Skip to content

Commit

Permalink
Add ECS field for event.code. (#85109)
Browse files Browse the repository at this point in the history
  • Loading branch information
pjhampton authored Dec 9, 2020
1 parent f2d961d commit fc2673b
Show file tree
Hide file tree
Showing 3 changed files with 3 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,7 @@ describe('data generator', () => {
const alert = generator.generateAlert({ ts: timestamp });
expect(alert['@timestamp']).toEqual(timestamp);
expect(alert.event?.action).not.toBeNull();
expect(alert.event?.code).not.toBeNull();
expect(alert.Endpoint).not.toBeNull();
expect(alert.agent).not.toBeNull();
expect(alert.host).not.toBeNull();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -531,6 +531,7 @@ export class EndpointDocGenerator {
action: this.randomChoice(FILE_OPERATIONS),
kind: 'alert',
category: 'malware',
code: 'malicious_file',
id: this.seededUUIDv4(),
dataset: 'endpoint',
module: 'endpoint',
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -453,6 +453,7 @@ type DllFields = Partial<{
export type AlertEvent = Partial<{
event: Partial<{
action: ECSField<string>;
code: ECSField<string>;
dataset: ECSField<string>;
module: ECSField<string>;
}>;
Expand Down

0 comments on commit fc2673b

Please sign in to comment.