github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 17:28:26 -04:00
Code Issues Projects Releases Packages Wiki Activity

[8.8] [Security Solution] Adds several new fields to allowed Exceptions for Endpoint (#159835) (#159924)

Browse source 
# Backport

This will backport the following commits from `main` to `8.8`:
- [[Security Solution] Adds several new fields to allowed Exceptions for
Endpoint (#159835)](https://github.com/elastic/kibana/pull/159835)

<!--- Backport version: 8.9.7 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Kevin
Logan","email":"56395104+kevinlog@users.noreply.github.com"},"sourceCommit":{"committedDate":"2023-06-19T12:58:08Z","message":"[Security
Solution] Adds several new fields to allowed Exceptions for Endpoint
(#159835)\n\n## Summary\r\n\r\nAdds the following new fields to allowed
Exceptions for Endpoint after\r\ncustomer and internal
requests.\r\n\r\nWe can backport this to `8.8.2` in addition to shipping
in `8.9.0`\r\n\r\n```\r\n \"process.args\",\r\n
\"process.parent.args\",\r\n \"dns.question.type\",\r\n
\"file.pe.Ext.dotnet\",\r\n \"file.pe.Ext.streams.hash.md5\",\r\n
\"file.pe.Ext.streams.hash.sha256\",\r\n
\"file.pe.Ext.sections.hash.sha256\",\r\n
\"file.pe.Ext.sections.hash.md5\",\r\n \"file.pe.Ext.streams.name\",\r\n
\"Effective_process.entity_id\",\r\n
\"Effective_process.executable\",\r\n \"Effective_process.name\",\r\n
\"Effective_process.pid\"\r\n```\r\n\r\nSee the Endpoint Exception
builder below with the new fields available\r\nfor
use.\r\n\r\n\r\n![image](87e1b214-4a76-459c-800d-eb6877ed3b9a)","sha":"3e61769cdaef20bff5b788c6c365dfa80c1ca8ba","branchLabelMapping":{"^v8.9.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:enhancement","Team:Defend
Workflows","v8.8.0","v8.9.0"],"number":159835,"url":"https://github.com/elastic/kibana/pull/159835","mergeCommit":{"message":"[Security
Solution] Adds several new fields to allowed Exceptions for Endpoint
(#159835)\n\n## Summary\r\n\r\nAdds the following new fields to allowed
Exceptions for Endpoint after\r\ncustomer and internal
requests.\r\n\r\nWe can backport this to `8.8.2` in addition to shipping
in `8.9.0`\r\n\r\n```\r\n \"process.args\",\r\n
\"process.parent.args\",\r\n \"dns.question.type\",\r\n
\"file.pe.Ext.dotnet\",\r\n \"file.pe.Ext.streams.hash.md5\",\r\n
\"file.pe.Ext.streams.hash.sha256\",\r\n
\"file.pe.Ext.sections.hash.sha256\",\r\n
\"file.pe.Ext.sections.hash.md5\",\r\n \"file.pe.Ext.streams.name\",\r\n
\"Effective_process.entity_id\",\r\n
\"Effective_process.executable\",\r\n \"Effective_process.name\",\r\n
\"Effective_process.pid\"\r\n```\r\n\r\nSee the Endpoint Exception
builder below with the new fields available\r\nfor
use.\r\n\r\n\r\n![image](87e1b214-4a76-459c-800d-eb6877ed3b9a)","sha":"3e61769cdaef20bff5b788c6c365dfa80c1ca8ba"}},"sourceBranch":"main","suggestedTargetBranches":["8.8"],"targetPullRequestStates":[{"branch":"8.8","label":"v8.8.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.9.0","labelRegex":"^v8.9.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/159835","number":159835,"mergeCommit":{"message":"[Security
Solution] Adds several new fields to allowed Exceptions for Endpoint
(#159835)\n\n## Summary\r\n\r\nAdds the following new fields to allowed
Exceptions for Endpoint after\r\ncustomer and internal
requests.\r\n\r\nWe can backport this to `8.8.2` in addition to shipping
in `8.9.0`\r\n\r\n```\r\n \"process.args\",\r\n
\"process.parent.args\",\r\n \"dns.question.type\",\r\n
\"file.pe.Ext.dotnet\",\r\n \"file.pe.Ext.streams.hash.md5\",\r\n
\"file.pe.Ext.streams.hash.sha256\",\r\n
\"file.pe.Ext.sections.hash.sha256\",\r\n
\"file.pe.Ext.sections.hash.md5\",\r\n \"file.pe.Ext.streams.name\",\r\n
\"Effective_process.entity_id\",\r\n
\"Effective_process.executable\",\r\n \"Effective_process.name\",\r\n
\"Effective_process.pid\"\r\n```\r\n\r\nSee the Endpoint Exception
builder below with the new fields available\r\nfor
use.\r\n\r\n\r\n![image](87e1b214-4a76-459c-800d-eb6877ed3b9a)","sha":"3e61769cdaef20bff5b788c6c365dfa80c1ca8ba"}}]}]
BACKPORT-->

Co-authored-by: Kevin Logan <56395104+kevinlog@users.noreply.github.com>
This commit is contained in:
Kibana Machine 2023-06-20 09:20:27 -04:00 committed by GitHub
parent 546f2cd0a6
commit 4fde17f20c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

12
x-pack/plugins/security_solution/public/detection_engine/rule_exceptions/utils/exceptionable_endpoint_fields.json
View file

@ -30,6 +30,10 @@
"agent.id",
"agent.type",
"agent.version",
"Effective_process.entity_id",
"Effective_process.executable",
"Effective_process.name",
"Effective_process.pid",
"elastic.agent.id",
"event.action",
"event.category",
@ -59,6 +63,12 @@
"file.path",
"file.pe.company",
"file.pe.description",
"file.pe.Ext.dotnet",
"file.pe.Ext.streams.hash.md5",
"file.pe.Ext.streams.hash.sha256",
"file.pe.Ext.streams.name",
"file.pe.Ext.sections.hash.md5",
"file.pe.Ext.sections.hash.sha256",
"file.pe.file_version",
"file.pe.original_file_name",
"file.pe.product",
@ -79,6 +89,7 @@
"host.os.platform",
"host.os.version",
"host.type",
"process.args",
"process.command_line",
"process.code_signature.subject_name",
"process.Ext.services",
@ -92,6 +103,7 @@
"process.hash.sha256",
"process.hash.sha512",
"process.name",
"process.parent.args",
"process.parent.executable",
"process.parent.hash.md5",
"process.parent.hash.sha1",