[Security Solution][Detections] Change from sha1 to sha256 #73741
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dplumlee
added
Feature:Detection Rules
|
Pinging @elastic/siem (Team:SIEM) |
dplumlee
added
the
release_note:skip
|
Can we lowercase the hash just before sending? In case a user enters something manually? |
|
@madirey are we lowercasing values for all hash fields? |
|
@dplumlee That was my understanding... @peluja1012 can you confirm? Or @gabriellandau / @crowens ? |
|
If we're sending |
madirey
approved these changes
Jul 30, 2020
madirey
reviewed
Jul 30, 2020
| ): Array<ExceptionListItemSchema | CreateExceptionListItemSchema> => { | ||
| return exceptionItems.map((item) => { | ||
| const newEntries = item.entries.map((itemEntry) => { | ||
| if (itemEntry.field.includes('.hash')) { |
There was a problem hiding this comment.
This LGTM for merging, but you could be a little more specific here and check for .hash.. Can implement later if you think it's worth doing. Thanks for doing this!
There was a problem hiding this comment.
ECS has user.hash with no subfields unlike the other hash fields so we may want to stick with .hash
There was a problem hiding this comment.
Okies. As long as we don't have any other collisions here...
pzl
approved these changes
Jul 30, 2020
dplumlee
force-pushed
the
exceptionable-field-text
branch
from
16c0cdd
to
9b65057
Compare
peluja1012
approved these changes
Jul 30, 2020
marshallmain
approved these changes
Jul 30, 2020
💚 Build SucceededBuild metricsasync chunks size
History
To update your PR or re-run it, just comment with: |
dplumlee
added a commit
to dplumlee/kibana
that referenced
this pull request
Jul 30, 2020
dplumlee
added a commit
that referenced
this pull request
Jul 30, 2020
dplumlee
added a commit
that referenced
this pull request
Jul 30, 2020
gmmorris
added a commit
to gmmorris/kibana
that referenced
this pull request
Jul 31, 2020
* master: (54 commits) [ML] Migrate to React BrowserRouter and Kibana provided History. (elastic#71941) [Discover] Improve saveSearch functional test handling (elastic#73626) [Metrics UI] Fix all threshold alert conditions disappearing due to alert prefill (elastic#73708) [Metrics UI] Fix alert previews of ungrouped alerts (elastic#73735) [SIEM] Fixes "include building block button" to operate (elastic#73900) [Metrics UI] Fix alert management to open without refresh (elastic#73739) [Security Solution][Lists] - Tests cleanup and remove unnecessary import (elastic#73865) [Ingest Management] main branch uses epr-snapshot. Others production (elastic#73555) [Canvas][tech-debt] Fix SVG not shrinking vertically properly (elastic#73867) [Maps] upgrade turf (elastic#73816) [Security Solution][Telemetry] Concurrent telemetry requests (elastic#73558) [Security Solution][Exceptions] - Update how nested entries are displayed in exceptions viewer (elastic#73745) [Security Solution][Exceptions] Adds autocomplete workaround for .text fields (elastic#73761) [Metrics UI] Fix previewing of No Data results (elastic#73753) Closes elastic#72914 by hiding anomaly detection settings links when the ml plugin is disabled. (elastic#73638) [Ingest Manager] Fix config selection in enrollment flyout from config list page (elastic#73833) [DOCS] Fixes typo in Alerting actions (elastic#73756) [APM] fixes linking errors to ML and Discover (elastic#73758) Handle promise rejections when building artifacts (elastic#73831) [Security Solution][Detections] Change from sha1 to sha256 (elastic#73741) ...
MindyRS
added
the
Team: SecuritySolution
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Changes the pre-populated endpoint field to
sha256and changes endpoint exceptionable fields to.textfields. Also lowercases hash fields in endpoint exceptions.Checklist
Delete any items that are not applicable to this PR.
For maintainers