diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/watchlists/entities/service.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/watchlists/entities/service.ts index 34c46df8ed4ff..3fc76e878d9bb 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/watchlists/entities/service.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/watchlists/entities/service.ts @@ -101,9 +101,15 @@ export const createWatchlistEntitiesService = ({ acc.entityIdsByType[entityType].push(euid); - const watchlists = get(record, 'entity.attributes.watchlists') as string[] | undefined; + const rawWatchlists = get(record, 'entity.attributes.watchlists'); + const watchlists = Array.isArray(rawWatchlists) + ? rawWatchlists + : typeof rawWatchlists === 'string' + ? [rawWatchlists] + : undefined; + if (watchlists) { - acc.watchlistsByEuid.set(euid, watchlists); + acc.watchlistsByEuid.set(euid, watchlists as string[]); } if (!isIndexSync) { diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/watchlists/entity_sources/sync/entity_store_sync.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/watchlists/entity_sources/sync/entity_store_sync.ts index 39ff9cc9e4c21..3b1efa9063e22 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/watchlists/entity_sources/sync/entity_store_sync.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/watchlists/entity_sources/sync/entity_store_sync.ts @@ -34,7 +34,11 @@ export const addWatchlistAttributeToStore = async ({ if (entityRefs.length === 0) return; const objects = entityRefs.map(({ euid, type, currentWatchlists }) => { - const watchlists = currentWatchlists ?? []; + const watchlists = Array.isArray(currentWatchlists) + ? currentWatchlists + : typeof currentWatchlists === 'string' + ? [currentWatchlists] + : []; const updated = watchlists.includes(watchlistId) ? watchlists : [...watchlists, watchlistId]; return { @@ -72,8 +76,9 @@ export const removeWatchlistAttributeFromStore = async ({ watchlistId: string; }): Promise => { // Only update entities whose current watchlists are known — if we don't have the current value we'd blindly write an empty array to the store. - const knownRefs = entityRefs.filter((ref): ref is EntityRef & { currentWatchlists: string[] } => - Boolean(ref.currentWatchlists) + const knownRefs = entityRefs.filter( + (ref): ref is EntityRef & { currentWatchlists: string[] } => + Boolean(ref.currentWatchlists) && Array.isArray(ref.currentWatchlists) ); if (knownRefs.length === 0) return;