Restore rules and disable prebuiltRulesFromSavedObjects

elastic · Jul 20, 2021 · c0e4e03 · c0e4e03
1 parent 327abcb
commit c0e4e03
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 8 deletions.
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/__mocks__/index.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/__mocks__/index.ts
@@ -27,7 +27,7 @@ export const createMockConfig = (): ConfigType => ({
   packagerTaskInterval: '60s',
   alertMergeStrategy: 'missingFields',
   prebuiltRulesFromFileSystem: true,
-  prebuiltRulesFromSavedObjects: true,
+  prebuiltRulesFromSavedObjects: false,
 });
 
 export const mockGetCurrentUser = {

diff --git a/...ck/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/index.ts b/...ck/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/index.ts
@@ -567,9 +567,9 @@ import rule554 from './privilege_escalation_printspooler_malicious_registry_modi
 import rule555 from './privilege_escalation_printspooler_suspicious_file_deletion.json';
 import rule556 from './privilege_escalation_unusual_printspooler_childprocess.json';
 import rule557 from './defense_evasion_disabling_windows_defender_powershell.json';
-// import rule558 from './defense_evasion_enable_network_discovery_with_netsh.json';
-// import rule559 from './defense_evasion_execution_windefend_unusual_path.json';
-// import rule560 from './persistence_via_bits_job_notify_command.json';
+import rule558 from './defense_evasion_enable_network_discovery_with_netsh.json';
+import rule559 from './defense_evasion_execution_windefend_unusual_path.json';
+import rule560 from './persistence_via_bits_job_notify_command.json';
 
 export const rawRules = [
   rule1,
@@ -1129,7 +1129,7 @@ export const rawRules = [
   rule555,
   rule556,
   rule557,
-  // rule558,
-  // rule559,
-  // rule560,
+  rule558,
+  rule559,
+  rule560,
 ];
diff --git a/x-pack/test/security_solution_cypress/config.ts b/x-pack/test/security_solution_cypress/config.ts
@@ -39,7 +39,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) {
         `--elasticsearch.ssl.certificateAuthorities=${CA_CERT_PATH}`,
         // retrieve rules from the filesystem but not from fleet for Cypress tests
         '--xpack.securitySolution.prebuiltRulesFromFileSystem=true',
-        '--xpack.securitySolution.prebuiltRulesFromSavedObjects=true',
+        '--xpack.securitySolution.prebuiltRulesFromSavedObjects=false',
       ],
     },
   };