES client does not define failures when it can be present on the structure, hence why I have the & { failures: [] } const shardFailures = (filteredAnomalyResults._shards as typeof filteredAnomalyResults._shards & { diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/query.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/query.ts index 4738422b342d50..e2021e9dfbb9db 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/query.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/query.ts @@ -34,7 +34,7 @@ export const queryExecutor = async ({ eventsTelemetry, buildRuleMessage, bulkCreate, - wrapSignals, + wrapHits, }: { rule: SavedObject>; tuples: RuleRangeTuple[]; @@ -47,7 +47,7 @@ export const queryExecutor = async ({ eventsTelemetry: TelemetryEventsSender | undefined; buildRuleMessage: BuildRuleMessage; bulkCreate: BulkCreate; - wrapSignals: WrapHits; + wrapHits: WrapHits; }) => { const ruleParams = rule.attributes.params; const inputIndex = await getInputIndex(services, version, ruleParams.index); @@ -77,6 +77,6 @@ export const queryExecutor = async ({ pageSize: searchAfterSize, buildRuleMessage, bulkCreate, - wrapSignals, + wrapHits, }); }; diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/threat_match.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/threat_match.ts index 1baa0e2daafab7..0d8913e11724aa 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/threat_match.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/threat_match.ts @@ -33,7 +33,7 @@ export const threatMatchExecutor = async ({ eventsTelemetry, buildRuleMessage, bulkCreate, - wrapSignals, + wrapHits, }: { rule: SavedObject>; tuples: RuleRangeTuple[]; @@ -46,7 +46,7 @@ export const threatMatchExecutor = async ({ eventsTelemetry: TelemetryEventsSender | undefined; buildRuleMessage: BuildRuleMessage; bulkCreate: BulkCreate; - wrapSignals: WrapHits; + wrapHits: WrapHits; }) => { const ruleParams = rule.attributes.params; const inputIndex = await getInputIndex(services, version, ruleParams.index); @@ -77,6 +77,6 @@ export const threatMatchExecutor = async ({ concurrentSearches: ruleParams.concurrentSearches ?? 1, itemsPerSearch: ruleParams.itemsPerSearch ?? 9000, bulkCreate, - wrapSignals, + wrapHits, }); }; diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/threshold.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/threshold.ts index 257b4e2dc14c73..9e1717f3a687d3 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/threshold.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/threshold.ts @@ -17,7 +17,6 @@ import { ExceptionListItemSchema } from '../../../../../common/shared_imports'; import { ThresholdRuleParams } from '../../schemas/rule_schemas'; import { getFilter } from '../get_filter'; import { getInputIndex } from '../get_input_output_index'; -import { BuildRuleMessage } from '../rule_messages'; import { RuleStatusService } from '../rule_status_service'; import { bulkCreateThresholdSignals, @@ -30,12 +29,14 @@ import { BulkCreate, RuleRangeTuple, SearchAfterAndBulkCreateReturnType, + WrapHits, } from '../types'; import { createSearchAfterReturnType, createSearchAfterReturnTypeFromResponse, mergeReturns, } from '../utils'; +import { BuildRuleMessage } from '../rule_messages'; export const thresholdExecutor = async ({ rule, @@ -48,6 +49,7 @@ export const thresholdExecutor = async ({ buildRuleMessage, startedAt, bulkCreate, + wrapHits, }: { rule: SavedObject>; tuples: RuleRangeTuple[]; @@ -59,6 +61,7 @@ export const thresholdExecutor = async ({ buildRuleMessage: BuildRuleMessage; startedAt: Date; bulkCreate: BulkCreate; + wrapHits: WrapHits; }): Promise => { let result = createSearchAfterReturnType(); const ruleParams = rule.attributes.params; @@ -130,14 +133,13 @@ export const thresholdExecutor = async ({ filter: esFilter, services, logger, - id: rule.id, inputIndexPattern: inputIndex, signalsIndex: ruleParams.outputIndex, startedAt, from: tuple.from.toDate(), thresholdSignalHistory, - buildRuleMessage, bulkCreate, + wrapHits, }); result = mergeReturns([ diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/search_after_bulk_create.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/search_after_bulk_create.ts index c24b462b1fe283..0875556aafbe38 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/search_after_bulk_create.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/search_after_bulk_create.ts @@ -7,9 +7,7 @@ import { identity } from 'lodash'; import { SortResults } from '@elastic/elasticsearch/api/types'; -import { Logger } from '@kbn/logging'; import { singleSearchAfter } from './single_search_after'; -import { filterDuplicateRules, filterDuplicateSignals } from './single_bulk_create'; import { filterEventsAgainstList } from './filters/filter_events_against_list'; import { sendAlertTelemetryEvents } from './send_telemetry_events'; import { @@ -20,17 +18,8 @@ import { mergeReturns, mergeSearchResults, getSafeSortIds, - generateId, } from './utils'; -import { - SearchAfterAndBulkCreateParams, - SearchAfterAndBulkCreateReturnType, - SignalSearchResponse, - WrapHits, - WrappedSignalHit, -} from './types'; -import { buildBulkBody } from './build_bulk_body'; -import { BuildRuleMessage } from './rule_messages'; +import { SearchAfterAndBulkCreateParams, SearchAfterAndBulkCreateReturnType } from './types'; // search_after through documents and re-index using bulk endpoint. export const searchAfterAndBulkCreate = async ({ @@ -41,15 +30,13 @@ export const searchAfterAndBulkCreate = async ({ listClient, logger, eventsTelemetry, - id, inputIndexPattern, - signalsIndex, filter, pageSize, buildRuleMessage, enrichment = identity, bulkCreate, - wrapSignals, + wrapHits, }: SearchAfterAndBulkCreateParams): Promise => { const ruleParams = ruleSO.attributes.params; let toReturn = createSearchAfterReturnType(); @@ -160,7 +147,7 @@ export const searchAfterAndBulkCreate = async ({ ); } const enrichedEvents = await enrichment(filteredEvents); - const wrappedDocs = wrapSignals(enrichedEvents.hits.hits); + const wrappedDocs = wrapHits(enrichedEvents.hits.hits); const { bulkCreateDuration: bulkDuration, @@ -209,59 +196,3 @@ export const searchAfterAndBulkCreate = async ({ toReturn.totalToFromTuples = tuplesToBeLogged; return toReturn; }; - -export const buildWrappedSignalsFactory = ({ - ruleSO, - signalsIndex, -}: { - ruleSO: SearchAfterAndBulkCreateParams['ruleSO']; - signalsIndex: string; -}): WrapHits => (events) => { - const wrappedDocs: WrappedSignalHit[] = events.flatMap((doc) => [ - { - _index: signalsIndex, - _id: generateId( - doc._index, - doc._id, - doc._version ? doc._version.toString() : '', - ruleSO.attributes.params.ruleId ?? '' - ), - _source: buildBulkBody(ruleSO, doc), - }, - ]); - - return filterDuplicateSignals(ruleSO.id, wrappedDocs); -}; - -export const filterAndWrapDocuments = ({ - buildRuleMessage, - enrichedEvents, - id, - logger, - ruleSO, - signalsIndex, -}: { - buildRuleMessage: BuildRuleMessage; - enrichedEvents: SignalSearchResponse; - id: string; - logger: Logger; - ruleSO: SearchAfterAndBulkCreateParams['ruleSO']; - signalsIndex: string; -}) => { - enrichedEvents.hits.hits = filterDuplicateRules(id, enrichedEvents); - logger.debug(buildRuleMessage(`about to bulk create ${enrichedEvents.hits.hits.length} events`)); - - const wrappedDocs: WrappedSignalHit[] = enrichedEvents.hits.hits.flatMap((doc) => [ - { - _index: signalsIndex, - _id: generateId( - doc._index, - doc._id, - doc._version ? doc._version.toString() : '', - ruleSO.attributes.params.ruleId ?? '' - ), - _source: buildBulkBody(ruleSO, doc), - }, - ]); - return wrappedDocs; -}; diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts index 16a8ac099f6c5d..d5efcf8a27a7ec 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts @@ -32,7 +32,13 @@ import { import { parseScheduleDates } from '../../../../common/detection_engine/parse_schedule_dates'; import { SetupPlugins } from '../../../plugin'; import { getInputIndex } from './get_input_output_index'; -import { AlertAttributes, SignalRuleAlertTypeDefinition } from './types'; +import { + AlertAttributes, + SearchAfterAndBulkCreateParams, + SignalRuleAlertTypeDefinition, + WrapHits, + WrappedSignalHit, +} from './types'; import { getListsClient, getExceptions, @@ -44,6 +50,7 @@ import { isMachineLearningParams, makeFloatString, errorAggregator, + generateId, } from './utils'; import { siemRuleActionGroups } from './siem_rule_action_groups'; import { @@ -72,8 +79,8 @@ import { } from '../schemas/rule_schemas'; import { RefreshTypes } from '../types'; import { BaseHit } from '../../../../common/detection_engine/types'; -import { GenericBulkCreateResponse } from './single_bulk_create'; -import { buildWrappedSignalsFactory } from './search_after_bulk_create'; +import { filterDuplicateSignals, GenericBulkCreateResponse } from './single_bulk_create'; +import { buildBulkBody } from './build_bulk_body'; export const signalRulesAlertType = ({ logger, @@ -235,7 +242,10 @@ export const signalRulesAlertType = ({ refresh ); - const wrapSignals = buildWrappedSignalsFactory({ ruleSO: savedObject, signalsIndex: params.outputIndex }); + const wrapHits = buildWrappedSignalsFactory({ + ruleSO: savedObject, + signalsIndex: params.outputIndex, + }); if (isMlRule(type)) { const mlRuleSO = asTypeSpecificSO(savedObject, machineLearningRuleParams); @@ -249,6 +259,7 @@ export const signalRulesAlertType = ({ logger, buildRuleMessage, bulkCreate, + wrapHits, }); } else if (isThresholdRule(type)) { const thresholdRuleSO = asTypeSpecificSO(savedObject, thresholdRuleParams); @@ -263,6 +274,7 @@ export const signalRulesAlertType = ({ buildRuleMessage, startedAt, bulkCreate, + wrapHits, }); } else if (isThreatMatchRule(type)) { const threatRuleSO = asTypeSpecificSO(savedObject, threatRuleParams); @@ -278,7 +290,7 @@ export const signalRulesAlertType = ({ eventsTelemetry, buildRuleMessage, bulkCreate, - wrapSignals, + wrapHits, }); } else if (isQueryRule(type)) { const queryRuleSO = validateQueryRuleTypes(savedObject); @@ -294,7 +306,7 @@ export const signalRulesAlertType = ({ eventsTelemetry, buildRuleMessage, bulkCreate, - wrapSignals, + wrapHits, }); } else if (isEqlRule(type)) { const eqlRuleSO = asTypeSpecificSO(savedObject, eqlRuleParams); @@ -514,3 +526,26 @@ const bulkCreateFactory = ( }; } }; + +const buildWrappedSignalsFactory = ({ + ruleSO, + signalsIndex, +}: { + ruleSO: SearchAfterAndBulkCreateParams['ruleSO']; + signalsIndex: string; +}): WrapHits => (events) => { + const wrappedDocs: WrappedSignalHit[] = events.flatMap((doc) => [ + { + _index: signalsIndex, + _id: generateId( + doc._index, + doc._id, + doc._version ? doc._version.toString() : '', + ruleSO.attributes.params.ruleId ?? '' + ), + _source: buildBulkBody(ruleSO, doc), + }, + ]); + + return filterDuplicateSignals(ruleSO.id, wrappedDocs); +}; diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/create_threat_signal.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/create_threat_signal.ts index cf3f28fbb7fe20..3e30a08f1ae69c 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/create_threat_signal.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/create_threat_signal.ts @@ -35,7 +35,7 @@ export const createThreatSignal = async ({ currentThreatList, currentResult, bulkCreate, - wrapSignals, + wrapHits, }: CreateThreatSignalOptions): Promise => { const threatFilter = buildThreatMappingFilter({ threatMapping, @@ -85,7 +85,7 @@ export const createThreatSignal = async ({ buildRuleMessage, enrichment: threatEnrichment, bulkCreate, - wrapSignals, + wrapHits, }); logger.debug( buildRuleMessage( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/create_threat_signals.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/create_threat_signals.ts index a74a346f9293a1..646d5d09b20cb4 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/create_threat_signals.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/create_threat_signals.ts @@ -41,7 +41,7 @@ export const createThreatSignals = async ({ concurrentSearches, itemsPerSearch, bulkCreate, - wrapSignals, + wrapHits, }: CreateThreatSignalsOptions): Promise => { const params = ruleSO.attributes.params; logger.debug(buildRuleMessage('Indicator matching rule starting')); @@ -125,7 +125,7 @@ export const createThreatSignals = async ({ currentThreatList: slicedChunk, currentResult: results, bulkCreate, - wrapSignals, + wrapHits, }) ); const searchesPerformed = await Promise.all(concurrentSearchesPerformed); diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/types.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/types.ts index 4bc6e97cead313..6f7b0c66a48935 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/types.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/types.ts @@ -68,7 +68,7 @@ export interface CreateThreatSignalsOptions { concurrentSearches: ConcurrentSearches; itemsPerSearch: ItemsPerSearch; bulkCreate: BulkCreate; - wrapSignals: WrapHits; + wrapHits: WrapHits; } export interface CreateThreatSignalOptions { @@ -94,7 +94,7 @@ export interface CreateThreatSignalOptions { currentThreatList: ThreatListItem[]; currentResult: SearchAfterAndBulkCreateReturnType; bulkCreate: BulkCreate; - wrapSignals: WrapHits; + wrapHits: WrapHits; } export interface BuildThreatMappingFilterOptions { diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threshold/bulk_create_threshold_signals.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threshold/bulk_create_threshold_signals.ts index 8a78c3f12be179..89a7701ec8c7ff 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threshold/bulk_create_threshold_signals.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threshold/bulk_create_threshold_signals.ts @@ -19,13 +19,12 @@ import { } from '../../../../../../alerting/server'; import { BaseHit } from '../../../../../common/detection_engine/types'; import { TermAggregationBucket } from '../../../types'; -import { SingleBulkCreateResponse } from '../single_bulk_create'; +import { GenericBulkCreateResponse } from '../single_bulk_create'; import { calculateThresholdSignalUuid, getThresholdAggregationParts, getThresholdTermsHash, } from '../utils'; -import { BuildRuleMessage } from '../rule_messages'; import type { MultiAggBucket, SignalSource, @@ -33,9 +32,9 @@ import type { ThresholdSignalHistory, AlertAttributes, BulkCreate, + WrapHits, } from '../types'; import { ThresholdRuleParams } from '../../schemas/rule_schemas'; -import { filterAndWrapDocuments } from '../search_after_bulk_create'; interface BulkCreateThresholdSignalsParams { someResult: SignalSearchResponse; @@ -43,14 +42,13 @@ interface BulkCreateThresholdSignalsParams { services: AlertServices; inputIndexPattern: string[]; logger: Logger; - id: string; filter: unknown; signalsIndex: string; startedAt: Date; from: Date; thresholdSignalHistory: ThresholdSignalHistory; - buildRuleMessage: BuildRuleMessage; bulkCreate: BulkCreate; + wrapHits: WrapHits; } const getTransformedHits = ( @@ -239,7 +237,7 @@ export const transformThresholdResultsToEcs = ( export const bulkCreateThresholdSignals = async ( params: BulkCreateThresholdSignalsParams -): Promise => { +): Promise> => { const ruleParams = params.ruleSO.attributes.params; const thresholdResults = params.someResult; const ecsResults = transformThresholdResultsToEcs( @@ -254,16 +252,6 @@ export const bulkCreateThresholdSignals = async ( ruleParams.timestampOverride, params.thresholdSignalHistory ); - const buildRuleMessage = params.buildRuleMessage; - return params.bulkCreate( - filterAndWrapDocuments({ - buildRuleMessage, - enrichedEvents: ecsResults, - id: params.id, - logger: params.logger, - ruleSO: params.ruleSO, - signalsIndex: params.signalsIndex, - }) - ); + return params.bulkCreate(params.wrapHits(ecsResults.hits.hits)); }; diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/types.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/types.ts index bd7f46d85d446a..7177eec29db079 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/types.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/types.ts @@ -257,7 +257,9 @@ export type SignalsEnrichment = (signals: SignalSearchResponse) => Promise(docs: Array>) => Promise>; -export type WrapHits = (hits: Array>) => Array>; +export type WrapHits = ( + hits: Array> +) => Array>; export interface SearchAfterAndBulkCreateParams { tuples: Array<{ @@ -279,7 +281,7 @@ export interface SearchAfterAndBulkCreateParams { buildRuleMessage: BuildRuleMessage; enrichment?: SignalsEnrichment; bulkCreate: BulkCreate; - wrapSignals: WrapHits; + wrapHits: WrapHits; } export interface SearchAfterAndBulkCreateReturnType {