github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-06-27 18:51:07 -04:00
Code Issues Projects Releases Packages Wiki Activity
kibana/x-pack/plugins
History
Kevin Logan 88bd71c077
[Security Solution] File paths for Blocklist Windows and Mac should be case insensitive (#164200) 
## Summary

This fixes a bug where Windows and Mac Blocklist file path entries
should be passed as case insensitive. This is because Mac and Windows
are caseless for most use cases.

Bug ticket: https://github.com/elastic/kibana/issues/158581

Here is how it will be displayed in the UI:
<img width="1728" alt="image"
src="a3006397-f49e-4de0-818d-94e2de20dba3">

Here are the breakdown of the artifacts after the fix:

Linux:
```
-------------------------------------------------------------------
Policy:   Protect
Manifest: 1.0.6 | v1
Artifact: endpoint-blocklist-linux-v1
          Relative URL:   /api/fleet/artifacts/endpoint-blocklist-linux-v1/f33e6890aeced00861c26a08121dd42d2d29ba08abfeb3c065d0447e32e18640
          Encoded SHA256: a907835be40af89b8b7aa23a6efc66c01ceaa5a19622edd378139319f3ca5fa0
          Decoded SHA256: f33e6890aeced00861c26a08121dd42d2d29ba08abfeb3c065d0447e32e18640
-------------------------------------------------------------------

{
  "entries": [
    {
      "type": "simple",
      "entries": [
        {
          "field": "file.path",
          "operator": "included",
          "type": "exact_cased_any",
          "value": [
            "/opt/bin/bin.exe"
          ]
        }
      ]
    }
  ]
}
```

Mac:
```
-------------------------------------------------------------------
Policy:   Protect
Manifest: 1.0.6 | v1
Artifact: endpoint-blocklist-macos-v1
          Relative URL:   /api/fleet/artifacts/endpoint-blocklist-macos-v1/b28e7978da4314ebc2c94770e0638fc4b2270f9dc17a11d6d32b8634b1fbec0f
          Encoded SHA256: 4f3e80d688f5cae4bf6a88b0704e37909f9fa4f47fe8325b7b154cddd46a2db9
          Decoded SHA256: b28e7978da4314ebc2c94770e0638fc4b2270f9dc17a11d6d32b8634b1fbec0f
-------------------------------------------------------------------

{
  "entries": [
    {
      "type": "simple",
      "entries": [
        {
          "field": "file.path",
          "operator": "included",
          "type": "exact_caseless_any",
          "value": [
            "/opt/exe.exe"
          ]
        }
      ]
    }
```

Windows:
```
-------------------------------------------------------------------
Policy:   Protect
Manifest: 1.0.6 | v1
Artifact: endpoint-blocklist-windows-v1
          Relative URL:   /api/fleet/artifacts/endpoint-blocklist-windows-v1/2a6fcc67c696ad4e29d91f8b685bff46977198cd34b9a61e8003d55b78dff6ac
          Encoded SHA256: c6e045fce97651336eeb400f0123541475b940e3aa38ce721f299585683da288
          Decoded SHA256: 2a6fcc67c696ad4e29d91f8b685bff46977198cd34b9a61e8003d55b78dff6ac
-------------------------------------------------------------------

{
  "entries": [
    {
      "type": "simple",
      "entries": [
        {
          "field": "file.path",
          "operator": "included",
          "type": "exact_caseless_any",
          "value": [
            "C:\\path\\path.exe"
          ]
        }
      ]
    }
  ]
}
```

### Checklist

Delete any items that are not applicable to this PR.

- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
2023-08-21 10:00:53 -04:00
..
actions [OAS] Add is_system_action to connector responses (#163969) 2023-08-17 13:13:35 -07:00
aiops [ML] AIOps: Add/edit change point charts embeddable from the Dashboard app (#163694) 2023-08-15 19:10:07 +02:00
alerting [HTTP] Allow for internal requests to also specify special query param elasticInternalOrigin (#163796) 2023-08-21 11:55:33 +02:00
apm [APM] Remove power_user and read_only_user folders from e2e (#164242) 2023-08-21 14:51:28 +02:00
asset_manager [asset manager] merge obsasset signals collection (#162222) 2023-08-17 13:47:51 +02:00
banners
canvas fix Canvas available in search in serverless (#163740) 2023-08-14 10:43:15 -06:00
cases [Cases] Add max alerts per case to docs (#164141) 2023-08-17 12:48:30 +02:00
cloud Expose projectsUrl and baseUrl on the Cloud's plugin setup and start server-side contracts (#163380) 2023-08-10 09:38:43 -07:00
cloud_defend [Automated PR] Sync cloud_defend plugin policy schema with cloud-defend repo (#164216) 2023-08-17 15:31:20 -07:00
cloud_integrations [UserProfiles] Move React hook to package (#162888) 2023-08-09 09:02:02 -07:00
cloud_security_posture [Cloud Security] Only clean up AWS creds (#164154) 2023-08-21 12:23:15 +03:00
cross_cluster_replication [CCR] Migrate all usages of EuiPage*_Deprecated (#163135) 2023-08-17 13:40:18 -04:00
custom_branding
dashboard_enhanced
data_visualizer [ML] AIOps: Auto-detect if spike or dip selected in log rate analysis. (#163100) 2023-08-09 08:05:07 +02:00
discover_enhanced
discover_log_explorer [Log Explorer] Add test suite for Dataset Selector (#163079) 2023-08-11 15:32:42 +02:00
drilldowns Changing where CodeEditor fields get useDarkMode value (#159638) 2023-07-11 14:02:42 -04:00
ecs_data_quality_dashboard
embeddable_enhanced
encrypted_saved_objects Upgrade ESLint to v8 (#162309) 2023-08-11 00:32:25 +02:00
enterprise_search [Search] Disable crawler on overview without ent-search (#164227) 2023-08-21 10:37:59 +02:00
event_log [EventLog] change to use Data stream lifecycle instead of ILM (#163210) 2023-08-08 15:23:59 -04:00
exploratory_view [Observability AI Assistant] Action menu item (#163463) 2023-08-11 09:51:36 +02:00
features Security tech debt cleanup (#157990) 2023-05-23 09:30:48 +01:00
file_upload [file upload] bump loaders.gl@3.4.7 (#162176) 2023-07-20 13:10:35 -06:00
fleet [Fleet][API] Add ability to set a proxy for agent download source (#164078) 2023-08-17 16:38:55 +01:00
global_search
global_search_bar [Serverless] Chrome UI fixes (#164030) 2023-08-16 17:21:59 -04:00
global_search_providers [Logs+] Add Log Explorer profile deep link (#161939) 2023-07-24 21:23:58 +02:00
graph [Graph] disable application in serverless (#163582) 2023-08-14 13:21:21 +03:00
grokdebugger [CodeEditor] Add grok highlighting (#159334) 2023-06-13 12:05:26 +02:00
index_lifecycle_management Disable management plugins using contextRef (#160671) 2023-07-18 13:21:37 +02:00
index_management [Index Management] Fix broken mapping doc links (#163660) 2023-08-17 06:31:59 +03:00
infra [Infra UI] Fix filter popovers not being closed on trigger button click (#164060) 2023-08-17 11:05:32 +02:00
ingest_pipelines [Ingest pipelines] Improve copy of Reroute processor (#162996) 2023-08-15 11:56:10 +01:00
kubernetes_security [D4C] beta labels removed from k8s dashboard and tty output feature. (#162094) 2023-08-04 13:34:30 -07:00
lens [Dashboard] Add filter details to panel settings (#162913) 2023-08-17 12:36:10 -07:00
license_api_guard
license_management Disable management plugins using contextRef (#160671) 2023-07-18 13:21:37 +02:00
licensing
lists [Security Solution][EDR Workflows] Remove the filter on Endpoint Exceptions and Event Filters creation to allow more user flexibility (#162193) 2023-08-03 12:53:17 -04:00
logs_shared [Logs] Amend lazy imports in logs_shared plugin (#164102) 2023-08-17 14:44:57 +01:00
logstash [Logstash] Migrate code editor to monaco (#162691) 2023-08-02 09:10:24 +03:00
maps Upgrade EUI to v86.0.0 (#163088) 2023-08-14 15:45:09 -05:00
ml [ML] Fix query bar not switching from KQL to Lucene and vice versa in Anomaly explorer (#163625) 2023-08-18 09:52:25 -07:00
monitoring [Infra UI][Stack Monitoring] Migrate EuiPage*_Depracated usage (#161870) 2023-07-20 04:48:26 -07:00
monitoring_collection
notifications [Cases]: Add HTML email template to notify user when case is assigned to them (#159335) 2023-06-15 03:30:18 -07:00
observability [RAM] add maintenance window banner (#163516) 2023-08-17 04:04:56 -07:00
observability_ai_assistant [Observability AI Assistant] Lens function (#163872) 2023-08-17 09:45:51 +02:00
observability_onboarding [Logs onboarding] Install steps for windows (#163735) 2023-08-14 20:18:43 +02:00
observability_shared Upgrade EUI to v86.0.0 (#163088) 2023-08-14 15:45:09 -05:00
osquery [osquery] Update E2E to not install Osquery integration on the Fleet server (#164225) 2023-08-18 21:01:59 +02:00
painless_lab Changing where CodeEditor fields get useDarkMode value (#159638) 2023-07-11 14:02:42 -04:00
profiling [Profiling] Diff topN functions impact estimate fix (#163749) 2023-08-16 14:11:46 +01:00
remote_clusters [Remote clusters] Add new security model (#161836) 2023-08-14 11:58:53 +03:00
reporting fix 'Download CSV' returns no data when panel has custom time range outside timerange of global time picker (#163887) 2023-08-17 16:37:12 -06:00
rollup [Rollup] Add a comment about api use by the data view plugin (#163432) 2023-08-08 10:42:10 -07:00
rule_registry [HTTP] Allow for internal requests to also specify special query param elasticInternalOrigin (#163796) 2023-08-21 11:55:33 +02:00
runtime_fields Changing where CodeEditor fields get useDarkMode value (#159638) 2023-07-11 14:02:42 -04:00
saved_objects_tagging [Lens] library annotation groups (#152623) 2023-05-31 16:41:21 -04:00
screenshotting Fix wrong regex for CJK character detection #157231 (#161825) 2023-07-24 10:05:27 -07:00
searchprofiler
security Support logging out of Serverless projects. (#163154) 2023-08-11 16:49:26 +02:00
security_solution [Security Solution] File paths for Blocklist Windows and Mac should be case insensitive (#164200) 2023-08-21 10:00:53 -04:00
security_solution_ess [Security Solutions] Add upselling service to security solutions ESS plugin (#163406) 2023-08-16 10:20:25 -04:00
security_solution_serverless [Security Solutions] Add upselling service to security solutions ESS plugin (#163406) 2023-08-16 10:20:25 -04:00
serverless Update Project Selection in Serverless Top Navigation (#163076) 2023-08-07 16:18:35 +02:00
serverless_observability [Logs+] Fix landing page log data check and redirect (#162662) 2023-08-04 19:16:00 +02:00
serverless_search [Serverless] Add deployment URL (#163925) 2023-08-15 18:31:22 +02:00
session_view [D4C] beta labels removed from k8s dashboard and tty output feature. (#162094) 2023-08-04 13:34:30 -07:00
snapshot_restore [Snapshot Restore] Fix broken Snapshot restore form (#161113) 2023-07-27 09:42:15 +01:00
spaces [settings] Extract and fix Section Registry (#163502) 2023-08-14 11:00:33 -07:00
stack_alerts Save ES Query Rule type alerts in alert-as-data index (#161685) 2023-08-14 15:26:23 +03:00
stack_connectors Add SentinelOne connector (#159157) 2023-08-09 11:02:11 -07:00
synthetics [Synthetics] Pass monitor.id to run_once. (#163799) 2023-08-14 19:26:25 +02:00
task_manager Fix flaky test for task state validation (#163744) 2023-08-16 12:34:36 -04:00
telemetry_collection_xpack [Cloud Security] [Telemetry] Add Alerts Telemetry (#163907) 2023-08-16 03:17:36 -07:00
threat_intelligence [Security Solution][Serverless] Reusing Cypress tests for Serverless infrastructure (#162698) 2023-08-15 19:50:54 +02:00
timelines Upgrade EUI to v86.0.0 (#163088) 2023-08-14 15:45:09 -05:00
transform [ML] Transforms: Fix privileges check. (#163687) 2023-08-11 15:46:56 +02:00
translations [Dashboard] Remove clone by reference (#164108) 2023-08-21 09:51:07 -04:00
triggers_actions_ui [RAM] add maintenance window banner (#163516) 2023-08-17 04:04:56 -07:00
upgrade_assistant Upgrade @elastic/eui to 85.0.1 (#162209) 2023-07-27 12:47:18 -06:00
uptime Unskip useQueryBar unit test. (#163963) 2023-08-15 21:13:57 +02:00
ux [Observability AI Assistant] Action menu item (#163463) 2023-08-11 09:51:36 +02:00
watcher skip flaky suite (#163531) 2023-08-15 00:55:00 +01:00