prevent unnecessary field diff detections

x-pack/solutions/security/packages/kbn-securitysolution-utils/src/date_math/index.ts

@@ -6,3 +6,4 @@
  */
 
 export * from './calc_date_math_diff';
+export * from './normalize_date_math';

x-pack/solutions/security/packages/kbn-securitysolution-utils/src/date_math/normalize_date_math.test.ts

@@ -0,0 +1,29 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { normalizeDateMath } from './normalize_date_math';
+
+describe('normalizeDateMath', () => {
+  it.each([
+    ['now-60s', 'now-1m'],
+    ['now-60m', 'now-1h'],
+    ['now-24h', 'now-1d'],
+    ['now+60s', 'now+1m'],
+    ['now+60m', 'now+1h'],
+    ['now+24h', 'now+1d'],
+  ])('normalizes %s', (sourceDateMath, normalizedDateMath) => {
+    const result = normalizeDateMath(sourceDateMath);
+
+    expect(result).toBe(normalizedDateMath);
+  });
+
+  it.each([['now'], ['now-invalid'], ['invalid']])('returns %s non-normalized', (dateMath) => {
+    const result = normalizeDateMath(dateMath);
+
+    expect(result).toBe(dateMath);
+  });
+});

x-pack/solutions/security/packages/kbn-securitysolution-utils/src/date_math/normalize_date_math.ts

@@ -0,0 +1,32 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { TimeDuration } from '../time_duration/time_duration';
+import { calcDateMathDiff } from './calc_date_math_diff';
+
+/**
+ * Normalizes date math
+ */
+export function normalizeDateMath(input: string): string {
+  try {
+    const ms = calcDateMathDiff('now', input);
+
+    if (ms === undefined || (ms > -1000 && ms < 1000)) {
+      return input;
+    }
+
+    if (ms === 0) {
+      return 'now';
+    }
+
+    const offset = TimeDuration.fromMilliseconds(ms);
+
+    return offset.value < 0 ? `now${offset}` : `now+${offset}`;
+  } catch {
+    return input;
+  }
+}

x-pack/solutions/security/packages/kbn-securitysolution-utils/src/time_duration/time_duration.ts

@@ -32,6 +32,10 @@ export class TimeDuration {
    *  - days (e.g. 9d)
    */
   static parse(input: string): TimeDuration | undefined {
+    if (typeof input !== 'string') {
+      return undefined;
+    }
+
     const matchArray = input.match(TIME_DURATION_REGEX);
 
     if (!matchArray) {

x-pack/solutions/security/plugins/security_solution/common/detection_engine/prebuilt_rules/diff/extract_rule_schedule.ts

@@ -5,17 +5,19 @@
  * 2.0.
  */
 
+import { TimeDuration } from '@kbn/securitysolution-utils/time_duration';
+import { normalizeDateMath } from '@kbn/securitysolution-utils/date_math';
 import type { RuleSchedule } from '../../../api/detection_engine/model/rule_schema/rule_schedule';
 import type { RuleResponse } from '../../../api/detection_engine/model/rule_schema';
 
 export const extractRuleSchedule = (rule: RuleResponse): RuleSchedule => {
-  const interval = rule.interval ?? '5m';
+  const interval = TimeDuration.parse(rule.interval) ?? new TimeDuration(5, 'm');
   const from = rule.from ?? 'now-6m';
   const to = rule.to ?? 'now';
 
   return {
-    interval,
-    from,
-    to,
+    interval: interval.toString(),
+    from: normalizeDateMath(from),
+    to: normalizeDateMath(to),
   };
 };

x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation_ui/pages/rule_creation/helpers.test.ts

@@ -591,9 +591,6 @@ describe('helpers', () => {
         from: 'now-11m',
         to: 'now',
         interval: '5m',
-        meta: {
-          from: '6m',
-        },
       };
 
       expect(result).toEqual(expected);
@@ -609,9 +606,6 @@ describe('helpers', () => {
         from: 'now-11m',
         to: 'now',
         interval: '5m',
-        meta: {
-          from: '6m',
-        },
       };
 
       expect(result).toEqual(expected);
@@ -627,9 +621,6 @@ describe('helpers', () => {
         from: 'now-11m',
         to: 'now',
         interval: '5m',
-        meta: {
-          from: '6m',
-        },
       };
 
       expect(result).toEqual(expected);

x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/rule_schedule_section.tsx

@@ -8,6 +8,7 @@
 import React from 'react';
 import { EuiDescriptionList, EuiText } from '@elastic/eui';
 import type { EuiDescriptionListProps } from '@elastic/eui';
+import { normalizeDateMath } from '@kbn/securitysolution-utils/date_math';
 import { toSimpleRuleSchedule } from '../../../../../common/api/detection_engine/model/rule_schema/to_simple_rule_schedule';
 import { IntervalAbbrScreenReader } from '../../../../common/components/accessibility';
 import type { RuleResponse } from '../../../../../common/api/detection_engine/model/rule_schema';
@@ -80,7 +81,10 @@ export const RuleScheduleSection = ({
           ),
           description: (
             <span data-test-subj="fromToPropertyValue">
-              {i18n.RULE_SOURCE_EVENTS_TIME_RANGE(rule.from, to)}
+              {i18n.RULE_SOURCE_EVENTS_TIME_RANGE(
+                normalizeDateMath(rule.from),
+                normalizeDateMath(to)
+              )}
             </span>
           ),
         },