Add ECS field for event.code. (#85109)

2020-12-09 08:33:10 +00:00 · 2020-12-09 08:33:10 +00:00 · fc2673b8b0
parent f2d961df6a
commit fc2673b8b0
3 changed files with 3 additions and 0 deletions
--- a/x-pack/plugins/security_solution/common/endpoint/generate_data.test.ts
+++ b/x-pack/plugins/security_solution/common/endpoint/generate_data.test.ts
@ -129,6 +129,7 @@ describe('data generator', () => {
    const alert = generator.generateAlert({ ts: timestamp });
    expect(alert['@timestamp']).toEqual(timestamp);
    expect(alert.event?.action).not.toBeNull();
+    expect(alert.event?.code).not.toBeNull();
    expect(alert.Endpoint).not.toBeNull();
    expect(alert.agent).not.toBeNull();
    expect(alert.host).not.toBeNull();
--- a/x-pack/plugins/security_solution/common/endpoint/generate_data.ts
+++ b/x-pack/plugins/security_solution/common/endpoint/generate_data.ts
@ -531,6 +531,7 @@ export class EndpointDocGenerator {
        action: this.randomChoice(FILE_OPERATIONS),
        kind: 'alert',
        category: 'malware',
+        code: 'malicious_file',
        id: this.seededUUIDv4(),
        dataset: 'endpoint',
        module: 'endpoint',
--- a/x-pack/plugins/security_solution/common/endpoint/types/index.ts
+++ b/x-pack/plugins/security_solution/common/endpoint/types/index.ts
@ -453,6 +453,7 @@ type DllFields = Partial<{
 export type AlertEvent = Partial<{
  event: Partial<{
    action: ECSField<string>;
+    code: ECSField<string>;
    dataset: ECSField<string>;
    module: ECSField<string>;
  }>;