-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution][Detections] Change from sha1 to sha256 #73741
Conversation
Pinging @elastic/siem (Team:SIEM) |
Can we lowercase the hash just before sending? In case a user enters something manually? |
@madirey are we lowercasing values for all hash fields? |
@dplumlee That was my understanding... @peluja1012 can you confirm? Or @gabriellandau / @crowens ? |
If we're sending |
): Array<ExceptionListItemSchema | CreateExceptionListItemSchema> => { | ||
return exceptionItems.map((item) => { | ||
const newEntries = item.entries.map((itemEntry) => { | ||
if (itemEntry.field.includes('.hash')) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This LGTM for merging, but you could be a little more specific here and check for .hash.
. Can implement later if you think it's worth doing. Thanks for doing this!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ECS has user.hash
with no subfields unlike the other hash
fields so we may want to stick with .hash
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okies. As long as we don't have any other collisions here...
16c0cdd
to
9b65057
Compare
💚 Build SucceededBuild metricsasync chunks size
History
To update your PR or re-run it, just comment with: |
* master: (54 commits) [ML] Migrate to React BrowserRouter and Kibana provided History. (elastic#71941) [Discover] Improve saveSearch functional test handling (elastic#73626) [Metrics UI] Fix all threshold alert conditions disappearing due to alert prefill (elastic#73708) [Metrics UI] Fix alert previews of ungrouped alerts (elastic#73735) [SIEM] Fixes "include building block button" to operate (elastic#73900) [Metrics UI] Fix alert management to open without refresh (elastic#73739) [Security Solution][Lists] - Tests cleanup and remove unnecessary import (elastic#73865) [Ingest Management] main branch uses epr-snapshot. Others production (elastic#73555) [Canvas][tech-debt] Fix SVG not shrinking vertically properly (elastic#73867) [Maps] upgrade turf (elastic#73816) [Security Solution][Telemetry] Concurrent telemetry requests (elastic#73558) [Security Solution][Exceptions] - Update how nested entries are displayed in exceptions viewer (elastic#73745) [Security Solution][Exceptions] Adds autocomplete workaround for .text fields (elastic#73761) [Metrics UI] Fix previewing of No Data results (elastic#73753) Closes elastic#72914 by hiding anomaly detection settings links when the ml plugin is disabled. (elastic#73638) [Ingest Manager] Fix config selection in enrollment flyout from config list page (elastic#73833) [DOCS] Fixes typo in Alerting actions (elastic#73756) [APM] fixes linking errors to ML and Discover (elastic#73758) Handle promise rejections when building artifacts (elastic#73831) [Security Solution][Detections] Change from sha1 to sha256 (elastic#73741) ...
Pinging @elastic/security-solution (Team: SecuritySolution) |
Summary
Changes the pre-populated endpoint field to
sha256
and changes endpoint exceptionable fields to.text
fields. Also lowercases hash fields in endpoint exceptions.Checklist
Delete any items that are not applicable to this PR.
For maintainers