process create whitelist editor eval errors on add/remove actions when input values have special characters

[dstaulcu]

this issue happens in cases where inputs have special characters such as quotes. for me this occurs most often in command_line oriented inputs.

the simple xml reference describes an option to overcome this sort of problem with use of the "|s$" token filter which transforms the value of a field to string.

credit goes to slack user daljeanis who pointed this feature out to me in the dashboards_simple_xml channel.

[dstaulcu]

shoot -- my fork of your repo is too far ahead (with new features being too unstable) to issue a pull request. here is the code block that needs to change within process_create_whitelist.xml

| eval input_host_fqdn = COALESCE(if(trim($host_fqdn|s$)="", "*", trim($host_fqdn|s$)), "*") 
| eval input_user_name = COALESCE(if(trim($user_name|s$)="", "*", trim($user_name|s$)), "*") 
| eval input_mitre_technique_id = COALESCE(if(trim($mitre_technique_id|s$)="", "*", trim($mitre_technique_id|s$)), "*") 
| eval input_process_command_line = COALESCE(if(trim($process_command_line|s$)="", "*", trim($process_command_line|s$)), "*") 
| eval input_process_path = COALESCE(if(trim($process_path|s$)="", "*", trim($process_path|s$)), "*") 
| eval input_process_parent_path = COALESCE(if(trim($process_parent_path|s$)="", "*", trim($process_parent_path|s$)), "*") 
| eval input_hash_sha256 = COALESCE(if(trim($hash_sha256|s$)="", "*", trim($hash_sha256|s$)), "*") 

while you're in there you might want to update the following option in each row of the dashboard to remove some copy/paste aggravation: <option name="drilldown">none</option>

[olafhartong]

again thanks for those! appreciate the support! added them