Skip to content

Commit

Permalink
consolidate common fields
Browse files Browse the repository at this point in the history
  • Loading branch information
@kevinlog
kevinlog committed Jun 24, 2021
1 parent aaf285d commit 680c2f1
Showing 1 changed file with 27 additions and 38 deletions.
65 changes: 27 additions & 38 deletions x-pack/plugins/security_solution/public/common/components/exceptions/helpers.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -370,28 +370,34 @@ export const getPrepopulatedEndpointException = ({
const sha256Hash = file?.hash?.sha256 ?? '';
const isLinux = host?.os?.name === 'Linux';

const commonFields: Array<{
field: string;
operator: 'excluded' | 'included';
type: 'match';
value: string;
}> = [
{
field: isLinux ? 'file.path' : 'file.path.caseless',
operator: 'included',
type: 'match',
value: filePath ?? '',
},
{
field: 'file.hash.sha256',
operator: 'included',
type: 'match',
value: sha256Hash ?? '',
},
{
field: 'event.code',
operator: 'included',
type: 'match',
value: eventCode ?? '',
},
];
const entriesToAdd = () => {
if (isLinux) {
return addIdToEntries([
{
field: 'file.path',
operator: 'included',
type: 'match',
value: filePath ?? '',
},
{
field: 'file.hash.sha256',
operator: 'included',
type: 'match',
value: sha256Hash ?? '',
},
{
field: 'event.code',
operator: 'included',
type: 'match',
value: eventCode ?? '',
},
]);
return addIdToEntries(commonFields);
} else {
return addIdToEntries([
{
Expand All @@ -412,24 +418,7 @@ export const getPrepopulatedEndpointException = ({
},
],
},
{
field: 'file.path.caseless',
operator: 'included',
type: 'match',
value: filePath ?? '',
},
{
field: 'file.hash.sha256',
operator: 'included',
type: 'match',
value: sha256Hash ?? '',
},
{
field: 'event.code',
operator: 'included',
type: 'match',
value: eventCode ?? '',
},
...commonFields,
]);
}
};
Expand Down

0 comments on commit 680c2f1

Please sign in to comment.