Defend/Endpoint Advanced Policy Options for 8.9 (#161302)

## Summary New advanced Endpoint/Defend options. See their descriptions for details. ### Checklist Delete any items that are not applicable to this PR. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) --------- Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
2025-04-24 09:48:58 -04:00 · 2023-07-07 21:16:58 -04:00 · 2023-07-07 21:16:58 -04:00 · 203188db9a
commit 203188db9a
parent 4b7d18b5c3
1 changed files with 44 additions and 0 deletions
--- a/x-pack/plugins/security_solution/public/management/pages/policy/models/advanced_policy_schema.ts
+++ b/x-pack/plugins/security_solution/public/management/pages/policy/models/advanced_policy_schema.ts
@ -1286,4 +1286,48 @@ export const AdvancedPolicySchema: AdvancedPolicySchemaType[] = [
      }
    ),
  },
+  {
+    key: 'windows.advanced.events.callstacks.include_network_images',
+    first_supported_version: '8.9',
+    documentation: i18n.translate(
+      'xpack.securitySolution.endpoint.policy.advanced.windows.advanced.events.callstacks.include_network_images',
+      {
+        defaultMessage:
+          'Should executables and DLLs on network shares be parsed for call stack symbols?  This may cause Endpoint to hang on some networks. Default: true',
+      }
+    ),
+  },
+  {
+    key: 'windows.advanced.kernel.ppl.harden_images',
+    first_supported_version: '8.9',
+    documentation: i18n.translate(
+      'xpack.securitySolution.endpoint.policy.advanced.windows.advanced.kernel.ppl.harden_images',
+      {
+        defaultMessage:
+          'Mitigate attacks like PPLFault by preventing Protected Process Light (PPL) processes from loading DLLs over the network. Default: true',
+      }
+    ),
+  },
+  {
+    key: 'windows.advanced.kernel.ppl.harden_am_images',
+    first_supported_version: '8.9',
+    documentation: i18n.translate(
+      'xpack.securitySolution.endpoint.policy.advanced.windows.advanced.kernel.ppl.harden_am_images',
+      {
+        defaultMessage:
+          'Apply the windows.advanced.kernel.ppl.harden_images mitigation to Anti-Malware PPL as well. Disable this if third-party Anti-Malware is blocked from loading DLLs over the network. If this happens, there will be Event ID 8 events in the "Microsoft-Windows-Security-Mitigations/Kernel Mode" event log. Default: true',
+      }
+    ),
+  },
+  {
+    key: 'windows.advanced.malware.networkshare',
+    first_supported_version: '8.9',
+    documentation: i18n.translate(
+      'xpack.securitySolution.endpoint.policy.advanced.windows.advanced.malware.networkshare',
+      {
+        defaultMessage:
+          'Controls whether malware protection is applied to network drives. Default: true',
+      }
+    ),
+  },
 ];