From d7575828dd7ed83d07ff2bcc911d309cafe905d7 Mon Sep 17 00:00:00 2001
From: Marshall Main <marshall.main@elastic.co>
Date: Wed, 9 Nov 2022 22:16:26 -0800
Subject: [PATCH] Add runtime license check for suppression

---
 .../lib/detection_engine/signals/executors/query.ts      | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/query.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/query.ts
index 241b5962c57cd..7c3dc31b742ae 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/query.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/query.ts
@@ -62,8 +62,12 @@ export const queryExecutor = async ({
       exceptionFilter: runOpts.exceptionFilter,
     });
 
+    const license = await firstValueFrom(licensing.license$);
+    const hasPlatinumLicense = license.hasAtLeast('platinum');
+    const hasGoldLicense = license.hasAtLeast('gold');
+
     const result =
-      ruleParams.alertSuppression?.groupBy != null
+      ruleParams.alertSuppression?.groupBy != null && hasPlatinumLicense
         ? await groupAndBulkCreate({
             runOpts,
             services,
@@ -94,9 +98,6 @@ export const queryExecutor = async ({
             state: {},
           };
 
-    const license = await firstValueFrom(licensing.license$);
-    const hasGoldLicense = license.hasAtLeast('gold');
-
     if (hasGoldLicense) {
       if (completeRule.ruleParams.responseActions?.length && result.createdSignalsCount) {
         scheduleNotificationResponseActions(