[SIEM][Detection Engine] - Update DE to work with new exceptions schema (#69715)

* Updates list entry schema, exposes exception list client, updates tests * create new de list schema and unit tests * updated route unit tests and types to match new list schema * updated existing DE exceptions code so it should now work as is with updated schema * test and types cleanup * cleanup * update unit test * updates per feedback
2025-04-24 17:59:23 -04:00 · 2020-06-25 09:47:05 -04:00 · 2020-06-25 09:47:05 -04:00 · f7acbbe7a1
commit f7acbbe7a1
parent 7a557822f3
71 changed files with 2528 additions and 2194 deletions
--- a/x-pack/plugins/lists/README.md
+++ b/x-pack/plugins/lists/README.md
@ -157,12 +157,14 @@ And you can attach exception list items like so:
    {
      "field": "actingProcess.file.signer",
      "operator": "included",
-      "match": "Elastic, N.V."
+      "type": "match",
+      "value": "Elastic, N.V."
    },
    {
      "field": "event.category",
      "operator": "included",
-      "match_any": [
+      "type": "match_any",
+      "value": [
        "process",
        "malware"
      ]