Skip to content

[Security Solution] More Ransomware exceptionable fields #130039

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kevinlog merged 1 commit into from
Apr 12, 2022
Merged

[Security Solution] More Ransomware exceptionable fields #130039

kevinlog merged 1 commit into from
Apr 12, 2022

Conversation

@kevinlog
Copy link
Contributor

@kevinlog kevinlog commented Apr 12, 2022

Summary

Adds a few more fields for Ransomware exceptions.

Ransomware.files.entropy
Ransomware.files.extension
Ransomware.files.operation
Ransomware.files.path
Ransomware.child_processes.files.entropy
Ransomware.child_processes.files.extension
Ransomware.child_processes.files.operation
Ransomware.child_processes.files.path

image

image

@kevinlog kevinlog added release_note:skip Skip the PR/issue when compiling release notes Team:Defend Workflows “EDR Workflows” sub-team of Security Solution auto-backport Deprecated - use backport:version if exact versions are needed v8.2.0 v8.3.0 labels Apr 12, 2022
@kevinlog kevinlog requested a review from a team as a code owner April 12, 2022 16:26
@elasticmachine
Copy link
Contributor

elasticmachine commented Apr 12, 2022

Pinging @elastic/security-onboarding-and-lifecycle-mgt (Team:Onboarding and Lifecycle Mgt)

magermark
magermark approved these changes Apr 12, 2022
View reviewed changes
Copy link
Contributor

@magermark magermark left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@kevinlog kevinlog enabled auto-merge (squash) April 12, 2022 16:30
paul-tavares
paul-tavares approved these changes Apr 12, 2022
View reviewed changes
Copy link
Contributor

@paul-tavares paul-tavares left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good.
Just to make sure - this applies only to Exceptions and NOT Event Filters, correct?

@kevinlog
Copy link
Contributor Author

kevinlog commented Apr 12, 2022

Just to make sure - this applies only to Exceptions and NOT Event Filters, correct?

@paul-tavares - yes, event filters uses a different source to populate its fields.

@kibana-ci
Copy link

kibana-ci commented Apr 12, 2022

💚 Build Succeeded

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 4.8MB 4.8MB +282.0B

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@kevinlog kevinlog merged commit e0932c6 into elastic:main Apr 12, 2022
kibanamachine pushed a commit that referenced this pull request Apr 12, 2022
@kevinlog
[Security Solution] More Ransomware exceptionable fields (#130039)
92161d8 
(cherry picked from commit e0932c6)
@kibanamachine kibanamachine mentioned this pull request Apr 12, 2022
Merged
@kibanamachine
Copy link
Contributor

kibanamachine commented Apr 12, 2022

💚 All backports created successfully

Status Branch Result
8.2

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation

kibanamachine added a commit that referenced this pull request Apr 12, 2022
@kibanamachine @kevinlog
[Security Solution] More Ransomware exceptionable fields (#130039) (#…
65e2391 
…130046)

(cherry picked from commit e0932c6)

Co-authored-by: Kevin Logan <[email protected]>
jloleysens added a commit to jloleysens/kibana that referenced this pull request Apr 13, 2022
@jloleysens
Merge branch 'main' of github.com:elastic/kibana into reporting/soft-…
26b64f9 
…disable-server-side

* 'main' of github.com:elastic/kibana: (35 commits)
  [Uptime] remove latency limit warnings when using monitor management (elastic#129597)
  [Security Solution] [ReponseOps] Executes Cases Cypress test when there is a change on cases plugin (elastic#129992)
  Paramaterized Discover tests (elastic#129684)
  [Security Solution][Investigations] - Minor bug fixes (elastic#130054)
  [DOCS} Adds technical preview to Lens annotations (elastic#130058)
  [Security solution] [Endpoint] Revisit blocklist wrong labels (elastic#128773)
  [Security Solutions] Adds API docs for value lists (elastic#129962)
  [CI] Move jest tests to spot instances, and fix spot retries in PRs (elastic#130045)
  chore(NA): upgrades rules_node_js to v5.4.0 (elastic#130051)
  [SecuritySolution] Remove the cell hovers actions for agent status (elastic#130042)
  Upgrade RxJS to 7 (elastic#129087)
  [SecuritySolution] Clean up CaseContext (elastic#130036)
  Revert "chore(NA): upgrades rules_node_js to v5.4.0 (elastic#130021)"
  Use RuleDataReader to query for threshold signal history (elastic#129763)
  Remove securityRulesCancelEnabled setting and set shorter default timeouts (elastic#129769)
  Upgrade EUI to v54.0.0 (elastic#129653)
  [Security Solution] More Ransomware exceptionable fields (elastic#130039)
  Add e2e for the apm integration policy form (elastic#129860)
  chore(NA): upgrades rules_node_js to v5.4.0 (elastic#130021)
  [ML] Fix Single Metric Viewer chart failing to load if no points during calendar event (elastic#130000)
  ...

# Conflicts:
#	x-pack/plugins/screenshotting/server/screenshots/index.test.ts
@kevinlog kevinlog deleted the task/add-ransomware-exceptionable-fields branch April 13, 2022 11:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@joeypoon joeypoon joeypoon approved these changes

@magermark magermark magermark approved these changes

@paul-tavares paul-tavares paul-tavares approved these changes

Assignees

No one assigned

Labels

auto-backport Deprecated - use backport:version if exact versions are needed release_note:skip Skip the PR/issue when compiling release notes Team:Defend Workflows “EDR Workflows” sub-team of Security Solution v8.2.0 v8.3.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@kevinlog @elasticmachine @kibana-ci @kibanamachine @joeypoon @magermark @paul-tavares