Skip to content

Commit

Permalink
[SIEM] Adds example unit test to convert KQL using a nested query
Browse files Browse the repository at this point in the history 
## Summary

Adds example unit test to convert KQL using a nested query

### Checklist

- [x] [Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios
  • Loading branch information
@FrankHassanabad
FrankHassanabad authored Jun 17, 2020
1 parent a34a3a7 commit effd504
Showing 1 changed file with 55 additions and 0 deletions.
55 changes: 55 additions & 0 deletions x-pack/plugins/security_solution/server/lib/detection_engine/signals/get_filter.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -462,6 +462,61 @@ describe('get_filter', () => {
},
});
});

test('it should work with a nested object queries', () => {
const esQuery = getQueryFilter(
'category:{ name:Frank and trusted:true }',
'kuery',
[],
['auditbeat-*'],
[]
);
expect(esQuery).toEqual({
bool: {
must: [],
filter: [
{
nested: {
path: 'category',
query: {
bool: {
filter: [
{
bool: {
should: [
{
match: {
'category.name': 'Frank',
},
},
],
minimum_should_match: 1,
},
},
{
bool: {
should: [
{
match: {
'category.trusted': true,
},
},
],
minimum_should_match: 1,
},
},
],
},
},
score_mode: 'none',
},
},
],
should: [],
must_not: [],
},
});
});
});

describe('getFilter', () => {
Expand Down

0 comments on commit effd504

Please sign in to comment.