Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[8.x] [Security Solution][Event Filters] Warning callout for incomplete code signature entries (#193749) #195184

Merged
merged 1 commit into from
Oct 7, 2024
Merged

[8.x] [Security Solution][Event Filters] Warning callout for incomplete code signature entries (#193749) #195184

merged 1 commit into from
Oct 7, 2024
+194 −2

Conversation

kibanamachine
Copy link
Contributor

Backport

This will backport the following commits from main to 8.x:

Questions ?

Please refer to the Backport tool documentation

@parkiino
[Security Solution][Event Filters] Warning callout for incomplete cod…
0814856 
…e signature entries (elastic#193749)

## Summary
Navigate to Security Solution > Manage > Event Filters > Add Event
Filter

- [x] Warning callout shown when code signature field is incomplete
(i.e. `process.code_signature.subject_name` w/o
`process.code_signature.trusted` or vice versa)
- [x] For mac operating systems, `process.code_signature.team_id` is
also accepted as an equivalent to `subject_name`
- [x] Warning callout is also shown for nested entries for this code
signature field: `process.Ext.code_signature`
- [x] Unit Tests

# Screenshots

![image](https://github.com/user-attachments/assets/e77cffa7-8b60-4441-9319-aa9964224bb9)

![image](https://github.com/user-attachments/assets/6ec7c6a1-28e8-4f8e-a6aa-3e65b1e0ba1b)

MAC

![image](https://github.com/user-attachments/assets/86354b92-d7e3-44f1-8719-d9791dcaf9cd)

NESTED

![image](https://github.com/user-attachments/assets/1392d7b2-0b63-40b8-95be-8a5bfa2e0af1)

Followup prs: need to address user being allowed to choose the nested
field: `process.Ext.code_signature` for a non-nested entry, need to
address what happens when a user chooses `false` instead of true for the
`trusted` field option

---------

Co-authored-by: kibanamachine <[email protected]>
(cherry picked from commit 61c9137)
@kibanamachine kibanamachine enabled auto-merge (squash) October 7, 2024 08:16
@kibanamachine kibanamachine mentioned this pull request Oct 7, 2024
Merged
4 tasks
@kibana-ci
Copy link
Collaborator

💛 Build succeeded, but was flaky

Failed CI Steps

Test Failures

  • [job] [logs] Jest Tests #3 / Case View Page files tab should render the custom fields correctly

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
securitySolution 5920 5921 +1

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id before after diff
@kbn/securitysolution-exception-list-components 95 96 +1
@kbn/securitysolution-list-utils 161 162 +1
total +2

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 20.6MB 20.6MB +5.7KB
Unknown metric groups

API count

id before after diff
@kbn/securitysolution-exception-list-components 106 107 +1
@kbn/securitysolution-list-utils 209 211 +2
total +3

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @parkiino

@kibanamachine kibanamachine merged commit 8139c7b into elastic:8.x Oct 7, 2024
34 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

@parkiino parkiino

Labels
backport
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kibanamachine @kibana-ci @parkiino