add a custom type for trusted_apps operator

undo changes from list plugin and server/lib/detection_engine

refs 2ac56ee839
refs elastic/security-team/issues/543

x-pack/plugins/lists/common/schemas/common/schemas.ts

@@ -276,12 +276,11 @@ export type CursorOrUndefined = t.TypeOf<typeof cursorOrUndefined>;
 export const namespace_type = DefaultNamespace;
 
 export const operatorIncluded = t.keyof({ included: null });
-export const operator = t.keyof({ excluded: null, included: null, wildcard_caseless: null });
+export const operator = t.keyof({ excluded: null, included: null });
 export type Operator = t.TypeOf<typeof operator>;
 export enum OperatorEnum {
   INCLUDED = 'included',
   EXCLUDED = 'excluded',
-  WILDCARD_CASELESS = 'wildcard_caseless',
 }
 
 export enum OperatorTypeEnum {

x-pack/plugins/security_solution/server/endpoint/routes/trusted_apps/mapping.ts

@@ -14,6 +14,7 @@ import {
   EntryNested,
   ExceptionListItemSchema,
   NestedEntriesArray,
+  Operator,
 } from '../../../../../lists/common';
 import { ENDPOINT_TRUSTED_APPS_LIST_ID } from '../../../../../lists/common/constants';
 import {
@@ -75,7 +76,13 @@ export const tagsToEffectScope = (tags: string[]): EffectScope => {
   }
 };
 
-export const entriesToConditionEntriesMap = (entries: EntriesArray): ConditionEntriesMap => {
+type TrustedAppsEntriesArray = Omit<EntriesArray, 'operator'> & {
+  operator: Operator | 'wildcard_caseless';
+};
+
+export const entriesToConditionEntriesMap = (
+  entries: TrustedAppsEntriesArray
+): ConditionEntriesMap => {
   return entries.reduce((result, entry) => {
     if (entry.field.startsWith('process.hash') && entry.type === 'match') {
       return {

x-pack/plugins/security_solution/server/lib/detection_engine/signals/filters/types.ts

@@ -44,6 +44,6 @@ export interface CreateFieldAndSetTuplesOptions<T> {
 
 export interface FieldSet {
   field: string;
-  operator: 'excluded' | 'included' | 'wildcard_caseless';
+  operator: 'excluded' | 'included';
   matchedSet: Set<unknown>;
 }