From 8d23695429ad65092e26ac35bdb779b1f39dff2e Mon Sep 17 00:00:00 2001 From: Davis Plumlee Date: Tue, 14 Jul 2020 19:33:59 -0400 Subject: [PATCH 1/2] revert timeline changes --- .../components/exceptions/builder/index.tsx | 14 +- .../exceptions/exceptionable_fields.ts | 133 ++++++++++++++++++ 2 files changed, 146 insertions(+), 1 deletion(-) create mode 100644 x-pack/plugins/security_solution/public/common/components/exceptions/exceptionable_fields.ts diff --git a/x-pack/plugins/security_solution/public/common/components/exceptions/builder/index.tsx b/x-pack/plugins/security_solution/public/common/components/exceptions/builder/index.tsx index d3ed1dfc944fd1..c9ff6c405296d6 100644 --- a/x-pack/plugins/security_solution/public/common/components/exceptions/builder/index.tsx +++ b/x-pack/plugins/security_solution/public/common/components/exceptions/builder/index.tsx @@ -23,6 +23,7 @@ import { BuilderButtonOptions } from './builder_button_options'; import { getNewExceptionItem, filterExceptionItems } from '../helpers'; import { ExceptionsBuilderExceptionItem, CreateExceptionListItemBuilderSchema } from '../types'; import { Loader } from '../../loader'; +import { exceptionableFields } from '../exceptionable_fields'; const MyInvisibleAndBadge = styled(EuiFlexItem)` visibility: hidden; @@ -172,6 +173,17 @@ export const ExceptionBuilder = ({ ); }, [exceptions]); + // Filters index pattern fields by exceptionable fields if list type is endpoint + const filterIndexPatterns = useCallback(() => { + if (listType === 'endpoint') { + return { + ...indexPatterns, + fields: indexPatterns.fields.filter(({ name }) => exceptionableFields.includes(name)), + }; + } + return indexPatterns; + }, [indexPatterns, listType]); + // The builder can have existing exception items, or new exception items that have yet // to be created (and thus lack an id), this was creating some React bugs with relying // on the index, as a result, created a temporary id when new exception items are first @@ -216,7 +228,7 @@ export const ExceptionBuilder = ({ key={getExceptionListItemId(exceptionListItem, index)} exceptionItem={exceptionListItem} exceptionId={getExceptionListItemId(exceptionListItem, index)} - indexPattern={indexPatterns} + indexPattern={filterIndexPatterns()} isLoading={indexPatternLoading} exceptionItemIndex={index} andLogicIncluded={andLogicIncluded} diff --git a/x-pack/plugins/security_solution/public/common/components/exceptions/exceptionable_fields.ts b/x-pack/plugins/security_solution/public/common/components/exceptions/exceptionable_fields.ts new file mode 100644 index 00000000000000..3cb61b06a9ad4b --- /dev/null +++ b/x-pack/plugins/security_solution/public/common/components/exceptions/exceptionable_fields.ts @@ -0,0 +1,133 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +export const exceptionableFields = [ + 'Endpoint.policy.applied.id', + 'Target.process.Ext.code_signature.status', + 'Target.process.Ext.code_signature.subject_name', + 'Target.process.Ext.code_signature.trusted', + 'Target.process.Ext.code_signature.valid', + 'Target.process.Ext.services', + 'Target.process.Ext.user', + 'Target.process.command_line', + 'Target.process.executable', + 'Target.process.hash.md5', + 'Target.process.hash.sha1', + 'Target.process.hash.sha256', + 'Target.process.hash.sha512', + 'Target.process.name', + 'Target.process.parent.Ext.code_signature.status', + 'Target.process.parent.Ext.code_signature.subject_name', + 'Target.process.parent.Ext.code_signature.trusted', + 'Target.process.parent.Ext.code_signature.valid', + 'Target.process.parent.command_line', + 'Target.process.parent.executable', + 'Target.process.parent.hash.md5', + 'Target.process.parent.hash.sha1', + 'Target.process.parent.hash.sha256', + 'Target.process.parent.hash.sha512', + 'Target.process.parent.name', + 'Target.process.parent.pgid', + 'Target.process.parent.working_directory', + 'Target.process.pe.company', + 'Target.process.pe.description', + 'Target.process.pe.file_version', + 'Target.process.pe.original_file_name', + 'Target.process.pe.product', + 'Target.process.pgid', + 'Target.process.working_directory', + 'agent.id', + 'agent.type', + 'agent.version', + 'elastic.agent.id', + 'event.action', + 'event.category', + 'event.code', + 'event.hash', + 'event.kind', + 'event.module', + 'event.outcome', + 'event.provider', + 'event.type', + 'file.Ext.code_signature.status', + 'file.Ext.code_signature.subject_name', + 'file.Ext.code_signature.trusted', + 'file.Ext.code_signature.valid', + 'file.attributes', + 'file.device', + 'file.directory', + 'file.drive_letter', + 'file.extension', + 'file.gid', + 'file.group', + 'file.hash.md5', + 'file.hash.sha1', + 'file.hash.sha256', + 'file.hash.sha512', + 'file.inode', + 'file.mime_type', + 'file.mode', + 'file.name', + 'file.owner', + 'file.path', + 'file.pe.company', + 'file.pe.description', + 'file.pe.file_version', + 'file.pe.original_file_name', + 'file.pe.product', + 'file.size', + 'file.target_path', + 'file.type', + 'file.uid', + 'group.Ext.real.id', + 'group.domain', + 'group.id', + 'host.architecture', + 'host.domain', + 'host.id', + 'host.os.Ext.variant', + 'host.os.family', + 'host.os.full', + 'host.os.kernel', + 'host.os.name', + 'host.os.platform', + 'host.os.version', + 'host.type', + 'process.Ext.code_signature.status', + 'process.Ext.code_signature.subject_name', + 'process.Ext.code_signature.trusted', + 'process.Ext.code_signature.valid', + 'process.Ext.services', + 'process.Ext.user', + 'process.command_line', + 'process.executable', + 'process.hash.md5', + 'process.hash.sha1', + 'process.hash.sha256', + 'process.hash.sha512', + 'process.name', + 'process.parent.Ext.code_signature.status', + 'process.parent.Ext.code_signature.subject_name', + 'process.parent.Ext.code_signature.trusted', + 'process.parent.Ext.code_signature.valid', + 'process.parent.command_line', + 'process.parent.executable', + 'process.parent.hash.md5', + 'process.parent.hash.sha1', + 'process.parent.hash.sha256', + 'process.parent.hash.sha512', + 'process.parent.name', + 'process.parent.pgid', + 'process.parent.working_directory', + 'process.pe.company', + 'process.pe.description', + 'process.pe.file_version', + 'process.pe.original_file_name', + 'process.pe.product', + 'process.pgid', + 'process.working_directory', + 'rule.uuid', +]; From 2d2c99870e38021fa52d2d22063dc134e62c0354 Mon Sep 17 00:00:00 2001 From: Davis Plumlee Date: Tue, 14 Jul 2020 20:11:02 -0400 Subject: [PATCH 2/2] changes ts to json --- .../components/exceptions/builder/index.tsx | 3 +- .../exceptions/exceptionable_fields.json | 127 +++++++++++++++++ .../exceptions/exceptionable_fields.ts | 133 ------------------ 3 files changed, 129 insertions(+), 134 deletions(-) create mode 100644 x-pack/plugins/security_solution/public/common/components/exceptions/exceptionable_fields.json delete mode 100644 x-pack/plugins/security_solution/public/common/components/exceptions/exceptionable_fields.ts diff --git a/x-pack/plugins/security_solution/public/common/components/exceptions/builder/index.tsx b/x-pack/plugins/security_solution/public/common/components/exceptions/builder/index.tsx index c9ff6c405296d6..6bff33afaf70ce 100644 --- a/x-pack/plugins/security_solution/public/common/components/exceptions/builder/index.tsx +++ b/x-pack/plugins/security_solution/public/common/components/exceptions/builder/index.tsx @@ -23,7 +23,8 @@ import { BuilderButtonOptions } from './builder_button_options'; import { getNewExceptionItem, filterExceptionItems } from '../helpers'; import { ExceptionsBuilderExceptionItem, CreateExceptionListItemBuilderSchema } from '../types'; import { Loader } from '../../loader'; -import { exceptionableFields } from '../exceptionable_fields'; +// eslint-disable-next-line @kbn/eslint/no-restricted-paths +import exceptionableFields from '../exceptionable_fields.json'; const MyInvisibleAndBadge = styled(EuiFlexItem)` visibility: hidden; diff --git a/x-pack/plugins/security_solution/public/common/components/exceptions/exceptionable_fields.json b/x-pack/plugins/security_solution/public/common/components/exceptions/exceptionable_fields.json new file mode 100644 index 00000000000000..18257b0de0a17c --- /dev/null +++ b/x-pack/plugins/security_solution/public/common/components/exceptions/exceptionable_fields.json @@ -0,0 +1,127 @@ +[ + "Endpoint.policy.applied.id", + "Target.process.Ext.code_signature.status", + "Target.process.Ext.code_signature.subject_name", + "Target.process.Ext.code_signature.trusted", + "Target.process.Ext.code_signature.valid", + "Target.process.Ext.services", + "Target.process.Ext.user", + "Target.process.command_line", + "Target.process.executable", + "Target.process.hash.md5", + "Target.process.hash.sha1", + "Target.process.hash.sha256", + "Target.process.hash.sha512", + "Target.process.name", + "Target.process.parent.Ext.code_signature.status", + "Target.process.parent.Ext.code_signature.subject_name", + "Target.process.parent.Ext.code_signature.trusted", + "Target.process.parent.Ext.code_signature.valid", + "Target.process.parent.command_line", + "Target.process.parent.executable", + "Target.process.parent.hash.md5", + "Target.process.parent.hash.sha1", + "Target.process.parent.hash.sha256", + "Target.process.parent.hash.sha512", + "Target.process.parent.name", + "Target.process.parent.pgid", + "Target.process.parent.working_directory", + "Target.process.pe.company", + "Target.process.pe.description", + "Target.process.pe.file_version", + "Target.process.pe.original_file_name", + "Target.process.pe.product", + "Target.process.pgid", + "Target.process.working_directory", + "agent.id", + "agent.type", + "agent.version", + "elastic.agent.id", + "event.action", + "event.category", + "event.code", + "event.hash", + "event.kind", + "event.module", + "event.outcome", + "event.provider", + "event.type", + "file.Ext.code_signature.status", + "file.Ext.code_signature.subject_name", + "file.Ext.code_signature.trusted", + "file.Ext.code_signature.valid", + "file.attributes", + "file.device", + "file.directory", + "file.drive_letter", + "file.extension", + "file.gid", + "file.group", + "file.hash.md5", + "file.hash.sha1", + "file.hash.sha256", + "file.hash.sha512", + "file.inode", + "file.mime_type", + "file.mode", + "file.name", + "file.owner", + "file.path", + "file.pe.company", + "file.pe.description", + "file.pe.file_version", + "file.pe.original_file_name", + "file.pe.product", + "file.size", + "file.target_path", + "file.type", + "file.uid", + "group.Ext.real.id", + "group.domain", + "group.id", + "host.architecture", + "host.domain", + "host.id", + "host.os.Ext.variant", + "host.os.family", + "host.os.full", + "host.os.kernel", + "host.os.name", + "host.os.platform", + "host.os.version", + "host.type", + "process.Ext.code_signature.status", + "process.Ext.code_signature.subject_name", + "process.Ext.code_signature.trusted", + "process.Ext.code_signature.valid", + "process.Ext.services", + "process.Ext.user", + "process.command_line", + "process.executable", + "process.hash.md5", + "process.hash.sha1", + "process.hash.sha256", + "process.hash.sha512", + "process.name", + "process.parent.Ext.code_signature.status", + "process.parent.Ext.code_signature.subject_name", + "process.parent.Ext.code_signature.trusted", + "process.parent.Ext.code_signature.valid", + "process.parent.command_line", + "process.parent.executable", + "process.parent.hash.md5", + "process.parent.hash.sha1", + "process.parent.hash.sha256", + "process.parent.hash.sha512", + "process.parent.name", + "process.parent.pgid", + "process.parent.working_directory", + "process.pe.company", + "process.pe.description", + "process.pe.file_version", + "process.pe.original_file_name", + "process.pe.product", + "process.pgid", + "process.working_directory", + "rule.uuid" +] \ No newline at end of file diff --git a/x-pack/plugins/security_solution/public/common/components/exceptions/exceptionable_fields.ts b/x-pack/plugins/security_solution/public/common/components/exceptions/exceptionable_fields.ts deleted file mode 100644 index 3cb61b06a9ad4b..00000000000000 --- a/x-pack/plugins/security_solution/public/common/components/exceptions/exceptionable_fields.ts +++ /dev/null @@ -1,133 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -export const exceptionableFields = [ - 'Endpoint.policy.applied.id', - 'Target.process.Ext.code_signature.status', - 'Target.process.Ext.code_signature.subject_name', - 'Target.process.Ext.code_signature.trusted', - 'Target.process.Ext.code_signature.valid', - 'Target.process.Ext.services', - 'Target.process.Ext.user', - 'Target.process.command_line', - 'Target.process.executable', - 'Target.process.hash.md5', - 'Target.process.hash.sha1', - 'Target.process.hash.sha256', - 'Target.process.hash.sha512', - 'Target.process.name', - 'Target.process.parent.Ext.code_signature.status', - 'Target.process.parent.Ext.code_signature.subject_name', - 'Target.process.parent.Ext.code_signature.trusted', - 'Target.process.parent.Ext.code_signature.valid', - 'Target.process.parent.command_line', - 'Target.process.parent.executable', - 'Target.process.parent.hash.md5', - 'Target.process.parent.hash.sha1', - 'Target.process.parent.hash.sha256', - 'Target.process.parent.hash.sha512', - 'Target.process.parent.name', - 'Target.process.parent.pgid', - 'Target.process.parent.working_directory', - 'Target.process.pe.company', - 'Target.process.pe.description', - 'Target.process.pe.file_version', - 'Target.process.pe.original_file_name', - 'Target.process.pe.product', - 'Target.process.pgid', - 'Target.process.working_directory', - 'agent.id', - 'agent.type', - 'agent.version', - 'elastic.agent.id', - 'event.action', - 'event.category', - 'event.code', - 'event.hash', - 'event.kind', - 'event.module', - 'event.outcome', - 'event.provider', - 'event.type', - 'file.Ext.code_signature.status', - 'file.Ext.code_signature.subject_name', - 'file.Ext.code_signature.trusted', - 'file.Ext.code_signature.valid', - 'file.attributes', - 'file.device', - 'file.directory', - 'file.drive_letter', - 'file.extension', - 'file.gid', - 'file.group', - 'file.hash.md5', - 'file.hash.sha1', - 'file.hash.sha256', - 'file.hash.sha512', - 'file.inode', - 'file.mime_type', - 'file.mode', - 'file.name', - 'file.owner', - 'file.path', - 'file.pe.company', - 'file.pe.description', - 'file.pe.file_version', - 'file.pe.original_file_name', - 'file.pe.product', - 'file.size', - 'file.target_path', - 'file.type', - 'file.uid', - 'group.Ext.real.id', - 'group.domain', - 'group.id', - 'host.architecture', - 'host.domain', - 'host.id', - 'host.os.Ext.variant', - 'host.os.family', - 'host.os.full', - 'host.os.kernel', - 'host.os.name', - 'host.os.platform', - 'host.os.version', - 'host.type', - 'process.Ext.code_signature.status', - 'process.Ext.code_signature.subject_name', - 'process.Ext.code_signature.trusted', - 'process.Ext.code_signature.valid', - 'process.Ext.services', - 'process.Ext.user', - 'process.command_line', - 'process.executable', - 'process.hash.md5', - 'process.hash.sha1', - 'process.hash.sha256', - 'process.hash.sha512', - 'process.name', - 'process.parent.Ext.code_signature.status', - 'process.parent.Ext.code_signature.subject_name', - 'process.parent.Ext.code_signature.trusted', - 'process.parent.Ext.code_signature.valid', - 'process.parent.command_line', - 'process.parent.executable', - 'process.parent.hash.md5', - 'process.parent.hash.sha1', - 'process.parent.hash.sha256', - 'process.parent.hash.sha512', - 'process.parent.name', - 'process.parent.pgid', - 'process.parent.working_directory', - 'process.pe.company', - 'process.pe.description', - 'process.pe.file_version', - 'process.pe.original_file_name', - 'process.pe.product', - 'process.pgid', - 'process.working_directory', - 'rule.uuid', -];