[Security Solution][Endpoint] Reuse disableProtections function for cloud policies (#144460)

* use `disableProtections()` for cloud polices * extend `dusableProtections()` with the option to disable support for all protections * disable support on all protections for cloud policies * Revert "disable support on all protections for cloud policies" This reverts commit b74fc047de. * Revert "extend `dusableProtections()` with the option to disable support for all protections" This reverts commit 28b24836aa. Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
2025-04-24 17:59:23 -04:00 · 2022-11-07 10:54:01 +01:00 · 2022-11-07 10:54:01 +01:00 · 3d82d7e338
commit 3d82d7e338
parent 4d46bd79e0
1 changed files with 4 additions and 32 deletions
--- a/x-pack/plugins/security_solution/server/fleet_integration/handlers/create_default_policy.ts
+++ b/x-pack/plugins/security_solution/server/fleet_integration/handlers/create_default_policy.ts
@ -10,7 +10,6 @@ import {
  policyFactoryWithoutPaidFeatures as policyConfigFactoryWithoutPaidFeatures,
 } from '../../../common/endpoint/models/policy_config';
 import type { LicenseService } from '../../../common/license/license';
-import { ProtectionModes } from '../../../common/endpoint/types';
 import type { PolicyConfig } from '../../../common/endpoint/types';
 import type { AnyPolicyCreateConfig, PolicyCreateEndpointConfig } from '../types';
 import {
@ -110,43 +109,16 @@ const getEndpointPolicyWithIntegrationConfig = (
 */
 const getCloudPolicyConfig = (policy: PolicyConfig): PolicyConfig => {
  // Disabling all protections, since it's not yet supported on Cloud integrations
-  const protections = {
-    memory_protection: {
-      supported: false,
-      mode: ProtectionModes.off,
-    },
-    malware: {
-      ...policy.linux.malware,
-      mode: ProtectionModes.off,
-    },
-    behavior_protection: {
-      ...policy.linux.behavior_protection,
-      mode: ProtectionModes.off,
-    },
-  };
+  const policyWithDisabledProtections = disableProtections(policy);

  return {
-    ...policy,
+    ...policyWithDisabledProtections,
    linux: {
-      ...policy.linux,
-      ...protections,
+      ...policyWithDisabledProtections.linux,
      events: {
-        ...policy.linux.events,
+        ...policyWithDisabledProtections.linux.events,
        session_data: true,
      },
    },
-    windows: {
-      ...policy.windows,
-      ...protections,
-      // Disabling ransomware protection, since it's not supported on Cloud integrations
-      ransomware: {
-        supported: false,
-        mode: ProtectionModes.off,
-      },
-    },
-    mac: {
-      ...policy.mac,
-      ...protections,
-    },
  };
 };