diff --git a/x-pack/solutions/security/plugins/entity_store/server/domain/constants.ts b/x-pack/solutions/security/plugins/entity_store/server/domain/constants.ts index 92f522cff4f9f..697f6b24d7953 100644 --- a/x-pack/solutions/security/plugins/entity_store/server/domain/constants.ts +++ b/x-pack/solutions/security/plugins/entity_store/server/domain/constants.ts @@ -9,6 +9,7 @@ import type { EngineStatus } from './saved_objects'; import type { EntityStoreStatus } from './types'; export const ECS_MAPPINGS_COMPONENT_TEMPLATE = 'ecs@mappings'; +export const HASH_ALG = 'sha256' as const; export const ENTITY_STORE_SOURCE_INDICES_PRIVILEGES = ['read', 'view_index_metadata']; export const ENTITY_STORE_TARGET_INDICES_PRIVILEGES = ['read', 'manage']; diff --git a/x-pack/solutions/security/plugins/entity_store/server/domain/crud/utils.test.ts b/x-pack/solutions/security/plugins/entity_store/server/domain/crud/utils.test.ts index 8f6de8428280f..16dedb89b20cc 100644 --- a/x-pack/solutions/security/plugins/entity_store/server/domain/crud/utils.test.ts +++ b/x-pack/solutions/security/plugins/entity_store/server/domain/crud/utils.test.ts @@ -5,6 +5,7 @@ * 2.0. */ +import { createHash } from 'crypto'; import { isNotEmptyCondition } from '../../../common/domain/definitions/common_fields'; import type { Entity } from '../../../common/domain/definitions/entity.gen'; import { @@ -13,6 +14,7 @@ import { type ManagedEntityDefinition, } from '../../../common/domain/definitions/entity_schema'; import { getEntityDefinition } from '../../../common/domain/definitions/registry'; +import { HASH_ALG } from '../constants'; import { BadCRUDRequestError } from '../errors'; import { hashEuid, validateAndTransformDoc, validateDocIdentification } from './utils'; @@ -53,11 +55,12 @@ describe('crud_client utils', () => { }); describe('hashEuid', () => { - it('returns a valid MD5 hash', () => { + it('returns a valid SHA-256 hash', () => { const hashedId = hashEuid('entity-id'); + const expectedHash = createHash(HASH_ALG).update('entity-id').digest('hex'); - expect(hashedId).toMatch(/^[a-f0-9]{32}$/); - expect(hashedId).toBe('169fbe0cb705d8d8811b5098d0cf4588'); + expect(hashedId).toMatch(/^[a-f0-9]{64}$/); + expect(hashedId).toBe(expectedHash); }); }); diff --git a/x-pack/solutions/security/plugins/entity_store/server/domain/crud/utils.ts b/x-pack/solutions/security/plugins/entity_store/server/domain/crud/utils.ts index de57f75c91e0b..6bf57804d2151 100644 --- a/x-pack/solutions/security/plugins/entity_store/server/domain/crud/utils.ts +++ b/x-pack/solutions/security/plugins/entity_store/server/domain/crud/utils.ts @@ -16,15 +16,14 @@ import type { EntityField, ManagedEntityDefinition, } from '../../../common/domain/definitions/entity_schema'; +import { HASH_ALG } from '../constants'; import { BadCRUDRequestError } from '../errors'; type CrudOperation = 'create' | 'update'; const GENERIC_TYPE = 'generic' as EntityType; export function hashEuid(id: string): string { - // EUID generation uses MD5. It is not a security-related feature. - // eslint-disable-next-line @kbn/eslint/no_unsafe_hash - return createHash('md5').update(id).digest('hex'); + return createHash(HASH_ALG).update(id).digest('hex'); } // validateDocIdentification checks provided and generated EUIDs. It diff --git a/x-pack/solutions/security/plugins/entity_store/server/domain/logs_extraction/__snapshots__/logs_extraction_query_builder.test.ts.snap b/x-pack/solutions/security/plugins/entity_store/server/domain/logs_extraction/__snapshots__/logs_extraction_query_builder.test.ts.snap index 90a66be7dfe8c..9dd1b30ab53d1 100644 --- a/x-pack/solutions/security/plugins/entity_store/server/domain/logs_extraction/__snapshots__/logs_extraction_query_builder.test.ts.snap +++ b/x-pack/solutions/security/plugins/entity_store/server/domain/logs_extraction/__snapshots__/logs_extraction_query_builder.test.ts.snap @@ -149,7 +149,7 @@ exports[`buildLogsExtractionEsqlQuery generates the expected query for generic e @timestamp = recent.timestamp, entity.name = CASE(entity.name IS NOT NULL AND entity.name != \\"\\", entity.name, recent.entity.EngineMetadata.UntypedId), entity.EngineMetadata.Type = \\"generic\\", - entity.hashedId = HASH(\\"MD5\\", recent.entity.id) + entity.hashedId = HASH(\\"sha256\\", recent.entity.id) | RENAME recent.entity.id AS entity.id, recent.entity.EngineMetadata.UntypedId AS entity.EngineMetadata.UntypedId @@ -330,7 +330,7 @@ exports[`buildLogsExtractionEsqlQuery generates the expected query for host enti @timestamp = recent.timestamp, entity.name = CASE(entity.name IS NOT NULL AND entity.name != \\"\\", entity.name, recent.entity.EngineMetadata.UntypedId), entity.EngineMetadata.Type = \\"host\\", - entity.hashedId = HASH(\\"MD5\\", recent.entity.id), + entity.hashedId = HASH(\\"sha256\\", recent.entity.id), entity.type = COALESCE(entity.type, \\"Host\\") | RENAME recent.entity.id AS entity.id, @@ -514,7 +514,7 @@ exports[`buildLogsExtractionEsqlQuery generates the expected query for host with @timestamp = recent.timestamp, entity.name = CASE(entity.name IS NOT NULL AND entity.name != \\"\\", entity.name, recent.entity.EngineMetadata.UntypedId), entity.EngineMetadata.Type = \\"host\\", - entity.hashedId = HASH(\\"MD5\\", recent.entity.id), + entity.hashedId = HASH(\\"sha256\\", recent.entity.id), entity.type = COALESCE(entity.type, \\"Host\\") | RENAME recent.entity.id AS entity.id, @@ -698,7 +698,7 @@ exports[`buildLogsExtractionEsqlQuery generates the expected query for host with @timestamp = recent.timestamp, entity.name = CASE(entity.name IS NOT NULL AND entity.name != \\"\\", entity.name, recent.entity.EngineMetadata.UntypedId), entity.EngineMetadata.Type = \\"host\\", - entity.hashedId = HASH(\\"MD5\\", recent.entity.id), + entity.hashedId = HASH(\\"sha256\\", recent.entity.id), entity.type = COALESCE(entity.type, \\"Host\\") | RENAME recent.entity.id AS entity.id, @@ -829,7 +829,7 @@ exports[`buildLogsExtractionEsqlQuery generates the expected query for service e @timestamp = recent.timestamp, entity.name = CASE(entity.name IS NOT NULL AND entity.name != \\"\\", entity.name, recent.entity.EngineMetadata.UntypedId), entity.EngineMetadata.Type = \\"service\\", - entity.hashedId = HASH(\\"MD5\\", recent.entity.id), + entity.hashedId = HASH(\\"sha256\\", recent.entity.id), entity.type = COALESCE(entity.type, \\"Service\\") | RENAME recent.entity.id AS entity.id, @@ -993,7 +993,7 @@ true, CASE((user.email IS NOT NULL AND user.email != \\"\\" AND entity.namespace @timestamp = recent.timestamp, entity.name = CASE(entity.name IS NOT NULL AND entity.name != \\"\\", entity.name, recent.entity.EngineMetadata.UntypedId), entity.EngineMetadata.Type = \\"user\\", - entity.hashedId = HASH(\\"MD5\\", recent.entity.id), + entity.hashedId = HASH(\\"sha256\\", recent.entity.id), entity.type = COALESCE(entity.type, \\"Identity\\") | RENAME recent.entity.id AS entity.id, diff --git a/x-pack/solutions/security/plugins/entity_store/server/domain/logs_extraction/logs_extraction_query_builder.ts b/x-pack/solutions/security/plugins/entity_store/server/domain/logs_extraction/logs_extraction_query_builder.ts index 2d1921b57b765..b6a0a32a75e3e 100644 --- a/x-pack/solutions/security/plugins/entity_store/server/domain/logs_extraction/logs_extraction_query_builder.ts +++ b/x-pack/solutions/security/plugins/entity_store/server/domain/logs_extraction/logs_extraction_query_builder.ts @@ -16,6 +16,7 @@ import { type EntityType, } from '../../../common/domain/definitions/entity_schema'; import { getEuidEsqlEvaluation } from '../../../common/domain/euid/esql'; +import { HASH_ALG } from '../constants'; import { buildExtractionSourceClause, buildFieldEvaluations, @@ -38,7 +39,6 @@ import { } from './query_builder_commons'; export const HASHED_ID_FIELD = 'entity.hashedId'; -const HASH_ALG = 'MD5'; export const MAIN_EXTRACTION_PAGINATION_FIELDS: PaginationFields = { timestampField: ENGINE_METADATA_PAGINATION_FIRST_SEEN_LOG_FIELD, diff --git a/x-pack/solutions/security/plugins/entity_store/test/scout/api/fixtures/entity_extraction_expected.ts b/x-pack/solutions/security/plugins/entity_store/test/scout/api/fixtures/entity_extraction_expected.ts index 4055dc9a0753a..ca1693fb0aa0d 100644 --- a/x-pack/solutions/security/plugins/entity_store/test/scout/api/fixtures/entity_extraction_expected.ts +++ b/x-pack/solutions/security/plugins/entity_store/test/scout/api/fixtures/entity_extraction_expected.ts @@ -8,7 +8,7 @@ export const expectedHostEntities = [ { _index: '.entities.v2.latest.security_default', - _id: 'a3872e401531d41f50a187fa61fbfffe', + _id: '5c4590a1e799d5fa9d43908d6f609027f1caa55efef5979757a094cfd80f2f81', _source: { '@timestamp': '2026-01-20T12:05:00.000Z', host: { id: 'host-123' }, @@ -22,7 +22,7 @@ export const expectedHostEntities = [ }, { _index: '.entities.v2.latest.security_default', - _id: 'd5b2488f87685ca7ef426aad7ccc777e', + _id: '3ba8efeb63e3aa8c0e7272b25c5e443670e87ac1a78e9e67687da0ee9b7a4b5f', _source: { '@timestamp': '2026-01-20T12:05:02.000Z', host: { domain: 'example.com', name: 'server-01' }, @@ -36,7 +36,7 @@ export const expectedHostEntities = [ }, { _index: '.entities.v2.latest.security_default', - _id: '934bc21e8f973c51aafc12cf6d7e2182', + _id: '59093c7a60d8eb6d70d09ba7cde21ef58774fee0fe3738498b746b98968d8046', _source: { '@timestamp': '2026-01-20T12:05:03.000Z', host: { domain: 'test.org', hostname: 'domain-only-host' }, @@ -50,7 +50,7 @@ export const expectedHostEntities = [ }, { _index: '.entities.v2.latest.security_default', - _id: 'b3f4c3355bd6bec40156867ae5ddb158', + _id: 'f8878d2ea2a52d05b08097538e92c89a0146320d0b8f5169d26f7b3d96336918', _source: { '@timestamp': '2026-01-20T12:05:04.000Z', host: { hostname: 'laptop-01' }, @@ -64,7 +64,7 @@ export const expectedHostEntities = [ }, { _index: '.entities.v2.latest.security_default', - _id: 'cb20977f0b08562677a022f7362b3e9a', + _id: '897ba3ebc6ad71a081e7fc69b79473abaf6d425ab3c42a08e3f92b9a6bac7412', _source: { '@timestamp': '2026-01-20T12:05:05.000Z', host: { name: 'desktop-02' }, @@ -78,7 +78,7 @@ export const expectedHostEntities = [ }, { _index: '.entities.v2.latest.security_default', - _id: '0074d60e067281b4286ec527953c8e7b', + _id: '6746dba00f1e5062c513ff8b4b8707069894308b12a69bd590763ae56880dda9', _source: { '@timestamp': '2026-01-20T12:05:06.000Z', host: { name: 'server-02', domain: 'example.com', id: 'host-456' }, @@ -92,7 +92,7 @@ export const expectedHostEntities = [ }, { _index: '.entities.v2.latest.security_default', - _id: '7ce02ea9458bb0c3adccc71ea36acced', + _id: '60cde316aec6a9697ea87bfc44cf2b8c492e1a81408b6c955d367a47a77841c9', _source: { '@timestamp': '2026-01-20T12:05:07.000Z', host: { hostname: 'workstation-10', id: 'host-789' }, @@ -106,7 +106,7 @@ export const expectedHostEntities = [ }, { _index: '.entities.v2.latest.security_default', - _id: '17d1516154981894f9b6b33ed0a5f376', + _id: '2fb2f574f23c5013662d0e90cb88956b925f54ce381f605ce43970ab9d226fa5', _source: { '@timestamp': '2026-01-20T12:05:08.000Z', host: { name: 'server-03', domain: 'test.com', hostname: 'backup-server' }, @@ -120,7 +120,7 @@ export const expectedHostEntities = [ }, { _index: '.entities.v2.latest.security_default', - _id: '4ba0b24674c753a7ce7112ef5617163e', + _id: '09bcd5d78b75a3adef2a52e183f655d678e148594ff151552d119c44a6d0a878', _source: { '@timestamp': '2026-01-20T12:05:09.000Z', host: { name: 'server-04' }, @@ -134,7 +134,7 @@ export const expectedHostEntities = [ }, { _index: '.entities.v2.latest.security_default', - _id: '9fff579a1f2d32a2c470ed711de1e04b', + _id: 'b0a7cfbcf83d479cf075035daad72b41c3de8ce811d2f6897318f9bc1bb987ac', _source: { '@timestamp': '2026-01-20T12:05:10.000Z', host: { id: 'host-404' }, @@ -148,7 +148,7 @@ export const expectedHostEntities = [ }, { _index: '.entities.v2.latest.security_default', - _id: 'cb46f3f3322e70d1443042d1a7b25392', + _id: '768eb4b39da6860133158f0bd8e150bb35a6ddafa36a16835876994be3eb1282', _source: { '@timestamp': '2026-01-20T12:05:10.000Z', host: { domain: 'test.net', name: 'server-05' }, @@ -162,7 +162,7 @@ export const expectedHostEntities = [ }, { _index: '.entities.v2.latest.security_default', - _id: 'e4e2c26804f019603ba4dc39bb3d156a', + _id: 'c08cb55dbe4f377ab1def9e763a82e0f9bf06cf231618e1353982569a7cb0077', _source: { '@timestamp': '2026-01-20T12:05:11.000Z', host: { domain: 'example.com', hostname: 'empty-name-host', name: '' }, @@ -176,7 +176,7 @@ export const expectedHostEntities = [ }, { _index: '.entities.v2.latest.security_default', - _id: '4bf68ff60fc8b19cec2241992556322a', + _id: 'b15370fcb6af62f86e08adfc76d6a4bbddf608c99dd413a328b141c3bc856baa', _source: { '@timestamp': '2026-01-20T12:05:11.000Z', host: { domain: 'corp.local', id: '', name: 'workstation-05' }, @@ -190,7 +190,7 @@ export const expectedHostEntities = [ }, { _index: '.entities.v2.latest.security_default', - _id: 'e261124bb880ea7368c98faa7da81ebc', + _id: 'ef614751487e09e78b059dabbe45f3520990f98ba845ace99f393c77f887d2da', _source: { '@timestamp': '2026-01-20T12:05:12.000Z', host: { domain: 'corp.local', hostname: 'workstation-20' }, @@ -204,7 +204,7 @@ export const expectedHostEntities = [ }, { _index: '.entities.v2.latest.security_default', - _id: 'a5d3d8b58538b9ee1ca73b50d15d4b52', + _id: 'a81cc7862183be0830ee40949661eb3892d2b1f0c9d1d536e6f88e6774c7dfdd', _source: { '@timestamp': '2026-01-20T12:05:13.000Z', host: { domain: '', name: 'server-06' }, @@ -218,7 +218,7 @@ export const expectedHostEntities = [ }, { _index: '.entities.v2.latest.security_default', - _id: 'dbc04494402b73d5414cdf90850d777e', + _id: '92a7476f32e5e8edec138184b41959c82fa37050841e24c58d07500addd57aa2', _source: { '@timestamp': '2026-01-20T12:05:17.000Z', host: { id: 'host-606' }, @@ -232,7 +232,7 @@ export const expectedHostEntities = [ }, { _index: '.entities.v2.latest.security_default', - _id: 'f4f72af0a17ce6d61931f6712a4a31d4', + _id: '1632a83b7ec4a14465d1af6d1896969cf1dc5c212d2a71b2a17087c8de799b7a', _source: { '@timestamp': '2026-01-20T12:05:17.000Z', host: { name: 'server-08' }, @@ -246,7 +246,7 @@ export const expectedHostEntities = [ }, { _index: '.entities.v2.latest.security_default', - _id: '68c7ffbdcf9404e4494ac43a83719ef5', + _id: 'a8f8ffa08603e5be512b0568c0ac960cac5082415f60a133cc4bac22b87d5e31', _source: { '@timestamp': '2026-01-20T12:05:18.000Z', host: { name: 'server-07' }, @@ -260,7 +260,7 @@ export const expectedHostEntities = [ }, { _index: '.entities.v2.latest.security_default', - _id: '1fba7560b67c8b51827bac3b6c86fce1', + _id: 'a46f698d3e156552cbbe33a7640f980187edeaeb241e2b13f3549576f0b67e28', _source: { '@timestamp': '2026-01-20T12:05:18.000Z', host: { hostname: 'workstation-30' }, @@ -274,7 +274,7 @@ export const expectedHostEntities = [ }, { _index: '.entities.v2.latest.security_default', - _id: '57c90235aa397f0a2acabc5b998be85b', + _id: 'f02169eec02621bcecb234b58b06cec66357c1553c9914fd3f049d234e3008d8', _source: { '@timestamp': '2026-01-20T12:05:23.000Z', host: { id: 'host-nonidp-001' }, @@ -291,7 +291,7 @@ export const expectedHostEntities = [ export const expectedUserEntities = [ { _index: '.entities.v2.latest.security_default', - _id: '261870a6cea12b6e1fc583a9dc126174', + _id: 'b567c98b4ef4ba050d3201175d7cbf1ef5a4377e10f1a7ca23f8f7b2c384dbb4', _source: { '@timestamp': '2026-01-20T12:05:00.000Z', user: { name: 'john.doe' }, @@ -306,7 +306,7 @@ export const expectedUserEntities = [ }, { _index: '.entities.v2.latest.security_default', - _id: 'd61cd4da553bba392a1d981e99813b64', + _id: '3d2e874ed64e8b5c6b3cd7a72f620dd5e4f1be97e6faab4da281f8b8f6c04913', _source: { '@timestamp': '2026-01-20T12:05:01.000Z', user: { name: 'jane.smith' }, @@ -321,7 +321,7 @@ export const expectedUserEntities = [ }, { _index: '.entities.v2.latest.security_default', - _id: 'ef0d2dde6f4a97a4014d3af87e08e440', + _id: 'f54b6e21827a7e18b4dfc4736893d3766a9db81bec6e806a1c9afe7fffe3571c', _source: { '@timestamp': '2026-01-20T12:05:02.000Z', user: { name: 'bob.jones' }, @@ -336,7 +336,7 @@ export const expectedUserEntities = [ }, { _index: '.entities.v2.latest.security_default', - _id: 'e74b74aa915d74830488d4d7daacf43a', + _id: 'f1e9f0712f2e4f2dc13612daebe203fac9c8c56dcc0b4c3575af8cfdbd05e095', _source: { '@timestamp': '2026-01-20T12:05:03.000Z', user: { name: 'alice.brown', id: 'user-789' }, @@ -350,7 +350,7 @@ export const expectedUserEntities = [ }, { _index: '.entities.v2.latest.security_default', - _id: '28ac9cb0b4ccfb93ec0cab9046747514', + _id: 'da02d432b766ee35f68647f9714f619611eb5e05e14bb3ae43e5e4f48e2f6f7e', _source: { '@timestamp': '2026-01-20T12:05:04.000Z', entity: { @@ -363,7 +363,7 @@ export const expectedUserEntities = [ }, { _index: '.entities.v2.latest.security_default', - _id: 'c752e4150545f512207d03943d1fd06f', + _id: 'c7ad17bde8724fc1773c8800c2e7adf35ac01661bbd8321fe3f37fd50c5118c6', _source: { '@timestamp': '2026-01-20T12:05:04.000Z', user: { id: 'user-101' }, @@ -377,7 +377,7 @@ export const expectedUserEntities = [ }, { _index: '.entities.v2.latest.security_default', - _id: '2ad665aff3d81324d733b4811ae0839d', + _id: 'bbbdc4f04c4e3d052dc35f846de9044c144f729499ec0948cf55882e8fc4e33a', _source: { '@timestamp': '2026-01-20T12:05:05.000Z', user: { email: 'test@example.com' }, @@ -391,7 +391,7 @@ export const expectedUserEntities = [ }, { _index: '.entities.v2.latest.security_default', - _id: '725d5a8408a77ccc3592e8580e7faf2a', + _id: '62c5dd196f6e5e6c82d94043e99b51fcaf6e976bd4e2a9f0a507f27447d5dc3f', _source: { '@timestamp': '2026-01-20T12:05:06.000Z', user: { domain: 'corp', name: 'charlie.wilson' }, @@ -405,7 +405,7 @@ export const expectedUserEntities = [ }, { _index: '.entities.v2.latest.security_default', - _id: '68844d2ff831ef513e9161920c99f3f5', + _id: '43d3c510e836c10954b768e31075f42830d555751c01bdcf2c3a068c2e601174', _source: { '@timestamp': '2026-01-20T12:05:07.000Z', user: { name: 'david.lee' }, @@ -419,7 +419,7 @@ export const expectedUserEntities = [ }, { _index: '.entities.v2.latest.security_default', - _id: '781c11882c999bfe1e5abea4a1efc957', + _id: '05547ae5914edf47b9fbd787dedd38148c3f8240c542c1419851718722e8ed1c', _source: { '@timestamp': '2026-01-20T12:05:08.000Z', user: { name: '', id: 'user-202' }, @@ -433,7 +433,7 @@ export const expectedUserEntities = [ }, { _index: '.entities.v2.latest.security_default', - _id: '2a607f0c69df13ce9e87917e060b6187', + _id: '526f58f4a72a4e80f9b95d4a3cd3f67f227c06843a2854336a257b844e2a4489', _source: { '@timestamp': '2026-01-20T12:05:09.000Z', user: { id: 'user-303' }, @@ -447,7 +447,7 @@ export const expectedUserEntities = [ }, { _index: '.entities.v2.latest.security_default', - _id: '7364b12841cc03684b914e8030fef006', + _id: 'a797c8c22378d097a5c2a04496a8d7a62d6f44bf2c4bb3fc59a4863e36e159da', _source: { '@timestamp': '2026-01-20T12:05:10.000Z', user: { name: 'eve.martin' }, @@ -462,7 +462,7 @@ export const expectedUserEntities = [ }, { _index: '.entities.v2.latest.security_default', - _id: '6ad44ae06e03650c5dd7aca3b2a8f10e', + _id: 'fe44b2619de15aa30170dde991ee224069d210beda4db607e4bce75bae4c1746', _source: { '@timestamp': '2026-01-20T12:05:11.000Z', user: { name: 'frank.taylor' }, @@ -477,7 +477,7 @@ export const expectedUserEntities = [ }, { _index: '.entities.v2.latest.security_default', - _id: '0d4cb781d8fd1c26dde6c8bff9aedc12', + _id: '034deba2c721973f2116bccea7d63b237ac1e380208dc9b1c4d555f616b9adfe', _source: { '@timestamp': '2026-01-20T12:05:12.000Z', user: { email: 'grace@example.com', name: 'grace.anderson' }, @@ -491,7 +491,7 @@ export const expectedUserEntities = [ }, { _index: '.entities.v2.latest.security_default', - _id: '5ef1b1d34000dcbba643e5d1abfbfed7', + _id: '42df55aa9b3d15a3b0af954aa93c68556cd5bcae0f61796fff74bffffdb51434', _source: { '@timestamp': '2026-01-20T12:05:13.000Z', user: { name: 'henry.clark' }, @@ -505,7 +505,7 @@ export const expectedUserEntities = [ }, { _index: '.entities.v2.latest.security_default', - _id: '69c411f02935a3f626c6e86621c5151f', + _id: '1d138cf603a471abef52ffb6333d63dadcf9e34af1788f539cf999c8230727c9', _source: { '@timestamp': '2026-01-20T12:05:14.000Z', user: { domain: '', name: 'iris.davis' }, @@ -519,7 +519,7 @@ export const expectedUserEntities = [ }, { _index: '.entities.v2.latest.security_default', - _id: '4eedae8c46980b421f482f3b443b4eeb', + _id: 'd2e88c95d22d9a787c932b72328f7d47cade891dda0bc7d8b823b14cf3fc3e23', _source: { '@timestamp': '2026-01-20T12:05:15.000Z', user: { name: 'jack.white' }, @@ -533,7 +533,7 @@ export const expectedUserEntities = [ }, { _index: '.entities.v2.latest.security_default', - _id: '8ecf2dbd6b527eb9f28dafbc915c8540', + _id: '5404b10c22698b0ec86abec4c3bc429a8f8f063ed1dc6eee24b127a3521e9d63', _source: { '@timestamp': '2026-01-20T12:05:16.000Z', user: { name: 'karen.green', id: 'user-505' }, @@ -548,7 +548,7 @@ export const expectedUserEntities = [ }, { _index: '.entities.v2.latest.security_default', - _id: 'bab9aeab6cd3406b267a98ee43ceddfb', + _id: '7b4db899b11d212ff774f38b2253ec037fa88c1592ce5df752045879d8c35872', _source: { '@timestamp': '2026-01-20T12:05:17.000Z', user: { email: 'larry@example.com', name: 'larry.black' }, @@ -563,7 +563,7 @@ export const expectedUserEntities = [ }, { _index: '.entities.v2.latest.security_default', - _id: '9503edc03052f2ae6b94fbaf553ad9a2', + _id: '1f49dd57680b1986183a83644a0182b64b921c84e3e464a98a25664186b38f30', _source: { '@timestamp': '2026-01-20T12:05:18.000Z', user: { domain: 'corp', name: 'mary.blue' }, @@ -578,7 +578,7 @@ export const expectedUserEntities = [ }, { _index: '.entities.v2.latest.security_default', - _id: '5cb0c0bb84d9141af0df2789a245182d', + _id: '810b6c4feac1dcb16d1d8c428170eae525b7043421d5955a2ebdbe3e811ae5f2', _source: { '@timestamp': '2026-01-20T12:05:19.000Z', user: { name: 'not-captured-no-module' }, @@ -592,7 +592,7 @@ export const expectedUserEntities = [ }, { _index: '.entities.v2.latest.security_default', - _id: '70858af64ff6f823645c9f2030942f2f', + _id: '6d0b61db6529233f9e39eedfc91919e526d7b55d2d9e395c26f8fbce1b5541b5', _source: { '@timestamp': '2026-01-20T12:05:20.000Z', user: { name: 'okta.from.dataset' }, @@ -606,7 +606,7 @@ export const expectedUserEntities = [ }, { _index: '.entities.v2.latest.security_default', - _id: '67e5305b77e994a4e5061980e161917f', + _id: '139e9d308ffadedbca2ecdcc1d2b6f2ebed8f53a3a33f9bc11328574389f76f3', _source: { '@timestamp': '2026-01-20T12:05:21.000Z', user: { name: 'cloudtrail.user' }, @@ -620,7 +620,7 @@ export const expectedUserEntities = [ }, { _index: '.entities.v2.latest.security_default', - _id: 'aa9c2809da7706d63d4b195e9ae73a81', + _id: 'fb171d701c968880c3eac6a1375c01a8335220f921d1f6d3d35e01e4396b4b74', _source: { '@timestamp': '2026-01-20T12:05:22.000Z', user: { name: 'no.module.user' }, @@ -634,7 +634,7 @@ export const expectedUserEntities = [ }, { _index: '.entities.v2.latest.security_default', - _id: '8b022706c522aff12ed7fc2dfc6e71ba', + _id: '18668fc50a8bfceef942a50bc1bb0dad7d1b503efa7dd55b4da8bf5086f9e42d', _source: { '@timestamp': '2026-01-20T12:05:23.000Z', user: { name: 'alice.local' }, @@ -652,7 +652,7 @@ export const expectedUserEntities = [ export const expectedServiceEntities = [ { _index: '.entities.v2.latest.security_default', - _id: 'd71824649f3db60bf0a6892863af6e2a', + _id: '4a03614567f337f8129a115df2fa0ee23657227a4e3c5bcaf6a06e5a295a77a9', _source: { '@timestamp': '2026-01-20T12:05:04.000Z', entity: { @@ -665,7 +665,7 @@ export const expectedServiceEntities = [ }, { _index: '.entities.v2.latest.security_default', - _id: '0f9d5fcd02e63ca500ca9515f76ce174', + _id: 'c3e453f58f98e329531f73ca57250f78449f73989748271ade0a9880d3255a6a', _source: { '@timestamp': '2026-01-20T12:05:05.000Z', entity: { @@ -681,7 +681,7 @@ export const expectedServiceEntities = [ export const expectedGenericEntities = [ { _index: '.entities.v2.latest.security_default', - _id: 'c52f04341df58ee3f0ceb4a270e5814b', + _id: 'd98cd38cf7da05a3c32920813a0529fbc6fff7312d0bf774e85e1fc273a5ffdb', _source: { '@timestamp': '2026-01-20T12:05:05.000Z', entity: { diff --git a/x-pack/solutions/security/plugins/entity_store/test/scout/api/tests/entity_extraction_paginated.spec.ts b/x-pack/solutions/security/plugins/entity_store/test/scout/api/tests/entity_extraction_paginated.spec.ts index d9f7648a2b67f..7f48d138cb471 100644 --- a/x-pack/solutions/security/plugins/entity_store/test/scout/api/tests/entity_extraction_paginated.spec.ts +++ b/x-pack/solutions/security/plugins/entity_store/test/scout/api/tests/entity_extraction_paginated.spec.ts @@ -91,7 +91,7 @@ apiTest.describe( }); expect(entities.hits.hits).toHaveLength(expectedResultCount); - // it's deterministic because of the MD5 id + // it's deterministic because of the SHA-256 id // manually checking object until we have a snapshot matcher expect(entities.hits.hits).toMatchObject(expectedHostEntities); } diff --git a/x-pack/solutions/security/plugins/entity_store/test/scout/api/tests/logs_extraction.spec.ts b/x-pack/solutions/security/plugins/entity_store/test/scout/api/tests/logs_extraction.spec.ts index 66267263afc93..b35171a22d0c5 100644 --- a/x-pack/solutions/security/plugins/entity_store/test/scout/api/tests/logs_extraction.spec.ts +++ b/x-pack/solutions/security/plugins/entity_store/test/scout/api/tests/logs_extraction.spec.ts @@ -91,7 +91,7 @@ apiTest.describe('Entity Store Main logs extraction', { tag: ENTITY_STORE_TAGS } }); expect(entities.hits.hits).toHaveLength(expectedResultCount); - // it's deterministic because of the MD5 id; + // it's deterministic because of the SHA-256 id; expect(entities.hits.hits).toMatchObject(expectedHostEntities); }); @@ -128,7 +128,7 @@ apiTest.describe('Entity Store Main logs extraction', { tag: ENTITY_STORE_TAGS } }); expect(entities.hits.hits).toHaveLength(expectedResultCount); - // it's deterministic because of the MD5 id + // it's deterministic because of the SHA-256 id // manually checking object until we have a snapshot matcher expect(entities.hits.hits).toMatchObject(expectedUserEntities); // All user entities must have entity.namespace (from fieldEvaluations) and entity.confidence (from whenConditionTrueSetFieldsPreAgg) @@ -171,7 +171,7 @@ apiTest.describe('Entity Store Main logs extraction', { tag: ENTITY_STORE_TAGS } }); expect(entities.hits.hits).toHaveLength(2); - // it's deterministic because of the MD5 id + // it's deterministic because of the SHA-256 id // manually checking object until we have a snapshot matcher expect(entities.hits.hits).toMatchObject(expectedServiceEntities); }); @@ -207,7 +207,7 @@ apiTest.describe('Entity Store Main logs extraction', { tag: ENTITY_STORE_TAGS } }); expect(entities.hits.hits).toHaveLength(1); - // it's deterministic because of the MD5 id + // it's deterministic because of the SHA-256 id // manually checking object until we have a snapshot matcher expect(entities.hits.hits).toMatchObject(expectedGenericEntities); });