diff --git a/x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.test.ts b/x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.test.ts
index ab3549c11bef4..f83496737bcc6 100644
--- a/x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.test.ts
+++ b/x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.test.ts
@@ -293,11 +293,28 @@ describe('When invoking Trusted Apps Schema', () => {
       });
 
       it('should validate that `entry.field` is used only once', () => {
-        const bodyMsg = {
+        let bodyMsg = {
           ...getCreateTrustedAppItem(),
           entries: [getTrustedAppItemEntryItem(), getTrustedAppItemEntryItem()],
         };
-        expect(() => body.validate(bodyMsg)).toThrow();
+        expect(() => body.validate(bodyMsg)).toThrow('[Path] field can only be used once');
+
+        bodyMsg = {
+          ...getCreateTrustedAppItem(),
+          entries: [
+            {
+              ...getTrustedAppItemEntryItem(),
+              field: 'process.hash.*',
+              value: VALID_HASH_MD5,
+            },
+            {
+              ...getTrustedAppItemEntryItem(),
+              field: 'process.hash.*',
+              value: VALID_HASH_MD5,
+            },
+          ],
+        };
+        expect(() => body.validate(bodyMsg)).toThrow('[Hash] field can only be used once');
       });
 
       it('should validate Hash field valid value', () => {
diff --git a/x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.ts b/x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.ts
index 29957682f72fc..60672cce972a3 100644
--- a/x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.ts
+++ b/x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.ts
@@ -5,6 +5,7 @@
  */
 
 import { schema } from '@kbn/config-schema';
+import { TrustedApp } from '../types';
 
 const hashLengths: readonly number[] = [
   32, // MD5
@@ -13,6 +14,12 @@ const hashLengths: readonly number[] = [
 ];
 const hasInvalidCharacters = /[^0-9a-f]/i;
 
+const entryFieldLabels: { [k in TrustedApp['entries'][0]['field']]: string } = {
+  'process.hash.*': 'Hash',
+  'process.executable.caseless': 'Path',
+  'process.code_signature': 'Signer',
+};
+
 export const DeleteTrustedAppsRequestSchema = {
   params: schema.object({
     id: schema.string(),
@@ -47,7 +54,7 @@ export const PostTrustedAppCreateRequestSchema = {
           const usedFields: string[] = [];
           for (const { field, value } of entries) {
             if (usedFields.includes(field)) {
-              return `[Hash] field can only be used once`;
+              return `[${entryFieldLabels[field]}] field can only be used once`;
             }
 
             usedFields.push(field);