Skip to content

Commit 8d23695

Browse files
dplumleedplumlee
committed
revert timeline changes
1 parent 754ade5 commit 8d23695

2 files changed

Lines changed: 146 additions & 1 deletion

File tree

x-pack/plugins/security_solution/public/common/components/exceptions/builder/index.tsx

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@ import { BuilderButtonOptions } from './builder_button_options';
2323
import { getNewExceptionItem, filterExceptionItems } from '../helpers';
2424
import { ExceptionsBuilderExceptionItem, CreateExceptionListItemBuilderSchema } from '../types';
2525
import { Loader } from '../../loader';
26+
import { exceptionableFields } from '../exceptionable_fields';
2627

2728
const MyInvisibleAndBadge = styled(EuiFlexItem)`
2829
visibility: hidden;
@@ -172,6 +173,17 @@ export const ExceptionBuilder = ({
172173
);
173174
}, [exceptions]);
174175

176+
// Filters index pattern fields by exceptionable fields if list type is endpoint
177+
const filterIndexPatterns = useCallback(() => {
178+
if (listType === 'endpoint') {
179+
return {
180+
...indexPatterns,
181+
fields: indexPatterns.fields.filter(({ name }) => exceptionableFields.includes(name)),
182+
};
183+
}
184+
return indexPatterns;
185+
}, [indexPatterns, listType]);
186+
175187
// The builder can have existing exception items, or new exception items that have yet
176188
// to be created (and thus lack an id), this was creating some React bugs with relying
177189
// on the index, as a result, created a temporary id when new exception items are first
@@ -216,7 +228,7 @@ export const ExceptionBuilder = ({
216228
key={getExceptionListItemId(exceptionListItem, index)}
217229
exceptionItem={exceptionListItem}
218230
exceptionId={getExceptionListItemId(exceptionListItem, index)}
219-
indexPattern={indexPatterns}
231+
indexPattern={filterIndexPatterns()}
220232
isLoading={indexPatternLoading}
221233
exceptionItemIndex={index}
222234
andLogicIncluded={andLogicIncluded}

x-pack/plugins/security_solution/public/common/components/exceptions/exceptionable_fields.ts

Lines changed: 133 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,133 @@
1+
/*
2+
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
3+
* or more contributor license agreements. Licensed under the Elastic License;
4+
* you may not use this file except in compliance with the Elastic License.
5+
*/
6+
7+
export const exceptionableFields = [
8+
'Endpoint.policy.applied.id',
9+
'Target.process.Ext.code_signature.status',
10+
'Target.process.Ext.code_signature.subject_name',
11+
'Target.process.Ext.code_signature.trusted',
12+
'Target.process.Ext.code_signature.valid',
13+
'Target.process.Ext.services',
14+
'Target.process.Ext.user',
15+
'Target.process.command_line',
16+
'Target.process.executable',
17+
'Target.process.hash.md5',
18+
'Target.process.hash.sha1',
19+
'Target.process.hash.sha256',
20+
'Target.process.hash.sha512',
21+
'Target.process.name',
22+
'Target.process.parent.Ext.code_signature.status',
23+
'Target.process.parent.Ext.code_signature.subject_name',
24+
'Target.process.parent.Ext.code_signature.trusted',
25+
'Target.process.parent.Ext.code_signature.valid',
26+
'Target.process.parent.command_line',
27+
'Target.process.parent.executable',
28+
'Target.process.parent.hash.md5',
29+
'Target.process.parent.hash.sha1',
30+
'Target.process.parent.hash.sha256',
31+
'Target.process.parent.hash.sha512',
32+
'Target.process.parent.name',
33+
'Target.process.parent.pgid',
34+
'Target.process.parent.working_directory',
35+
'Target.process.pe.company',
36+
'Target.process.pe.description',
37+
'Target.process.pe.file_version',
38+
'Target.process.pe.original_file_name',
39+
'Target.process.pe.product',
40+
'Target.process.pgid',
41+
'Target.process.working_directory',
42+
'agent.id',
43+
'agent.type',
44+
'agent.version',
45+
'elastic.agent.id',
46+
'event.action',
47+
'event.category',
48+
'event.code',
49+
'event.hash',
50+
'event.kind',
51+
'event.module',
52+
'event.outcome',
53+
'event.provider',
54+
'event.type',
55+
'file.Ext.code_signature.status',
56+
'file.Ext.code_signature.subject_name',
57+
'file.Ext.code_signature.trusted',
58+
'file.Ext.code_signature.valid',
59+
'file.attributes',
60+
'file.device',
61+
'file.directory',
62+
'file.drive_letter',
63+
'file.extension',
64+
'file.gid',
65+
'file.group',
66+
'file.hash.md5',
67+
'file.hash.sha1',
68+
'file.hash.sha256',
69+
'file.hash.sha512',
70+
'file.inode',
71+
'file.mime_type',
72+
'file.mode',
73+
'file.name',
74+
'file.owner',
75+
'file.path',
76+
'file.pe.company',
77+
'file.pe.description',
78+
'file.pe.file_version',
79+
'file.pe.original_file_name',
80+
'file.pe.product',
81+
'file.size',
82+
'file.target_path',
83+
'file.type',
84+
'file.uid',
85+
'group.Ext.real.id',
86+
'group.domain',
87+
'group.id',
88+
'host.architecture',
89+
'host.domain',
90+
'host.id',
91+
'host.os.Ext.variant',
92+
'host.os.family',
93+
'host.os.full',
94+
'host.os.kernel',
95+
'host.os.name',
96+
'host.os.platform',
97+
'host.os.version',
98+
'host.type',
99+
'process.Ext.code_signature.status',
100+
'process.Ext.code_signature.subject_name',
101+
'process.Ext.code_signature.trusted',
102+
'process.Ext.code_signature.valid',
103+
'process.Ext.services',
104+
'process.Ext.user',
105+
'process.command_line',
106+
'process.executable',
107+
'process.hash.md5',
108+
'process.hash.sha1',
109+
'process.hash.sha256',
110+
'process.hash.sha512',
111+
'process.name',
112+
'process.parent.Ext.code_signature.status',
113+
'process.parent.Ext.code_signature.subject_name',
114+
'process.parent.Ext.code_signature.trusted',
115+
'process.parent.Ext.code_signature.valid',
116+
'process.parent.command_line',
117+
'process.parent.executable',
118+
'process.parent.hash.md5',
119+
'process.parent.hash.sha1',
120+
'process.parent.hash.sha256',
121+
'process.parent.hash.sha512',
122+
'process.parent.name',
123+
'process.parent.pgid',
124+
'process.parent.working_directory',
125+
'process.pe.company',
126+
'process.pe.description',
127+
'process.pe.file_version',
128+
'process.pe.original_file_name',
129+
'process.pe.product',
130+
'process.pgid',
131+
'process.working_directory',
132+
'rule.uuid',
133+
];

0 commit comments

Comments
 (0)