github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-06-28 11:05:39 -04:00
Code Issues Projects Releases Packages Wiki Activity
kibana/packages/kbn-securitysolution-exception-list-components/index.ts
Candace Park 61c9137a1e
[Security Solution][Event Filters] Warning callout for incomplete code signature entries (#193749) 
## Summary
Navigate to Security Solution > Manage > Event Filters > Add Event
Filter

- [x] Warning callout shown when code signature field is incomplete
(i.e. `process.code_signature.subject_name` w/o
`process.code_signature.trusted` or vice versa)
- [x] For mac operating systems, `process.code_signature.team_id` is
also accepted as an equivalent to `subject_name`
- [x] Warning callout is also shown for nested entries for this code
signature field: `process.Ext.code_signature`
- [x] Unit Tests

# Screenshots

![image](https://github.com/user-attachments/assets/e77cffa7-8b60-4441-9319-aa9964224bb9)

![image](https://github.com/user-attachments/assets/6ec7c6a1-28e8-4f8e-a6aa-3e65b1e0ba1b)

MAC

![image](https://github.com/user-attachments/assets/86354b92-d7e3-44f1-8719-d9791dcaf9cd)

NESTED

![image](https://github.com/user-attachments/assets/1392d7b2-0b63-40b8-95be-8a5bfa2e0af1)

Followup prs: need to address user being allowed to choose the nested
field: `process.Ext.code_signature` for a non-nested entry, need to
address what happens when a user chooses `false` instead of true for the
`trusted` field option

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
2024-10-04 01:26:39 -05:00

22 lines
1 KiB
TypeScript
Raw Blame History

/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the "Elastic License
* 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
* Public License v 1"; you may not use this file except in compliance with, at
* your election, the "Elastic License 2.0", the "GNU Affero General Public
* License v3.0 only", or the "Server Side Public License, v 1".
*/
export * from './src/search_bar';
export * from './src/empty_viewer_state';
export * from './src/pagination/pagination';
// export * from './src/exceptions_utility/exceptions_utility';
export * from './src/exception_items';
export * from './src/exception_item_card';
export * from './src/value_with_space_warning';
export * from './src/types';
export * from './src/list_header';
export * from './src/header_menu';
export * from './src/generate_linked_rules_menu_item';
export * from './src/wildcard_with_wrong_operator_callout';
export * from './src/partial_code_signature_callout';
Reference in a new issue View git blame Copy permalink