[SECURITY_SOLUTION][ENDPOINT] Fix Trusted Apps so that process.executable field is used for file paths

x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.test.ts

@@ -76,7 +76,7 @@ describe('When invoking Trusted Apps Schema', () => {
       os: 'windows',
       entries: [
         {
-          field: 'process.path.text',
+          field: 'process.executable.text',
           type: 'match',
           operator: 'included',
           value: 'c:/programs files/Anti-Virus',
@@ -204,7 +204,7 @@ describe('When invoking Trusted Apps Schema', () => {
             field: 'process.hash.*',
             value: 'A4370C0CF81686C0B696FA6261c9d3e0d810ae704ab8301839dffd5d5112f476',
           },
-          { field: 'process.path.text', value: '/tmp/dir1' },
+          { field: 'process.executable.text', value: '/tmp/dir1' },
         ].forEach((partialEntry) => {
           const bodyMsg3 = {
             ...getCreateTrustedAppItem(),

x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.ts

@@ -35,7 +35,7 @@ export const PostTrustedAppCreateRequestSchema = {
       schema.object({
         field: schema.oneOf([
           schema.literal('process.hash.*'),
-          schema.literal('process.path.text'),
+          schema.literal('process.executable.text'),
         ]),
         type: schema.literal('match'),
         operator: schema.literal('included'),

x-pack/plugins/security_solution/common/endpoint/types/trusted_apps.ts

@@ -33,7 +33,7 @@ export interface PostTrustedAppCreateResponse {
 }
 
 export interface MacosLinuxConditionEntry {
-  field: 'process.hash.*' | 'process.path.text';
+  field: 'process.hash.*' | 'process.executable.text';
   type: 'match';
   operator: 'included';
   value: string;

x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/components/logical_condition/components/condition_entry.tsx

@@ -83,7 +83,7 @@ export const ConditionEntry = memo<ConditionEntryProps>(
             'xpack.securitySolution.trustedapps.logicalConditionBuilder.entry.field.path',
             { defaultMessage: 'Path' }
           ),
-          value: 'process.path.text',
+          value: 'process.executable.text',
         },
       ];
     }, []);

x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/components/trusted_app_card/index.stories.tsx

@@ -30,7 +30,7 @@ storiesOf('TrustedApps|TrustedAppCard', module)
     trustedApp.created_at = '2020-09-17T14:52:33.899Z';
     trustedApp.entries = [
       {
-        field: 'process.path.text',
+        field: 'process.executable.text',
         operator: 'included',
         type: 'match',
         value: '/some/path/on/file/system',
@@ -44,7 +44,7 @@ storiesOf('TrustedApps|TrustedAppCard', module)
     trustedApp.created_at = '2020-09-17T14:52:33.899Z';
     trustedApp.entries = [
       {
-        field: 'process.path.text',
+        field: 'process.executable.text',
         operator: 'included',
         type: 'match',
         value: '/some/path/on/file/system',

x-pack/plugins/security_solution/server/endpoint/routes/trusted_apps/trusted_apps.test.ts

@@ -240,7 +240,7 @@ describe('when invoking endpoint trusted apps route handlers', () => {
       os: 'windows',
       entries: [
         {
-          field: 'process.path.text',
+          field: 'process.executable.text',
           type: 'match',
           operator: 'included',
           value: 'c:/programs files/Anti-Virus',
@@ -293,7 +293,7 @@ describe('when invoking endpoint trusted apps route handlers', () => {
         description: 'this one is ok',
         entries: [
           {
-            field: 'process.path.text',
+            field: 'process.executable.text',
             operator: 'included',
             type: 'match',
             value: 'c:/programs files/Anti-Virus',
@@ -320,7 +320,7 @@ describe('when invoking endpoint trusted apps route handlers', () => {
             description: 'this one is ok',
             entries: [
               {
-                field: 'process.path.text',
+                field: 'process.executable.text',
                 operator: 'included',
                 type: 'match',
                 value: 'c:/programs files/Anti-Virus',
@@ -357,7 +357,7 @@ describe('when invoking endpoint trusted apps route handlers', () => {
     it('should trim condition entry values', async () => {
       const newTrustedApp = createNewTrustedAppBody();
       newTrustedApp.entries.push({
-        field: 'process.path.text',
+        field: 'process.executable.text',
         value: '\n    some value \r\n ',
         operator: 'included',
         type: 'match',
@@ -366,13 +366,13 @@ describe('when invoking endpoint trusted apps route handlers', () => {
       await routeHandler(context, request, response);
       expect(exceptionsListClient.createExceptionListItem.mock.calls[0][0].entries).toEqual([
         {
-          field: 'process.path.text',
+          field: 'process.executable.text',
           operator: 'included',
           type: 'match',
           value: 'c:/programs files/Anti-Virus',
         },
         {
-          field: 'process.path.text',
+          field: 'process.executable.text',
           value: 'some value',
           operator: 'included',
           type: 'match',
@@ -392,7 +392,7 @@ describe('when invoking endpoint trusted apps route handlers', () => {
       await routeHandler(context, request, response);
       expect(exceptionsListClient.createExceptionListItem.mock.calls[0][0].entries).toEqual([
         {
-          field: 'process.path.text',
+          field: 'process.executable.text',
           operator: 'included',
           type: 'match',
           value: 'c:/programs files/Anti-Virus',