diff --git a/x-pack/plugins/security_solution/public/common/components/exceptions/helpers.test.tsx b/x-pack/plugins/security_solution/public/common/components/exceptions/helpers.test.tsx index 8651dac8c8cf..f21f18943889 100644 --- a/x-pack/plugins/security_solution/public/common/components/exceptions/helpers.test.tsx +++ b/x-pack/plugins/security_solution/public/common/components/exceptions/helpers.test.tsx @@ -723,15 +723,16 @@ describe('Exception helpers', () => { expect(prepopulatedItem.entries).toEqual([ { entries: [ - { field: 'subject_name', operator: 'included', type: 'match', value: '' }, - { field: 'trusted', operator: 'included', type: 'match', value: '' }, + { id: '123', field: 'subject_name', operator: 'included', type: 'match', value: '' }, + { id: '123', field: 'trusted', operator: 'included', type: 'match', value: '' }, ], field: 'file.Ext.code_signature', type: 'nested', + id: '123', }, - { field: 'file.path.caseless', operator: 'included', type: 'match', value: '' }, - { field: 'file.hash.sha256', operator: 'included', type: 'match', value: '' }, - { field: 'event.code', operator: 'included', type: 'match', value: '' }, + { id: '123', field: 'file.path.caseless', operator: 'included', type: 'match', value: '' }, + { id: '123', field: 'file.hash.sha256', operator: 'included', type: 'match', value: '' }, + { id: '123', field: 'event.code', operator: 'included', type: 'match', value: '' }, ]); }); @@ -748,24 +749,39 @@ describe('Exception helpers', () => { { entries: [ { + id: '123', field: 'subject_name', operator: 'included', type: 'match', value: 'someSubjectName', }, - { field: 'trusted', operator: 'included', type: 'match', value: 'false' }, + { id: '123', field: 'trusted', operator: 'included', type: 'match', value: 'false' }, ], field: 'file.Ext.code_signature', type: 'nested', + id: '123', }, { + id: '123', field: 'file.path.caseless', operator: 'included', type: 'match', value: 'some-file-path', }, - { field: 'file.hash.sha256', operator: 'included', type: 'match', value: 'some-hash' }, - { field: 'event.code', operator: 'included', type: 'match', value: 'some-event-code' }, + { + id: '123', + field: 'file.hash.sha256', + operator: 'included', + type: 'match', + value: 'some-hash', + }, + { + id: '123', + field: 'event.code', + operator: 'included', + type: 'match', + value: 'some-event-code', + }, ]); }); }); @@ -943,47 +959,77 @@ describe('Exception helpers', () => { { entries: [ { + id: '123', field: 'subject_name', operator: 'included', type: 'match', value: 'some_subject', }, - { field: 'trusted', operator: 'included', type: 'match', value: 'false' }, + { id: '123', field: 'trusted', operator: 'included', type: 'match', value: 'false' }, ], field: 'file.Ext.code_signature', type: 'nested', + id: '123', }, { + id: '123', field: 'file.path.caseless', operator: 'included', type: 'match', value: 'some file path', }, - { field: 'file.hash.sha256', operator: 'included', type: 'match', value: 'some hash' }, - { field: 'event.code', operator: 'included', type: 'match', value: 'some event code' }, + { + id: '123', + field: 'file.hash.sha256', + operator: 'included', + type: 'match', + value: 'some hash', + }, + { + id: '123', + field: 'event.code', + operator: 'included', + type: 'match', + value: 'some event code', + }, ]); expect(defaultItems[1].entries).toEqual([ { entries: [ { + id: '123', field: 'subject_name', operator: 'included', type: 'match', value: 'some_subject_2', }, - { field: 'trusted', operator: 'included', type: 'match', value: 'true' }, + { id: '123', field: 'trusted', operator: 'included', type: 'match', value: 'true' }, ], field: 'file.Ext.code_signature', type: 'nested', + id: '123', }, { + id: '123', field: 'file.path.caseless', operator: 'included', type: 'match', value: 'some file path', }, - { field: 'file.hash.sha256', operator: 'included', type: 'match', value: 'some hash' }, - { field: 'event.code', operator: 'included', type: 'match', value: 'some event code' }, + { + id: '123', + field: 'file.hash.sha256', + operator: 'included', + type: 'match', + value: 'some hash', + }, + { + id: '123', + field: 'event.code', + operator: 'included', + type: 'match', + value: 'some event code', + }, ]); }); @@ -1014,59 +1060,91 @@ describe('Exception helpers', () => { { entries: [ { + id: '123', field: 'subject_name', operator: 'included', type: 'match', value: 'some_subject', }, - { field: 'trusted', operator: 'included', type: 'match', value: 'false' }, + { id: '123', field: 'trusted', operator: 'included', type: 'match', value: 'false' }, ], field: 'process.Ext.code_signature', type: 'nested', + id: '123', }, { + id: '123', field: 'process.executable', operator: 'included', type: 'match', value: 'some file path', }, - { field: 'process.hash.sha256', operator: 'included', type: 'match', value: 'some hash' }, { + id: '123', + field: 'process.hash.sha256', + operator: 'included', + type: 'match', + value: 'some hash', + }, + { + id: '123', field: 'Ransomware.feature', operator: 'included', type: 'match', value: 'some ransomware feature', }, - { field: 'event.code', operator: 'included', type: 'match', value: 'ransomware' }, + { + id: '123', + field: 'event.code', + operator: 'included', + type: 'match', + value: 'ransomware', + }, ]); expect(defaultItems[1].entries).toEqual([ { entries: [ { + id: '123', field: 'subject_name', operator: 'included', type: 'match', value: 'some_subject_2', }, - { field: 'trusted', operator: 'included', type: 'match', value: 'true' }, + { id: '123', field: 'trusted', operator: 'included', type: 'match', value: 'true' }, ], field: 'process.Ext.code_signature', type: 'nested', + id: '123', }, { + id: '123', field: 'process.executable', operator: 'included', type: 'match', value: 'some file path', }, - { field: 'process.hash.sha256', operator: 'included', type: 'match', value: 'some hash' }, { + id: '123', + field: 'process.hash.sha256', + operator: 'included', + type: 'match', + value: 'some hash', + }, + { + id: '123', field: 'Ransomware.feature', operator: 'included', type: 'match', value: 'some ransomware feature', }, - { field: 'event.code', operator: 'included', type: 'match', value: 'ransomware' }, + { + id: '123', + field: 'event.code', + operator: 'included', + type: 'match', + value: 'ransomware', + }, ]); }); }); diff --git a/x-pack/plugins/security_solution/public/common/components/exceptions/helpers.tsx b/x-pack/plugins/security_solution/public/common/components/exceptions/helpers.tsx index c44de4f05e7f..04502d1e1620 100644 --- a/x-pack/plugins/security_solution/public/common/components/exceptions/helpers.tsx +++ b/x-pack/plugins/security_solution/public/common/components/exceptions/helpers.tsx @@ -38,6 +38,7 @@ import { UpdateExceptionListItemSchema, EntryNested, OsTypeArray, + EntriesArray, } from '../../../shared_imports'; import { IIndexPattern } from '../../../../../../../src/plugins/data/common'; import { validate } from '../../../../common/validate'; @@ -46,6 +47,19 @@ import { CodeSignature } from '../../../../common/ecs/file'; import { WithCopyToClipboard } from '../../lib/clipboard/with_copy_to_clipboard'; import { addIdToItem, removeIdFromItem } from '../../../../common'; +export const addIdToEntries = (entries: EntriesArray): EntriesArray => { + return entries.map((singleEntry) => { + if (singleEntry.type === 'nested') { + return addIdToItem({ + ...singleEntry, + entries: singleEntry.entries.map((nestedEntry) => addIdToItem(nestedEntry)), + }); + } else { + return addIdToItem(singleEntry); + } + }); +}; + /** * Returns the operator type, may not need this if using io-ts types * @@ -150,14 +164,14 @@ export const getNewExceptionItem = ({ return { comments: [], description: `${ruleName} - exception list item`, - entries: [ - addIdToItem({ + entries: addIdToEntries([ + { field: '', operator: 'included', type: 'match', value: '', - }), - ], + }, + ]), item_id: undefined, list_id: listId, meta: { @@ -464,7 +478,7 @@ export const getPrepopulatedEndpointException = ({ const sha256Hash = file?.hash?.sha256 ?? ''; return { ...getNewExceptionItem({ listId, namespaceType: listNamespace, ruleName }), - entries: [ + entries: addIdToEntries([ { field: 'file.Ext.code_signature', type: 'nested', @@ -501,7 +515,7 @@ export const getPrepopulatedEndpointException = ({ type: 'match', value: eventCode ?? '', }, - ], + ]), }; }; @@ -529,7 +543,7 @@ export const getPrepopulatedRansomwareException = ({ const ransomwareFeature = Ransomware?.feature ?? ''; return { ...getNewExceptionItem({ listId, namespaceType: listNamespace, ruleName }), - entries: [ + entries: addIdToEntries([ { field: 'process.Ext.code_signature', type: 'nested', @@ -572,7 +586,7 @@ export const getPrepopulatedRansomwareException = ({ type: 'match', value: eventCode ?? '', }, - ], + ]), }; };