diff --git a/x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.ts b/x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.ts
index 29957682f72fc..60672cce972a3 100644
--- a/x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.ts
+++ b/x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.ts
@@ -5,6 +5,7 @@
  */
 
 import { schema } from '@kbn/config-schema';
+import { TrustedApp } from '../types';
 
 const hashLengths: readonly number[] = [
   32, // MD5
@@ -13,6 +14,12 @@ const hashLengths: readonly number[] = [
 ];
 const hasInvalidCharacters = /[^0-9a-f]/i;
 
+const entryFieldLabels: { [k in TrustedApp['entries'][0]['field']]: string } = {
+  'process.hash.*': 'Hash',
+  'process.executable.caseless': 'Path',
+  'process.code_signature': 'Signer',
+};
+
 export const DeleteTrustedAppsRequestSchema = {
   params: schema.object({
     id: schema.string(),
@@ -47,7 +54,7 @@ export const PostTrustedAppCreateRequestSchema = {
           const usedFields: string[] = [];
           for (const { field, value } of entries) {
             if (usedFields.includes(field)) {
-              return `[Hash] field can only be used once`;
+              return `[${entryFieldLabels[field]}] field can only be used once`;
             }
 
             usedFields.push(field);