Skip to content

Commit fc2673b

Browse files
pjhamptonpjhampton
authored
Add ECS field for event.code. (#85109)
1 parent f2d961d commit fc2673b

3 files changed

Lines changed: 3 additions & 0 deletions

File tree

x-pack/plugins/security_solution/common/endpoint/generate_data.test.ts

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -129,6 +129,7 @@ describe('data generator', () => {
129129
const alert = generator.generateAlert({ ts: timestamp });
130130
expect(alert['@timestamp']).toEqual(timestamp);
131131
expect(alert.event?.action).not.toBeNull();
132+
expect(alert.event?.code).not.toBeNull();
132133
expect(alert.Endpoint).not.toBeNull();
133134
expect(alert.agent).not.toBeNull();
134135
expect(alert.host).not.toBeNull();

x-pack/plugins/security_solution/common/endpoint/generate_data.ts

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -531,6 +531,7 @@ export class EndpointDocGenerator {
531531
action: this.randomChoice(FILE_OPERATIONS),
532532
kind: 'alert',
533533
category: 'malware',
534+
code: 'malicious_file',
534535
id: this.seededUUIDv4(),
535536
dataset: 'endpoint',
536537
module: 'endpoint',

x-pack/plugins/security_solution/common/endpoint/types/index.ts

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -453,6 +453,7 @@ type DllFields = Partial<{
453453
export type AlertEvent = Partial<{
454454
event: Partial<{
455455
action: ECSField<string>;
456+
code: ECSField<string>;
456457
dataset: ECSField<string>;
457458
module: ECSField<string>;
458459
}>;

0 commit comments

Comments
 (0)