[Security Solution][Exceptions] Fixes OS adding method for exception …

…enrichment (#94343) (#94363) Co-authored-by: Davis Plumlee <56367316+dplumlee@users.noreply.github.com>
elastic · Mar 10, 2021 · 15f6908 · 15f6908
1 parent 8f63b07
commit 15f6908
Show file tree

Hide file tree

Showing 5 changed files with 38 additions and 15 deletions.
diff --git a/x-pack/plugins/lists/common/shared_exports.ts b/x-pack/plugins/lists/common/shared_exports.ts
@@ -44,6 +44,7 @@ export {
   namespaceType,
   ExceptionListType,
   Type,
+  osType,
   osTypeArray,
   OsTypeArray,
 } from './schemas';

diff --git a/x-pack/plugins/security_solution/common/shared_imports.ts b/x-pack/plugins/security_solution/common/shared_imports.ts
@@ -45,6 +45,7 @@ export {
   Type,
   ENDPOINT_LIST_ID,
   ENDPOINT_TRUSTED_APPS_LIST_ID,
+  osType,
   osTypeArray,
   OsTypeArray,
   buildExceptionFilter,

diff --git a/...ugins/security_solution/public/common/components/exceptions/add_exception_modal/index.tsx b/...ugins/security_solution/public/common/components/exceptions/add_exception_modal/index.tsx
@@ -33,7 +33,6 @@ import {
 import * as i18nCommon from '../../../translations';
 import * as i18n from './translations';
 import * as sharedI18n from '../translations';
-import { osTypeArray, OsTypeArray } from '../../../../../common/shared_imports';
 import { useAppToasts } from '../../../hooks/use_app_toasts';
 import { useKibana } from '../../../lib/kibana';
 import { ExceptionBuilderComponent } from '../builder';
@@ -50,6 +49,7 @@ import {
   defaultEndpointExceptionItems,
   entryHasListType,
   entryHasNonEcsType,
+  retrieveAlertOsTypes,
 } from '../helpers';
 import { ErrorInfo, ErrorCallout } from '../error_callout';
 import { AlertData, ExceptionsBuilderExceptionItem } from '../types';
@@ -291,18 +291,6 @@ export const AddExceptionModal = memo(function AddExceptionModal({
     [setShouldBulkCloseAlert]
   );
 
-  const retrieveAlertOsTypes = useCallback((): OsTypeArray => {
-    const osDefaults: OsTypeArray = ['windows', 'macos'];
-    if (alertData != null) {
-      const osTypes = alertData.host && alertData.host.os && alertData.host.os.family;
-      if (osTypeArray.is(osTypes) && osTypes != null && osTypes.length > 0) {
-        return osTypes;
-      }
-      return osDefaults;
-    }
-    return osDefaults;
-  }, [alertData]);
-
   const enrichExceptionItems = useCallback((): Array<
     ExceptionListItemSchema | CreateExceptionListItemSchema
   > => {
@@ -312,11 +300,11 @@ export const AddExceptionModal = memo(function AddExceptionModal({
         ? enrichNewExceptionItemsWithComments(exceptionItemsToAdd, [{ comment }])
         : exceptionItemsToAdd;
     if (exceptionListType === 'endpoint') {
-      const osTypes = retrieveAlertOsTypes();
+      const osTypes = retrieveAlertOsTypes(alertData);
       enriched = lowercaseHashValues(enrichExceptionItemsWithOS(enriched, osTypes));
     }
     return enriched;
-  }, [comment, exceptionItemsToAdd, exceptionListType, retrieveAlertOsTypes]);
+  }, [comment, exceptionItemsToAdd, exceptionListType, alertData]);
 
   const onAddExceptionConfirm = useCallback((): void => {
     if (addOrUpdateExceptionItems != null) {

diff --git a/x-pack/plugins/security_solution/public/common/components/exceptions/helpers.test.tsx b/x-pack/plugins/security_solution/public/common/components/exceptions/helpers.test.tsx
@@ -29,6 +29,7 @@ import {
   defaultEndpointExceptionItems,
   getFileCodeSignature,
   getProcessCodeSignature,
+  retrieveAlertOsTypes,
 } from './helpers';
 import { AlertData, EmptyEntry } from './types';
 import {
@@ -533,6 +534,25 @@ describe('Exception helpers', () => {
     });
   });
 
+  describe('#retrieveAlertOsTypes', () => {
+    test('it should retrieve os type if alert data is provided', () => {
+      const alertDataMock: AlertData = {
+        '@timestamp': '1234567890',
+        _id: 'test-id',
+        host: { os: { family: 'windows' } },
+      };
+      const result = retrieveAlertOsTypes(alertDataMock);
+      const expected = ['windows'];
+      expect(result).toEqual(expected);
+    });
+
+    test('it should return default os types if alert data is not provided', () => {
+      const result = retrieveAlertOsTypes();
+      const expected = ['windows', 'macos'];
+      expect(result).toEqual(expected);
+    });
+  });
+
   describe('#entryHasListType', () => {
     test('it should return false with an empty array', () => {
       const payload: ExceptionListItemSchema[] = [];

diff --git a/x-pack/plugins/security_solution/public/common/components/exceptions/helpers.tsx b/x-pack/plugins/security_solution/public/common/components/exceptions/helpers.tsx
@@ -13,6 +13,7 @@ import uuid from 'uuid';
 
 import * as i18n from './translations';
 import {
+  AlertData,
   BuilderEntry,
   CreateExceptionListItemBuilderSchema,
   ExceptionsBuilderExceptionItem,
@@ -39,6 +40,7 @@ import {
   EntryNested,
   OsTypeArray,
   EntriesArray,
+  osType,
 } from '../../../shared_imports';
 import { IIndexPattern } from '../../../../../../../src/plugins/data/common';
 import { validate } from '../../../../common/validate';
@@ -359,6 +361,17 @@ export const enrichExceptionItemsWithOS = (
   });
 };
 
+export const retrieveAlertOsTypes = (alertData?: AlertData): OsTypeArray => {
+  const osDefaults: OsTypeArray = ['windows', 'macos'];
+  if (alertData != null) {
+    const os = alertData.host && alertData.host.os && alertData.host.os.family;
+    if (os != null) {
+      return osType.is(os) ? [os] : osDefaults;
+    }
+  }
+  return osDefaults;
+};
+
 /**
  * Returns given exceptionItems with all hash-related entries lowercased
  */