-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution][Exceptions] Add lowercase normalized fields for case-insensitive matching #79
Changes from all commits
8c4307b
2358788
bfc49b9
ee103c8
a679044
76da16a
2b1af92
77fb983
a1689d8
8b33d30
6093ff2
d98c593
69b862e
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -11,6 +11,22 @@ | |
File fields provide details about the affected file associated with the event or metric. | ||
type: group | ||
fields: | ||
- name: path | ||
multi_fields: | ||
- name: caseless | ||
type: keyword | ||
normalizer: lowercase | ||
- name: text | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @madirey since ECS already defines the Basically I'm wondering if we can avoid having to define the There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Looks like ECS doesn't support merging custom and core |
||
type: text | ||
|
||
- name: target_path | ||
multi_fields: | ||
- name: caseless | ||
type: keyword | ||
normalizer: lowercase | ||
- name: text | ||
type: text | ||
|
||
- name: Ext | ||
level: custom | ||
type: object | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍