Use a function to return defaultDlls instead of mutable data

elastic · Jul 1, 2021 · 1efeb8e · 1efeb8e
1 parent 25a6e0e
commit 1efeb8e
Showing 1 changed file with 38 additions and 33 deletions.
diff --git a/x-pack/plugins/security_solution/common/endpoint/generate_data.ts b/x-pack/plugins/security_solution/common/endpoint/generate_data.ts
@@ -400,37 +400,6 @@ const alertsDefaultDataStream = {
   namespace: 'default',
 };
 
-const alertsDefaultDll = [
-  {
-    pe: {
-      architecture: 'x64',
-    },
-    code_signature: {
-      subject_name: 'Cybereason Inc',
-      trusted: true,
-    },
-
-    hash: {
-      md5: '1f2d082566b0fc5f2c238a5180db7451',
-      sha1: 'ca85243c0af6a6471bdaa560685c51eefd6dbc0d',
-      sha256: '8ad40c90a611d36eb8f9eb24fa04f7dbca713db383ff55a03aa0f382e92061a2',
-    },
-
-    path: 'C:\\Program Files\\Cybereason ActiveProbe\\AmSvc.exe',
-    Ext: {
-      compile_time: 1534424710,
-      mapped_address: 5362483200,
-      mapped_size: 0,
-      malware_classification: {
-        identifier: 'Whitelisted',
-        score: 0,
-        threshold: 0,
-        version: '3.0.0',
-      },
-    },
-  },
-];
-
 export class EndpointDocGenerator extends BaseDataGenerator {
   commonInfo: HostInfo;
   sequence: number = 0;
@@ -656,7 +625,7 @@ export class EndpointDocGenerator extends BaseDataGenerator {
           },
         },
       },
-      dll: alertsDefaultDll,
+      dll: this.getAlertsDefaultDll(),
     };
   }
 
@@ -741,7 +710,7 @@ export class EndpointDocGenerator extends BaseDataGenerator {
           },
         },
       },
-      dll: alertsDefaultDll,
+      dll: this.getAlertsDefaultDll(),
     };
 
     // shellcode_thread memory alert have an additional process field
@@ -814,6 +783,42 @@ export class EndpointDocGenerator extends BaseDataGenerator {
     }
   }
 
+  /**
+   * Returns the default DLLs used in alerts
+   */
+  private getAlertsDefaultDll() {
+    return [
+      {
+        pe: {
+          architecture: 'x64',
+        },
+        code_signature: {
+          subject_name: 'Cybereason Inc',
+          trusted: true,
+        },
+
+        hash: {
+          md5: '1f2d082566b0fc5f2c238a5180db7451',
+          sha1: 'ca85243c0af6a6471bdaa560685c51eefd6dbc0d',
+          sha256: '8ad40c90a611d36eb8f9eb24fa04f7dbca713db383ff55a03aa0f382e92061a2',
+        },
+
+        path: 'C:\\Program Files\\Cybereason ActiveProbe\\AmSvc.exe',
+        Ext: {
+          compile_time: 1534424710,
+          mapped_address: 5362483200,
+          mapped_size: 0,
+          malware_classification: {
+            identifier: 'Whitelisted',
+            score: 0,
+            threshold: 0,
+            version: '3.0.0',
+          },
+        },
+      },
+    ];
+  }
+
   /**
    * Creates an event, customized by the options parameter
    * @param options - Allows event field values to be specified