I can't add or edit Shared Exception List

I'm facing problem to edit my shared exception list...

I'd like to edit my rules to add a new SHA256 hash for a new version of my .exe, but this field is locked.

How to solve it?

1 Like

Hi @Matheus_Marques . Welcome to the community!

What version of Kibana are you using?

This situation likely happened, because indices that queried to display edit form do not contain that field.

What is the name of affected field? Is this issue affect only this one field? Or only this exception? Or is this widespread issue and all exceptions are affected?

Are there any errors in browser network dev tools?
Fields are retrieved through internal/data_views/fields GET request. If it failed, it might be a reason.

Regarding mappings - can you check mappings of default Security solution data view indices?
Is not available field present there?

Querying

POST .alerts-security.alerts-default,apm-*-transaction*,auditbeat-*,endgame-*,filebeat-*,logs-*,packetbeat-*,traces-apm*,winlogbeat-*,-*elastic-cloud-logs-*/_field_caps
{ "fields": ["*"]}

in dev tools would return all available fields.

Note, alerts-security.alerts-default,apm-*-transaction*,auditbeat-*,endgame-*,filebeat-*,logs-*,packetbeat-*,traces-apm*,winlogbeat-*,-*elastic-cloud-logs-* should be replaced with the indices in your default Security Solution Data view