From adbfdd51eb04d2d352aa6cdc984105b36e1c49af Mon Sep 17 00:00:00 2001
From: Surya Sashank Nistala <snistala@amazon.com>
Date: Mon, 9 Oct 2023 02:54:49 -0700
Subject: [PATCH] handle threat intel enabled check during detector updation

---
 .../transport/TransportIndexDetectorAction.java               | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/java/org/opensearch/securityanalytics/transport/TransportIndexDetectorAction.java b/src/main/java/org/opensearch/securityanalytics/transport/TransportIndexDetectorAction.java
index e94ef388f..ff6252df8 100644
--- a/src/main/java/org/opensearch/securityanalytics/transport/TransportIndexDetectorAction.java
+++ b/src/main/java/org/opensearch/securityanalytics/transport/TransportIndexDetectorAction.java
@@ -255,7 +255,7 @@ private void createMonitorFromQueries(List<Pair<String, Rule>> rulesById, Detect
 
         List<IndexMonitorRequest> monitorRequests = new ArrayList<>();
 
-        if (!docLevelRules.isEmpty()) {
+        if (!docLevelRules.isEmpty() || detector.getThreatIntelEnabled()) {
             monitorRequests.add(createDocLevelMonitorRequest(docLevelRules, detector, refreshPolicy, Monitor.NO_ID, Method.POST));
         }
 
@@ -471,7 +471,7 @@ public void onFailure(Exception e) {
                     Collectors.toList());
 
             // Process doc level monitors
-            if (!docLevelRules.isEmpty()) {
+            if (!docLevelRules.isEmpty() || detector.getThreatIntelEnabled()) {
                 if (detector.getDocLevelMonitorId() == null) {
                     monitorsToBeAdded.add(createDocLevelMonitorRequest(docLevelRules, detector, refreshPolicy, Monitor.NO_ID, Method.POST));
                 } else {