changes from sha1 to sha256

elastic · Jul 29, 2020 · 1b2ae14 · 1b2ae14
1 parent e202a83
commit 1b2ae14
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 24 deletions.
diff --git a/...k/plugins/security_solution/public/common/components/exceptions/exceptionable_fields.json b/...k/plugins/security_solution/public/common/components/exceptions/exceptionable_fields.json
@@ -6,40 +6,32 @@
   "Target.process.Ext.code_signature.valid",
   "Target.process.Ext.services",
   "Target.process.Ext.user",
-  "Target.process.command_line",
   "Target.process.command_line.text",
-  "Target.process.executable",
   "Target.process.executable.text",
   "Target.process.hash.md5",
   "Target.process.hash.sha1",
   "Target.process.hash.sha256",
   "Target.process.hash.sha512",
-  "Target.process.name",
   "Target.process.name.text",
   "Target.process.parent.Ext.code_signature.status",
   "Target.process.parent.Ext.code_signature.subject_name",
   "Target.process.parent.Ext.code_signature.trusted",
   "Target.process.parent.Ext.code_signature.valid",
-  "Target.process.parent.command_line",
   "Target.process.parent.command_line.text",
-  "Target.process.parent.executable",
   "Target.process.parent.executable.text",
   "Target.process.parent.hash.md5",
   "Target.process.parent.hash.sha1",
   "Target.process.parent.hash.sha256",
   "Target.process.parent.hash.sha512",
-  "Target.process.parent.name",
   "Target.process.parent.name.text",
   "Target.process.parent.pgid",
-  "Target.process.parent.working_directory",
   "Target.process.parent.working_directory.text",
   "Target.process.pe.company",
   "Target.process.pe.description",
   "Target.process.pe.file_version",
   "Target.process.pe.original_file_name",
   "Target.process.pe.product",
   "Target.process.pgid",
-  "Target.process.working_directory",
   "Target.process.working_directory.text",
   "agent.id",
   "agent.type",
@@ -74,15 +66,13 @@
   "file.mode",
   "file.name",
   "file.owner",
-  "file.path",
   "file.path.text",
   "file.pe.company",
   "file.pe.description",
   "file.pe.file_version",
   "file.pe.original_file_name",
   "file.pe.product",
   "file.size",
-  "file.target_path",
   "file.target_path.text",
   "file.type",
   "file.uid",
@@ -94,10 +84,8 @@
   "host.id",
   "host.os.Ext.variant",
   "host.os.family",
-  "host.os.full",
   "host.os.full.text",
   "host.os.kernel",
-  "host.os.name",
   "host.os.name.text",
   "host.os.platform",
   "host.os.version",
@@ -108,40 +96,32 @@
   "process.Ext.code_signature.valid",
   "process.Ext.services",
   "process.Ext.user",
-  "process.command_line",
   "process.command_line.text",
-  "process.executable",
   "process.executable.text",
   "process.hash.md5",
   "process.hash.sha1",
   "process.hash.sha256",
   "process.hash.sha512",
-  "process.name",
   "process.name.text",
   "process.parent.Ext.code_signature.status",
   "process.parent.Ext.code_signature.subject_name",
   "process.parent.Ext.code_signature.trusted",
   "process.parent.Ext.code_signature.valid",
-  "process.parent.command_line",
   "process.parent.command_line.text",
-  "process.parent.executable",
   "process.parent.executable.text",
   "process.parent.hash.md5",
   "process.parent.hash.sha1",
   "process.parent.hash.sha256",
   "process.parent.hash.sha512",
-  "process.parent.name",
   "process.parent.name.text",
   "process.parent.pgid",
-  "process.parent.working_directory",
   "process.parent.working_directory.text",
   "process.pe.company",
   "process.pe.description",
   "process.pe.file_version",
   "process.pe.original_file_name",
   "process.pe.product",
   "process.pgid",
-  "process.working_directory",
   "process.working_directory.text",
   "rule.uuid"
 ]
diff --git a/x-pack/plugins/security_solution/public/common/components/exceptions/helpers.tsx b/x-pack/plugins/security_solution/public/common/components/exceptions/helpers.tsx
@@ -413,7 +413,7 @@ export const defaultEndpointExceptionItems = (
     data: alertData,
     fieldName: 'file.Ext.code_signature.trusted',
   });
-  const [sha1Hash] = getMappedNonEcsValue({ data: alertData, fieldName: 'file.hash.sha1' });
+  const [sha256Hash] = getMappedNonEcsValue({ data: alertData, fieldName: 'file.hash.sha256' });
   const [eventCode] = getMappedNonEcsValue({ data: alertData, fieldName: 'event.code' });
   const namespaceType = 'agnostic';
 
@@ -446,10 +446,10 @@ export const defaultEndpointExceptionItems = (
           value: filePath ?? '',
         },
         {
-          field: 'file.hash.sha1',
+          field: 'file.hash.sha256',
           operator: 'included',
           type: 'match',
-          value: sha1Hash ?? '',
+          value: sha256Hash ?? '',
         },
         {
           field: 'event.code',

diff --git a/...ck/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx b/...ck/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx
@@ -202,7 +202,7 @@ export const requiredFieldsForActions = [
   'file.path',
   'file.Ext.code_signature.subject_name',
   'file.Ext.code_signature.trusted',
-  'file.hash.sha1',
+  'file.hash.sha256',
   'host.os.family',
   'event.code',
 ];