From 99ec80a45e922c731a84cea374ab697ac17105ad Mon Sep 17 00:00:00 2001
From: Pete Hampton <pjhampton@users.noreply.github.com>
Date: Wed, 9 Dec 2020 12:34:42 +0000
Subject: [PATCH] Add ECS field for event.code. (#85109) (#85384)

---
 .../security_solution/common/endpoint/generate_data.test.ts      | 1 +
 .../plugins/security_solution/common/endpoint/generate_data.ts   | 1 +
 x-pack/plugins/security_solution/common/endpoint/types/index.ts  | 1 +
 3 files changed, 3 insertions(+)

diff --git a/x-pack/plugins/security_solution/common/endpoint/generate_data.test.ts b/x-pack/plugins/security_solution/common/endpoint/generate_data.test.ts
index ec82f4795158ee..8e4d82e4feb7d6 100644
--- a/x-pack/plugins/security_solution/common/endpoint/generate_data.test.ts
+++ b/x-pack/plugins/security_solution/common/endpoint/generate_data.test.ts
@@ -129,6 +129,7 @@ describe('data generator', () => {
     const alert = generator.generateAlert({ ts: timestamp });
     expect(alert['@timestamp']).toEqual(timestamp);
     expect(alert.event?.action).not.toBeNull();
+    expect(alert.event?.code).not.toBeNull();
     expect(alert.Endpoint).not.toBeNull();
     expect(alert.agent).not.toBeNull();
     expect(alert.host).not.toBeNull();
diff --git a/x-pack/plugins/security_solution/common/endpoint/generate_data.ts b/x-pack/plugins/security_solution/common/endpoint/generate_data.ts
index 440ffae0986d60..5ab1dd0aa7f747 100644
--- a/x-pack/plugins/security_solution/common/endpoint/generate_data.ts
+++ b/x-pack/plugins/security_solution/common/endpoint/generate_data.ts
@@ -531,6 +531,7 @@ export class EndpointDocGenerator {
         action: this.randomChoice(FILE_OPERATIONS),
         kind: 'alert',
         category: 'malware',
+        code: 'malicious_file',
         id: this.seededUUIDv4(),
         dataset: 'endpoint',
         module: 'endpoint',
diff --git a/x-pack/plugins/security_solution/common/endpoint/types/index.ts b/x-pack/plugins/security_solution/common/endpoint/types/index.ts
index d6be83d7cbbe3c..248e0126a42e57 100644
--- a/x-pack/plugins/security_solution/common/endpoint/types/index.ts
+++ b/x-pack/plugins/security_solution/common/endpoint/types/index.ts
@@ -453,6 +453,7 @@ type DllFields = Partial<{
 export type AlertEvent = Partial<{
   event: Partial<{
     action: ECSField<string>;
+    code: ECSField<string>;
     dataset: ECSField<string>;
     module: ECSField<string>;
   }>;