From 8972360cf58109999a37ae0f5a137e4ffcf88302 Mon Sep 17 00:00:00 2001
From: Pete Hampton <peter.hampton@elastic.co>
Date: Mon, 7 Dec 2020 08:35:55 +0000
Subject: [PATCH] Add ECS field for event.code.

---
 .../security_solution/common/endpoint/generate_data.test.ts      | 1 +
 .../plugins/security_solution/common/endpoint/generate_data.ts   | 1 +
 x-pack/plugins/security_solution/common/endpoint/types/index.ts  | 1 +
 3 files changed, 3 insertions(+)

diff --git a/x-pack/plugins/security_solution/common/endpoint/generate_data.test.ts b/x-pack/plugins/security_solution/common/endpoint/generate_data.test.ts
index ec82f4795158e..8e4d82e4feb7d 100644
--- a/x-pack/plugins/security_solution/common/endpoint/generate_data.test.ts
+++ b/x-pack/plugins/security_solution/common/endpoint/generate_data.test.ts
@@ -129,6 +129,7 @@ describe('data generator', () => {
     const alert = generator.generateAlert({ ts: timestamp });
     expect(alert['@timestamp']).toEqual(timestamp);
     expect(alert.event?.action).not.toBeNull();
+    expect(alert.event?.code).not.toBeNull();
     expect(alert.Endpoint).not.toBeNull();
     expect(alert.agent).not.toBeNull();
     expect(alert.host).not.toBeNull();
diff --git a/x-pack/plugins/security_solution/common/endpoint/generate_data.ts b/x-pack/plugins/security_solution/common/endpoint/generate_data.ts
index 3c508bed5b2f1..e2ac361f98a59 100644
--- a/x-pack/plugins/security_solution/common/endpoint/generate_data.ts
+++ b/x-pack/plugins/security_solution/common/endpoint/generate_data.ts
@@ -531,6 +531,7 @@ export class EndpointDocGenerator {
         action: this.randomChoice(FILE_OPERATIONS),
         kind: 'alert',
         category: 'malware',
+        code: 'malicious_file',
         id: this.seededUUIDv4(),
         dataset: 'endpoint',
         module: 'endpoint',
diff --git a/x-pack/plugins/security_solution/common/endpoint/types/index.ts b/x-pack/plugins/security_solution/common/endpoint/types/index.ts
index d6be83d7cbbe3..248e0126a42e5 100644
--- a/x-pack/plugins/security_solution/common/endpoint/types/index.ts
+++ b/x-pack/plugins/security_solution/common/endpoint/types/index.ts
@@ -453,6 +453,7 @@ type DllFields = Partial<{
 export type AlertEvent = Partial<{
   event: Partial<{
     action: ECSField<string>;
+    code: ECSField<string>;
     dataset: ECSField<string>;
     module: ECSField<string>;
   }>;