mirror of
https://github.com/elastic/kibana.git
synced 2025-06-28 03:01:21 -04:00
# Backport This will backport the following commits from `main` to `9.0`: - [[EDR Workflows] Add `dns` event collection for macOS for Elastic Defend (#223566)](https://github.com/elastic/kibana/pull/223566) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Gergő Ábrahám","email":"gergo.abraham@elastic.co"},"sourceCommit":{"committedDate":"2025-06-16T13:25:47Z","message":"[EDR Workflows] Add `dns` event collection for macOS for Elastic Defend (#223566)\n\n## Summary\n\nAdds `DNS` to Defend policy config:\n<img width=\"952\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/de5aabe2-544a-49ae-82c2-59f9ffbca8c4\"\n/>\n\nThere is no migration for existing policies.\n\nFor new policies, it is enabled by default for\n- Complete EDR\n- Data Collection\n\nand disabled for other configs.\n\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [x] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [ ]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for features that require explanation or tutorials\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n\n---------\n\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"28c230d587cb4a418d8fa16f67abb9295d1f6590","branchLabelMapping":{"^v9.1.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:enhancement","Team:Defend Workflows","ci:cloud-deploy","backport:version","v9.1.0","v8.19.0","v9.0.3","v8.18.3"],"title":"[EDR Workflows] Add `dns` event collection for macOS for Elastic Defend","number":223566,"url":"https://github.com/elastic/kibana/pull/223566","mergeCommit":{"message":"[EDR Workflows] Add `dns` event collection for macOS for Elastic Defend (#223566)\n\n## Summary\n\nAdds `DNS` to Defend policy config:\n<img width=\"952\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/de5aabe2-544a-49ae-82c2-59f9ffbca8c4\"\n/>\n\nThere is no migration for existing policies.\n\nFor new policies, it is enabled by default for\n- Complete EDR\n- Data Collection\n\nand disabled for other configs.\n\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [x] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [ ]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for features that require explanation or tutorials\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n\n---------\n\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"28c230d587cb4a418d8fa16f67abb9295d1f6590"}},"sourceBranch":"main","suggestedTargetBranches":["8.19","9.0","8.18"],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/223566","number":223566,"mergeCommit":{"message":"[EDR Workflows] Add `dns` event collection for macOS for Elastic Defend (#223566)\n\n## Summary\n\nAdds `DNS` to Defend policy config:\n<img width=\"952\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/de5aabe2-544a-49ae-82c2-59f9ffbca8c4\"\n/>\n\nThere is no migration for existing policies.\n\nFor new policies, it is enabled by default for\n- Complete EDR\n- Data Collection\n\nand disabled for other configs.\n\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [x] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [ ]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for features that require explanation or tutorials\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n\n---------\n\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"28c230d587cb4a418d8fa16f67abb9295d1f6590"}},{"branch":"8.19","label":"v8.19.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"9.0","label":"v9.0.3","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.3","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Gergő Ábrahám <gergo.abraham@elastic.co> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
This commit is contained in:
Kibana Machine
GitHub
parent
257df7e551
commit
5277622918
7 changed files with 24 additions and 6 deletions
|
|
@ -95,6 +95,7 @@ export const policyFactory = ({
|
|||
},
|
||||
mac: {
|
||||
events: {
|
||||
dns: true,
|
||||
process: true,
|
||||
file: true,
|
||||
network: true,
|
||||
|
|
|
|||
|
|
@ -100,6 +100,7 @@ describe('Policy Config helpers', () => {
|
|||
};
|
||||
|
||||
const macEvents: typeof defaultPolicy.mac.events = {
|
||||
dns: false,
|
||||
file: false,
|
||||
process: false,
|
||||
network: false,
|
||||
|
|
@ -370,7 +371,7 @@ const eventsOnlyPolicy = (): PolicyConfig => ({
|
|||
attack_surface_reduction: { credential_hardening: { enabled: false } },
|
||||
},
|
||||
mac: {
|
||||
events: { process: true, file: true, network: true, security: true },
|
||||
events: { dns: true, process: true, file: true, network: true, security: true },
|
||||
malware: { mode: ProtectionModes.off, blocklist: false, on_write_scan: false },
|
||||
behavior_protection: { mode: ProtectionModes.off, supported: true, reputation_service: false },
|
||||
memory_protection: { mode: ProtectionModes.off, supported: true },
|
||||
|
|
|
|||
|
|
@ -1033,6 +1033,7 @@ export interface PolicyConfig {
|
|||
mac: {
|
||||
advanced?: {};
|
||||
events: {
|
||||
dns: boolean;
|
||||
file: boolean;
|
||||
process: boolean;
|
||||
network: boolean;
|
||||
|
|
|
|||
|
|
@ -331,7 +331,7 @@ describe('policy details: ', () => {
|
|||
},
|
||||
},
|
||||
mac: {
|
||||
events: { process: true, file: true, network: true, security: true },
|
||||
events: { dns: true, process: true, file: true, network: true, security: true },
|
||||
malware: { mode: 'prevent', blocklist: true, on_write_scan: true },
|
||||
behavior_protection: {
|
||||
mode: 'off',
|
||||
|
|
|
|||
|
|
@ -40,7 +40,7 @@ describe('Policy Mac Event Collection Card', () => {
|
|||
|
||||
expect(
|
||||
getByTestId(testSubj.optionsContainer).querySelectorAll('input[type="checkbox"]')
|
||||
).toHaveLength(4);
|
||||
).toHaveLength(5);
|
||||
expect(getByTestId(testSubj.fileCheckbox)).toBeChecked();
|
||||
expect(getByTestId(testSubj.networkCheckbox)).toBeChecked();
|
||||
expect(getByTestId(testSubj.processCheckbox)).toBeChecked();
|
||||
|
|
@ -63,8 +63,9 @@ describe('Policy Mac Event Collection Card', () => {
|
|||
'Event collection' +
|
||||
'Operating system' +
|
||||
'Mac ' +
|
||||
'4 / 4 event collections enabled' +
|
||||
'5 / 5 event collections enabled' +
|
||||
'Events' +
|
||||
'DNS' +
|
||||
'File' +
|
||||
'Process' +
|
||||
'Network' +
|
||||
|
|
@ -86,8 +87,9 @@ describe('Policy Mac Event Collection Card', () => {
|
|||
'Event collection' +
|
||||
'Operating system' +
|
||||
'Mac ' +
|
||||
'3 / 4 event collections enabled' +
|
||||
'4 / 5 event collections enabled' +
|
||||
'Events' +
|
||||
'DNS' +
|
||||
'File' +
|
||||
'Process' +
|
||||
'Network' +
|
||||
|
|
|
|||
|
|
@ -13,6 +13,12 @@ import { EventCollectionCard } from '../event_collection_card';
|
|||
import type { PolicyFormComponentCommonProps } from '../../types';
|
||||
|
||||
const OPTIONS: ReadonlyArray<EventFormOption<OperatingSystem.MAC>> = [
|
||||
{
|
||||
name: i18n.translate('xpack.securitySolution.endpoint.policyDetailsConfig.mac.events.dns', {
|
||||
defaultMessage: 'DNS',
|
||||
}),
|
||||
protectionField: 'dns',
|
||||
},
|
||||
{
|
||||
name: i18n.translate('xpack.securitySolution.endpoint.policyDetailsConfig.mac.events.file', {
|
||||
defaultMessage: 'File',
|
||||
|
|
|
|||
|
|
@ -127,7 +127,11 @@ describe('Create Default Policy tests ', () => {
|
|||
};
|
||||
};
|
||||
|
||||
const defaultEventsDisabled = () => ({
|
||||
const defaultEventsDisabled = (): {
|
||||
linux: PolicyConfig['linux']['events'];
|
||||
mac: PolicyConfig['mac']['events'];
|
||||
windows: PolicyConfig['windows']['events'];
|
||||
} => ({
|
||||
linux: {
|
||||
process: false,
|
||||
file: false,
|
||||
|
|
@ -136,11 +140,14 @@ describe('Create Default Policy tests ', () => {
|
|||
tty_io: false,
|
||||
},
|
||||
mac: {
|
||||
dns: false,
|
||||
process: false,
|
||||
file: false,
|
||||
network: false,
|
||||
security: false,
|
||||
},
|
||||
windows: {
|
||||
credential_access: false,
|
||||
process: false,
|
||||
file: false,
|
||||
network: false,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue