I'm facing problem to edit my shared exception list...
I'd like to edit my rules to add a new SHA256 hash for a new version of my .exe, but this field is locked.
How to solve it?
I'm facing problem to edit my shared exception list...
I'd like to edit my rules to add a new SHA256 hash for a new version of my .exe, but this field is locked.
How to solve it?
Hi @Matheus_Marques . Welcome to the community!
What version of Kibana are you using?
This situation likely happened, because indices that queried to display edit form do not contain that field.
What is the name of affected field? Is this issue affect only this one field? Or only this exception? Or is this widespread issue and all exceptions are affected?
Are there any errors in browser network dev tools?
Fields are retrieved through internal/data_views/fields
GET request. If it failed, it might be a reason.
Regarding mappings - can you check mappings of default Security solution data view indices?
Is not available field present there?
Querying
POST .alerts-security.alerts-default,apm-*-transaction*,auditbeat-*,endgame-*,filebeat-*,logs-*,packetbeat-*,traces-apm*,winlogbeat-*,-*elastic-cloud-logs-*/_field_caps
{ "fields": ["*"]}
in dev tools would return all available fields.
Note, alerts-security.alerts-default,apm-*-transaction*,auditbeat-*,endgame-*,filebeat-*,logs-*,packetbeat-*,traces-apm*,winlogbeat-*,-*elastic-cloud-logs-*
should be replaced with the indices in your default Security Solution Data view
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.