From f2e9f6350346e07fef9e1759966c091752fd55f8 Mon Sep 17 00:00:00 2001
From: Brent Kimmel <bkimmel@endgame.com>
Date: Tue, 28 Jul 2020 14:46:20 -0400
Subject: [PATCH 1/2] Fix user name/domain to ECS structure

---
 .../security_solution/public/resolver/models/process_event.ts | 2 +-
 .../resolver/view/panels/panel_content_process_detail.tsx     | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/x-pack/plugins/security_solution/public/resolver/models/process_event.ts b/x-pack/plugins/security_solution/public/resolver/models/process_event.ts
index 4f8df87b3ac0b..af465c77c4ba8 100644
--- a/x-pack/plugins/security_solution/public/resolver/models/process_event.ts
+++ b/x-pack/plugins/security_solution/public/resolver/models/process_event.ts
@@ -144,7 +144,7 @@ export function processPath(passedEvent: ResolverEvent): string | undefined {
  */
 export function userInfoForProcess(
   passedEvent: ResolverEvent
-): { user?: string; domain?: string } | undefined {
+): { name?: string; domain?: string } | undefined {
   return passedEvent.user;
 }
 
diff --git a/x-pack/plugins/security_solution/public/resolver/view/panels/panel_content_process_detail.tsx b/x-pack/plugins/security_solution/public/resolver/view/panels/panel_content_process_detail.tsx
index 5d90cd11d31af..9f4253d8b96d7 100644
--- a/x-pack/plugins/security_solution/public/resolver/view/panels/panel_content_process_detail.tsx
+++ b/x-pack/plugins/security_solution/public/resolver/view/panels/panel_content_process_detail.tsx
@@ -72,12 +72,12 @@ export const ProcessDetails = memo(function ProcessDetails({
 
     const userEntry = {
       title: 'user.name',
-      description: (userInfoForProcess(processEvent) as { name: string }).name,
+      description: userInfoForProcess(processEvent)?.name,
     };
 
     const domainEntry = {
       title: 'user.domain',
-      description: (userInfoForProcess(processEvent) as { domain: string }).domain,
+      description: userInfoForProcess(processEvent)?.domain,
     };
 
     const parentPidEntry = {

From e5a1b9aff92450098a4da84122ae0415026c78dd Mon Sep 17 00:00:00 2001
From: Brent Kimmel <bkimmel@endgame.com>
Date: Tue, 28 Jul 2020 17:25:58 -0400
Subject: [PATCH 2/2] add test

---
 .../resolver/models/process_event.test.ts      | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/x-pack/plugins/security_solution/public/resolver/models/process_event.test.ts b/x-pack/plugins/security_solution/public/resolver/models/process_event.test.ts
index 7eb692851bc9b..4b1d555d0a7c3 100644
--- a/x-pack/plugins/security_solution/public/resolver/models/process_event.test.ts
+++ b/x-pack/plugins/security_solution/public/resolver/models/process_event.test.ts
@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-import { eventType, orderByTime } from './process_event';
+import { eventType, orderByTime, userInfoForProcess } from './process_event';
 
 import { mockProcessEvent } from './process_event_test_helpers';
 import { LegacyEndpointEvent, ResolverEvent } from '../../../common/endpoint/types';
@@ -24,6 +24,22 @@ describe('process event', () => {
       expect(eventType(event)).toEqual('processCreated');
     });
   });
+  describe('userInfoForProcess', () => {
+    let event: LegacyEndpointEvent;
+    beforeEach(() => {
+      event = mockProcessEvent({
+        user: {
+          name: 'aaa',
+          domain: 'bbb',
+        },
+      });
+    });
+    it('returns the right user info for the process', () => {
+      const { name, domain } = userInfoForProcess(event)!;
+      expect(name).toEqual('aaa');
+      expect(domain).toEqual('bbb');
+    });
+  });
   describe('orderByTime', () => {
     let mock: (time: number, eventID: string) => ResolverEvent;
     let events: ResolverEvent[];