[8.10] [Security Solution] Reputation service on by default if a cloud deployment (#163836) (#164170)

# Backport

This will backport the following commits from `main` to `8.10`:
- [[Security Solution] Reputation service on by default if a cloud
deployment (#163836)](https://github.com/elastic/kibana/pull/163836)

<!--- Backport version: 8.9.7 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Kevin
Logan","email":"56395104+kevinlog@users.noreply.github.com"},"sourceCommit":{"committedDate":"2023-08-17T12:45:27Z","message":"[Security
Solution] Reputation service on by default if a cloud deployment
(#163836)\n\n## Summary\r\n\r\nThe reputation service Policy option
should be `true` by default if it\r\nis a cloud deployment. Otherwise it
should be `false`. This PR corrects\r\nthe default option for new
policies if it is a cloud deployment.\r\n\r\nThe migrated Policies
should still always default to `false` (already\r\nimplemented in a
previous PR)\r\n\r\nNew Policy with `cloud:
true`\r\n\r\n![image](3f33375b-3bbb-4e3c-be2f-ebe489fcf0d1)\r\n\r\nNew
Policy with `cloud:
false`\r\n\r\n![image](82c0df3b-ce93-412f-89c6-c26b54eff8dd)\r\n\r\n###
Checklist\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common
scenarios\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"cb444bc319007c6fa16e471b0c9ab5d1195f6420","branchLabelMapping":{"^v8.10.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Defend
Workflows","v8.10.0","v8.11.0"],"number":163836,"url":"https://github.com/elastic/kibana/pull/163836","mergeCommit":{"message":"[Security
Solution] Reputation service on by default if a cloud deployment
(#163836)\n\n## Summary\r\n\r\nThe reputation service Policy option
should be `true` by default if it\r\nis a cloud deployment. Otherwise it
should be `false`. This PR corrects\r\nthe default option for new
policies if it is a cloud deployment.\r\n\r\nThe migrated Policies
should still always default to `false` (already\r\nimplemented in a
previous PR)\r\n\r\nNew Policy with `cloud:
true`\r\n\r\n![image](3f33375b-3bbb-4e3c-be2f-ebe489fcf0d1)\r\n\r\nNew
Policy with `cloud:
false`\r\n\r\n![image](82c0df3b-ce93-412f-89c6-c26b54eff8dd)\r\n\r\n###
Checklist\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common
scenarios\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"cb444bc319007c6fa16e471b0c9ab5d1195f6420"}},"sourceBranch":"main","suggestedTargetBranches":["8.11"],"targetPullRequestStates":[{"branch":"main","label":"v8.10.0","labelRegex":"^v8.10.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/163836","number":163836,"mergeCommit":{"message":"[Security
Solution] Reputation service on by default if a cloud deployment
(#163836)\n\n## Summary\r\n\r\nThe reputation service Policy option
should be `true` by default if it\r\nis a cloud deployment. Otherwise it
should be `false`. This PR corrects\r\nthe default option for new
policies if it is a cloud deployment.\r\n\r\nThe migrated Policies
should still always default to `false` (already\r\nimplemented in a
previous PR)\r\n\r\nNew Policy with `cloud:
true`\r\n\r\n![image](3f33375b-3bbb-4e3c-be2f-ebe489fcf0d1)\r\n\r\nNew
Policy with `cloud:
false`\r\n\r\n![image](82c0df3b-ce93-412f-89c6-c26b54eff8dd)\r\n\r\n###
Checklist\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common
scenarios\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"cb444bc319007c6fa16e471b0c9ab5d1195f6420"}},{"branch":"8.11","label":"v8.11.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Kevin Logan <56395104+kevinlog@users.noreply.github.com>

x-pack/plugins/security_solution/common/endpoint/models/policy_config.ts

@@ -53,7 +53,7 @@ export const policyFactory = (
       },
       behavior_protection: {
         mode: ProtectionModes.prevent,
-        reputation_service: false,
+        reputation_service: cloud, // Defaults to true if on cloud
         supported: true,
       },
       popup: {
@@ -98,7 +98,7 @@ export const policyFactory = (
       },
       behavior_protection: {
         mode: ProtectionModes.prevent,
-        reputation_service: false,
+        reputation_service: cloud, // Defaults to true if on cloud
         supported: true,
       },
       memory_protection: {
@@ -140,7 +140,7 @@ export const policyFactory = (
       },
       behavior_protection: {
         mode: ProtectionModes.prevent,
-        reputation_service: false,
+        reputation_service: cloud, // Defaults to true if on cloud
         supported: true,
       },
       memory_protection: {

x-pack/plugins/security_solution/server/fleet_integration/handlers/create_default_policy.test.ts

@@ -66,7 +66,7 @@ describe('Create Default Policy tests ', () => {
       const disabledButSupportedBehaviorProtection = {
         mode: ProtectionModes.off,
         supported: true,
-        reputation_service: false,
+        reputation_service: true,
       };
       expect(policy.windows.behavior_protection).toEqual(disabledButSupportedBehaviorProtection);
       expect(policy.mac.memory_protection).toEqual(disabledButSupported);
@@ -157,7 +157,7 @@ describe('Create Default Policy tests ', () => {
       const disabledButSupportedBehaviorProtection = {
         mode: ProtectionModes.off,
         supported: true,
-        reputation_service: false,
+        reputation_service: true,
       };
       expect(policy.windows.behavior_protection).toEqual(disabledButSupportedBehaviorProtection);
       expect(policy.mac.memory_protection).toEqual(disabledButSupported);
@@ -201,10 +201,12 @@ describe('Create Default Policy tests ', () => {
     it('Should return the default config when preset is EDR Complete', async () => {
       const config = createEndpointConfig({ preset: 'EDRComplete' });
       const policy = await createDefaultPolicyCallback(config);
-      const defaultPolicy = policyFactory();
+      const licenseType = 'platinum';
+      const isCloud = true;
+      const defaultPolicy = policyFactory(licenseType, isCloud);
       // update defaultPolicy w/ platinum license & cloud info
-      defaultPolicy.meta.license = 'platinum';
-      defaultPolicy.meta.cloud = true;
+      defaultPolicy.meta.license = licenseType;
+      defaultPolicy.meta.cloud = isCloud;
       expect(policy).toMatchObject(defaultPolicy);
     });
 

x-pack/plugins/security_solution/server/fleet_integration/handlers/create_default_policy.ts

@@ -37,19 +37,15 @@ export const createDefaultPolicy = (
   esClientInfo: InfoResponse,
   appFeatures: AppFeatures
 ): PolicyConfig => {
-  const factoryPolicy = policyConfigFactory();
-
-  // Add license and cloud information after policy creation
-  factoryPolicy.meta.license = licenseService.getLicenseType();
-  factoryPolicy.meta.cloud = cloud?.isCloudEnabled;
-  factoryPolicy.meta.cluster_name = esClientInfo?.cluster_name
-    ? esClientInfo.cluster_name
-    : factoryPolicy.meta.cluster_name;
-  factoryPolicy.meta.cluster_uuid = esClientInfo?.cluster_uuid
-    ? esClientInfo.cluster_uuid
-    : factoryPolicy.meta.cluster_uuid;
-  factoryPolicy.meta.license_uid = licenseService.getLicenseUID();
-  factoryPolicy.meta.serverless = cloud.isServerlessEnabled || false;
+  // Pass license and cloud information to use in Policy creation
+  const factoryPolicy = policyConfigFactory(
+    licenseService.getLicenseType(),
+    cloud?.isCloudEnabled,
+    licenseService.getLicenseUID(),
+    esClientInfo?.cluster_uuid,
+    esClientInfo?.cluster_name,
+    cloud?.isServerlessEnabled
+  );
 
   let defaultPolicyPerType: PolicyConfig =
     config?.type === 'cloud'