diff --git a/x-pack/plugins/lists/common/shared_exports.ts b/x-pack/plugins/lists/common/shared_exports.ts index 06e72b0070dfe..23da48b35a9d4 100644 --- a/x-pack/plugins/lists/common/shared_exports.ts +++ b/x-pack/plugins/lists/common/shared_exports.ts @@ -44,6 +44,7 @@ export { namespaceType, ExceptionListType, Type, + osType, osTypeArray, OsTypeArray, } from './schemas'; diff --git a/x-pack/plugins/security_solution/common/shared_imports.ts b/x-pack/plugins/security_solution/common/shared_imports.ts index a578fb932068d..aaae0d4dc25ef 100644 --- a/x-pack/plugins/security_solution/common/shared_imports.ts +++ b/x-pack/plugins/security_solution/common/shared_imports.ts @@ -45,6 +45,7 @@ export { Type, ENDPOINT_LIST_ID, ENDPOINT_TRUSTED_APPS_LIST_ID, + osType, osTypeArray, OsTypeArray, buildExceptionFilter, diff --git a/x-pack/plugins/security_solution/public/common/components/exceptions/add_exception_modal/index.tsx b/x-pack/plugins/security_solution/public/common/components/exceptions/add_exception_modal/index.tsx index 3a2170d126a24..b0ffcb8c5b5b8 100644 --- a/x-pack/plugins/security_solution/public/common/components/exceptions/add_exception_modal/index.tsx +++ b/x-pack/plugins/security_solution/public/common/components/exceptions/add_exception_modal/index.tsx @@ -33,7 +33,6 @@ import { import * as i18nCommon from '../../../translations'; import * as i18n from './translations'; import * as sharedI18n from '../translations'; -import { osTypeArray, OsTypeArray } from '../../../../../common/shared_imports'; import { useAppToasts } from '../../../hooks/use_app_toasts'; import { useKibana } from '../../../lib/kibana'; import { ExceptionBuilderComponent } from '../builder'; @@ -50,6 +49,7 @@ import { defaultEndpointExceptionItems, entryHasListType, entryHasNonEcsType, + retrieveAlertOsTypes, } from '../helpers'; import { ErrorInfo, ErrorCallout } from '../error_callout'; import { AlertData, ExceptionsBuilderExceptionItem } from '../types'; @@ -291,18 +291,6 @@ export const AddExceptionModal = memo(function AddExceptionModal({ [setShouldBulkCloseAlert] ); - const retrieveAlertOsTypes = useCallback((): OsTypeArray => { - const osDefaults: OsTypeArray = ['windows', 'macos']; - if (alertData != null) { - const osTypes = alertData.host && alertData.host.os && alertData.host.os.family; - if (osTypeArray.is(osTypes) && osTypes != null && osTypes.length > 0) { - return osTypes; - } - return osDefaults; - } - return osDefaults; - }, [alertData]); - const enrichExceptionItems = useCallback((): Array< ExceptionListItemSchema | CreateExceptionListItemSchema > => { @@ -312,11 +300,11 @@ export const AddExceptionModal = memo(function AddExceptionModal({ ? enrichNewExceptionItemsWithComments(exceptionItemsToAdd, [{ comment }]) : exceptionItemsToAdd; if (exceptionListType === 'endpoint') { - const osTypes = retrieveAlertOsTypes(); + const osTypes = retrieveAlertOsTypes(alertData); enriched = lowercaseHashValues(enrichExceptionItemsWithOS(enriched, osTypes)); } return enriched; - }, [comment, exceptionItemsToAdd, exceptionListType, retrieveAlertOsTypes]); + }, [comment, exceptionItemsToAdd, exceptionListType, alertData]); const onAddExceptionConfirm = useCallback((): void => { if (addOrUpdateExceptionItems != null) { diff --git a/x-pack/plugins/security_solution/public/common/components/exceptions/helpers.test.tsx b/x-pack/plugins/security_solution/public/common/components/exceptions/helpers.test.tsx index f21f189438890..3463f521655cb 100644 --- a/x-pack/plugins/security_solution/public/common/components/exceptions/helpers.test.tsx +++ b/x-pack/plugins/security_solution/public/common/components/exceptions/helpers.test.tsx @@ -29,6 +29,7 @@ import { defaultEndpointExceptionItems, getFileCodeSignature, getProcessCodeSignature, + retrieveAlertOsTypes, } from './helpers'; import { AlertData, EmptyEntry } from './types'; import { @@ -533,6 +534,25 @@ describe('Exception helpers', () => { }); }); + describe('#retrieveAlertOsTypes', () => { + test('it should retrieve os type if alert data is provided', () => { + const alertDataMock: AlertData = { + '@timestamp': '1234567890', + _id: 'test-id', + host: { os: { family: 'windows' } }, + }; + const result = retrieveAlertOsTypes(alertDataMock); + const expected = ['windows']; + expect(result).toEqual(expected); + }); + + test('it should return default os types if alert data is not provided', () => { + const result = retrieveAlertOsTypes(); + const expected = ['windows', 'macos']; + expect(result).toEqual(expected); + }); + }); + describe('#entryHasListType', () => { test('it should return false with an empty array', () => { const payload: ExceptionListItemSchema[] = []; diff --git a/x-pack/plugins/security_solution/public/common/components/exceptions/helpers.tsx b/x-pack/plugins/security_solution/public/common/components/exceptions/helpers.tsx index 04502d1e16204..43c3b6c082f1a 100644 --- a/x-pack/plugins/security_solution/public/common/components/exceptions/helpers.tsx +++ b/x-pack/plugins/security_solution/public/common/components/exceptions/helpers.tsx @@ -13,6 +13,7 @@ import uuid from 'uuid'; import * as i18n from './translations'; import { + AlertData, BuilderEntry, CreateExceptionListItemBuilderSchema, ExceptionsBuilderExceptionItem, @@ -39,6 +40,7 @@ import { EntryNested, OsTypeArray, EntriesArray, + osType, } from '../../../shared_imports'; import { IIndexPattern } from '../../../../../../../src/plugins/data/common'; import { validate } from '../../../../common/validate'; @@ -359,6 +361,17 @@ export const enrichExceptionItemsWithOS = ( }); }; +export const retrieveAlertOsTypes = (alertData?: AlertData): OsTypeArray => { + const osDefaults: OsTypeArray = ['windows', 'macos']; + if (alertData != null) { + const os = alertData.host && alertData.host.os && alertData.host.os.family; + if (os != null) { + return osType.is(os) ? [os] : osDefaults; + } + } + return osDefaults; +}; + /** * Returns given exceptionItems with all hash-related entries lowercased */