github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 01:38:56 -04:00
Code Issues Projects Releases Packages Wiki Activity

[Defend Workflows] Reputation Service option added to Malicious Behavior Policy card (#161617)

Browse source 
Closes https://github.com/elastic/security-team/issues/7051

**This PR still awaits a proper copy. For now, the info icon has a
placeholder text.**

To see these changes locally, negate this check
https://github.com/elastic/kibana/pull/161617/files#diff-3d6bd044f37fc0d877d89113b0ca10f9bd64f2b4d3aaf28ecaecdfa70d379f82R89

Saved at `policy.[os]. behavior_protection.reputation_service: boolean` 


![test](0d78338c-e9d1-4441-ac74-31974f3702ea)
This commit is contained in:
Konrad Szwarc 2023-07-25 10:19:19 +02:00 committed by GitHub
parent 5f70b4b8eb
commit 7143dcf2c3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
15 changed files with 486 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/core/server/integration_tests/saved_objects/migrations/group2/check_registered_types.test.ts
View file

@ -106,7 +106,7 @@ describe('checking migration metadata changes on all registered SO types', () =>
"ingest-agent-policies": "f11cc19275f4c3e4ee7c5cd6423b6706b21b989d",
"ingest-download-sources": "d7edc5e588d9afa61c4b831604582891c54ef1c7",
"ingest-outputs": "bffa0fd93dfdde904d7f5aff77df72d1c35938d9",
"ingest-package-policies": "7d0e8d288e193e0a8a153bb420c6056bc862c4c3",
"ingest-package-policies": "55816507db0134b8efbe0509e311a91ce7e1c6cc",
"ingest_manager_settings": "418311b03c8eda53f5d2ea6f54c1356afaa65511",
"inventory-view": "b8683c8e352a286b4aca1ab21003115a4800af83",
"kql-telemetry": "93c1d16c1a0dfca9c8842062cf5ef8f62ae401ad",

20
x-pack/plugins/fleet/server/saved_objects/index.ts
View file

@ -25,6 +25,8 @@ import {
UNINSTALL_TOKENS_SAVED_OBJECT_TYPE,
} from '../constants';
import { migratePackagePolicyEvictionsFromV8100 } from './migrations/security_solution/to_v8_10_0';
import {
migrateAgentPolicyToV7100,
migratePackagePolicyToV7100,
@ -56,7 +58,10 @@ import {
migrateInstallationToV860,
migratePackagePolicyToV860,
} from './migrations/to_v8_6_0';
import { migratePackagePolicyToV870 } from './migrations/security_solution';
import {
migratePackagePolicyToV8100,
migratePackagePolicyToV870,
} from './migrations/security_solution';
import { migratePackagePolicyToV880 } from './migrations/to_v8_8_0';
import { migrateAgentPolicyToV890 } from './migrations/to_v8_9_0';
@ -269,6 +274,19 @@ const getSavedObjectTypes = (): { [key: string]: SavedObjectsType } => ({
created_by: { type: 'keyword' },
},
},
modelVersions: {
'1': {
changes: [
{
type: 'data_backfill',
backfillFn: migratePackagePolicyToV8100,
},
],
schemas: {
forwardCompatibility: migratePackagePolicyEvictionsFromV8100,
},
},
},
migrations: {
'7.10.0': migratePackagePolicyToV7100,
'7.11.0': migratePackagePolicyToV7110,

1
x-pack/plugins/fleet/server/saved_objects/migrations/security_solution/index.ts
View file

@ -18,3 +18,4 @@ export { migratePackagePolicyToV850 } from './to_v8_5_0';
export { migratePackagePolicyToV860 } from './to_v8_6_0';
export { migratePackagePolicyToV870 } from './to_v8_7_0';
export { migratePackagePolicyToV880 } from './to_v8_8_0';
export { migratePackagePolicyToV8100 } from './to_v8_10_0';

159
x-pack/plugins/fleet/server/saved_objects/migrations/security_solution/to_v8_10_0.test.ts Normal file
View file

@ -0,0 +1,159 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import type { SavedObjectUnsanitizedDoc } from '@kbn/core/server';
import type { SavedObjectModelTransformationContext } from '@kbn/core-saved-objects-server';
import type { PackagePolicy } from '../../../../common';
import { migratePackagePolicyToV8100 as migration } from './to_v8_10_0';
import { migratePackagePolicyEvictionsFromV8100 as eviction } from './to_v8_10_0';
describe('8.10.0 Endpoint Package Policy migration', () => {
const policyDoc = ({ behaviorProtection = {} }) => {
return {
id: 'mock-saved-object-id',
attributes: {
name: 'Some Policy Name',
package: {
name: 'endpoint',
title: '',
version: '',
},
id: 'endpoint',
policy_id: '',
enabled: true,
namespace: '',
revision: 0,
updated_at: '',
updated_by: '',
created_at: '',
created_by: '',
inputs: [
{
type: 'endpoint',
enabled: true,
streams: [],
config: {
policy: {
value: {
meta: {},
windows: {
behavior_protection: {
...behaviorProtection,
},
},
mac: {
behavior_protection: {
...behaviorProtection,
},
},
linux: {
behavior_protection: {
...behaviorProtection,
},
},
},
},
},
},
],
},
type: ' nested',
};
};
it('adds reputation service field to behaviour protection, set to false', () => {
const initialDoc = policyDoc({});
const migratedDoc = policyDoc({
behaviorProtection: { reputation_service: false },
});
expect(migration(initialDoc, {} as SavedObjectModelTransformationContext)).toEqual({
attributes: {
inputs: migratedDoc.attributes.inputs,
},
});
});
it('removes reputation service field from behaviour protection', () => {
const initialDoc = policyDoc({
behaviorProtection: { reputation_service: true },
});
const migratedDoc = policyDoc({});
expect(eviction(initialDoc.attributes)).toEqual(migratedDoc.attributes);
});
it('does not modify non-endpoint package policies', () => {
const doc: SavedObjectUnsanitizedDoc<PackagePolicy> = {
id: 'mock-saved-object-id',
attributes: {
name: 'Some Policy Name',
package: {
name: 'notEndpoint',
title: '',
version: '',
},
id: 'notEndpoint',
policy_id: '',
enabled: true,
namespace: '',
revision: 0,
updated_at: '',
updated_by: '',
created_at: '',
created_by: '',
inputs: [
{
type: 'notEndpoint',
enabled: true,
streams: [],
config: {},
},
],
},
type: ' nested',
};
expect(
migration(
doc,
{} as SavedObjectModelTransformationContext
) as SavedObjectUnsanitizedDoc<PackagePolicy>
).toEqual({
attributes: {
name: 'Some Policy Name',
package: {
name: 'notEndpoint',
title: '',
version: '',
},
id: 'notEndpoint',
policy_id: '',
enabled: true,
namespace: '',
revision: 0,
updated_at: '',
updated_by: '',
created_at: '',
created_by: '',
inputs: [
{
type: 'notEndpoint',
enabled: true,
streams: [],
config: {},
},
],
},
});
});
});

69
x-pack/plugins/fleet/server/saved_objects/migrations/security_solution/to_v8_10_0.ts Normal file
View file

@ -0,0 +1,69 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import type { SavedObjectUnsanitizedDoc } from '@kbn/core/server';
import type { SavedObjectModelDataBackfillFn } from '@kbn/core-saved-objects-server';
import { omit } from 'lodash';
import type { SavedObjectModelVersionForwardCompatibilityFn } from '@kbn/core-saved-objects-server';
import type { PackagePolicy } from '../../../../common';
export const migratePackagePolicyToV8100: SavedObjectModelDataBackfillFn<
PackagePolicy,
PackagePolicy
> = (packagePolicyDoc) => {
if (packagePolicyDoc.attributes.package?.name !== 'endpoint') {
return { attributes: packagePolicyDoc.attributes };
}
const updatedPackagePolicyDoc: SavedObjectUnsanitizedDoc<PackagePolicy> = packagePolicyDoc;
const input = updatedPackagePolicyDoc.attributes.inputs[0];
if (input && input.config) {
const policy = input.config.policy.value;
policy.windows.behavior_protection.reputation_service = false;
policy.mac.behavior_protection.reputation_service = false;
policy.linux.behavior_protection.reputation_service = false;
}
return {
attributes: {
inputs: updatedPackagePolicyDoc.attributes.inputs,
},
};
};
export const migratePackagePolicyEvictionsFromV8100: SavedObjectModelVersionForwardCompatibilityFn =
(unknownAttributes) => {
const attributes = unknownAttributes as PackagePolicy;
if (attributes.package?.name !== 'endpoint') {
return attributes;
}
const updatedAttributes = attributes;
const input = updatedAttributes.inputs[0];
if (input && input.config) {
const policy = input.config.policy.value;
policy.windows.behavior_protection = omit(policy.windows.behavior_protection, [
'reputation_service',
]);
policy.linux.behavior_protection = omit(policy.linux.behavior_protection, [
'reputation_service',
]);
policy.mac.behavior_protection = omit(policy.mac.behavior_protection, ['reputation_service']);
}
return updatedAttributes;
};

6
x-pack/plugins/security_solution/common/endpoint/models/policy_config.ts
View file

@ -42,6 +42,7 @@ export const policyFactory = (license = '', cloud = false): PolicyConfig => {
},
behavior_protection: {
mode: ProtectionModes.prevent,
reputation_service: false,
supported: true,
},
popup: {
@ -86,6 +87,7 @@ export const policyFactory = (license = '', cloud = false): PolicyConfig => {
},
behavior_protection: {
mode: ProtectionModes.prevent,
reputation_service: false,
supported: true,
},
memory_protection: {
@ -127,6 +129,7 @@ export const policyFactory = (license = '', cloud = false): PolicyConfig => {
},
behavior_protection: {
mode: ProtectionModes.prevent,
reputation_service: false,
supported: true,
},
memory_protection: {
@ -200,6 +203,7 @@ export const policyFactoryWithoutPaidFeatures = (
},
behavior_protection: {
mode: ProtectionModes.off,
reputation_service: false,
supported: false,
},
attack_surface_reduction: {
@ -231,6 +235,7 @@ export const policyFactoryWithoutPaidFeatures = (
...policy.mac,
behavior_protection: {
mode: ProtectionModes.off,
reputation_service: false,
supported: false,
},
memory_protection: {
@ -257,6 +262,7 @@ export const policyFactoryWithoutPaidFeatures = (
...policy.linux,
behavior_protection: {
mode: ProtectionModes.off,
reputation_service: false,
supported: false,
},
memory_protection: {

24
x-pack/plugins/security_solution/common/endpoint/models/policy_config_helpers.test.ts
View file

@ -24,23 +24,29 @@ describe('Policy Config helpers', () => {
supported: false,
};
const notSupportedBehaviorProtection: PolicyConfig['windows']['behavior_protection'] = {
mode: ProtectionModes.off,
supported: false,
reputation_service: false,
};
const inputPolicyWithoutSupportedProtections: PolicyConfig = {
...defaultPolicy,
windows: {
...defaultPolicy.windows,
memory_protection: notSupported,
behavior_protection: notSupported,
behavior_protection: notSupportedBehaviorProtection,
ransomware: notSupported,
},
mac: {
...defaultPolicy.mac,
memory_protection: notSupported,
behavior_protection: notSupported,
behavior_protection: notSupportedBehaviorProtection,
},
linux: {
...defaultPolicy.linux,
memory_protection: notSupported,
behavior_protection: notSupported,
behavior_protection: notSupportedBehaviorProtection,
},
};
@ -49,18 +55,18 @@ describe('Policy Config helpers', () => {
windows: {
...eventsOnlyPolicy.windows,
memory_protection: notSupported,
behavior_protection: notSupported,
behavior_protection: notSupportedBehaviorProtection,
ransomware: notSupported,
},
mac: {
...eventsOnlyPolicy.mac,
memory_protection: notSupported,
behavior_protection: notSupported,
behavior_protection: notSupportedBehaviorProtection,
},
linux: {
...eventsOnlyPolicy.linux,
memory_protection: notSupported,
behavior_protection: notSupported,
behavior_protection: notSupportedBehaviorProtection,
},
};
@ -134,7 +140,7 @@ export const eventsOnlyPolicy: PolicyConfig = {
malware: { mode: ProtectionModes.off, blocklist: false },
ransomware: { mode: ProtectionModes.off, supported: true },
memory_protection: { mode: ProtectionModes.off, supported: true },
behavior_protection: { mode: ProtectionModes.off, supported: true },
behavior_protection: { mode: ProtectionModes.off, supported: true, reputation_service: false },
popup: {
malware: { message: '', enabled: false },
ransomware: { message: '', enabled: false },
@ -148,7 +154,7 @@ export const eventsOnlyPolicy: PolicyConfig = {
mac: {
events: { process: true, file: true, network: true },
malware: { mode: ProtectionModes.off, blocklist: false },
behavior_protection: { mode: ProtectionModes.off, supported: true },
behavior_protection: { mode: ProtectionModes.off, supported: true, reputation_service: false },
memory_protection: { mode: ProtectionModes.off, supported: true },
popup: {
malware: { message: '', enabled: false },
@ -169,7 +175,7 @@ export const eventsOnlyPolicy: PolicyConfig = {
tty_io: false,
},
malware: { mode: ProtectionModes.off, blocklist: false },
behavior_protection: { mode: ProtectionModes.off, supported: true },
behavior_protection: { mode: ProtectionModes.off, supported: true, reputation_service: false },
memory_protection: { mode: ProtectionModes.off, supported: true },
popup: {
malware: { message: '', enabled: false },

10
x-pack/plugins/security_solution/common/endpoint/types/index.ts
View file

@ -967,7 +967,7 @@ export interface PolicyConfig {
};
malware: ProtectionFields & BlocklistFields;
memory_protection: ProtectionFields & SupportedFields;
behavior_protection: ProtectionFields & SupportedFields;
behavior_protection: BehaviorProtectionFields & SupportedFields;
ransomware: ProtectionFields & SupportedFields;
logging: {
file: string;
@ -1007,7 +1007,7 @@ export interface PolicyConfig {
network: boolean;
};
malware: ProtectionFields & BlocklistFields;
behavior_protection: ProtectionFields & SupportedFields;
behavior_protection: BehaviorProtectionFields & SupportedFields;
memory_protection: ProtectionFields & SupportedFields;
popup: {
malware: {
@ -1037,7 +1037,7 @@ export interface PolicyConfig {
tty_io: boolean;
};
malware: ProtectionFields & BlocklistFields;
behavior_protection: ProtectionFields & SupportedFields;
behavior_protection: BehaviorProtectionFields & SupportedFields;
memory_protection: ProtectionFields & SupportedFields;
popup: {
malware: {
@ -1099,6 +1099,10 @@ export interface ProtectionFields {
mode: ProtectionModes;
}
export interface BehaviorProtectionFields extends ProtectionFields {
reputation_service: boolean;
}
/** Policy: Supported fields */
export interface SupportedFields {
supported: boolean;

18
x-pack/plugins/security_solution/public/management/pages/policy/store/policy_details/index.test.ts
View file

@ -283,7 +283,11 @@ describe('policy details: ', () => {
},
malware: { mode: 'prevent', blocklist: true },
memory_protection: { mode: 'off', supported: false },
behavior_protection: { mode: 'off', supported: false },
behavior_protection: {
mode: 'off',
supported: false,
reputation_service: false,
},
ransomware: { mode: 'off', supported: false },
attack_surface_reduction: {
credential_hardening: {
@ -316,7 +320,11 @@ describe('policy details: ', () => {
mac: {
events: { process: true, file: true, network: true },
malware: { mode: 'prevent', blocklist: true },
behavior_protection: { mode: 'off', supported: false },
behavior_protection: {
mode: 'off',
supported: false,
reputation_service: false,
},
memory_protection: { mode: 'off', supported: false },
popup: {
malware: {
@ -348,7 +356,11 @@ describe('policy details: ', () => {
},
logging: { file: 'info' },
malware: { mode: 'prevent', blocklist: true },
behavior_protection: { mode: 'off', supported: false },
behavior_protection: {
mode: 'off',
supported: false,
reputation_service: false,
},
memory_protection: { mode: 'off', supported: false },
popup: {
malware: {

7
x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/cards/behaviour_protection_card.test.tsx
View file

@ -10,13 +10,16 @@ import type { AppContextTestRender } from '../../../../../../../common/mock/endp
import { createAppRootMockRenderer } from '../../../../../../../common/mock/endpoint';
import { FleetPackagePolicyGenerator } from '../../../../../../../../common/endpoint/data_generators/fleet_package_policy_generator';
import React from 'react';
import type { BehaviourProtectionCardProps } from './behaviour_protection_card';
import { BehaviourProtectionCard, LOCKED_CARD_BEHAVIOR_TITLE } from './behaviour_protection_card';
import { licenseService as licenseServiceMocked } from '../../../../../../../common/hooks/__mocks__/use_license';
import { useLicense as _useLicense } from '../../../../../../../common/hooks/use_license';
import { createLicenseServiceMock } from '../../../../../../../../common/license/mocks';
import { set } from 'lodash';
import { ProtectionModes } from '../../../../../../../../common/endpoint/types';
import type { BehaviourProtectionCardProps } from './protection_seetings_card/behaviour_protection_card';
import {
BehaviourProtectionCard,
LOCKED_CARD_BEHAVIOR_TITLE,
} from './protection_seetings_card/behaviour_protection_card';
jest.mock('../../../../../../../common/hooks/use_license');

32
x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/cards/behaviour_protection_card.tsx → x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/cards/protection_seetings_card/behaviour_protection_card.tsx
View file

@ -9,18 +9,19 @@ import React, { memo } from 'react';
import { i18n } from '@kbn/i18n';
import { OperatingSystem } from '@kbn/securitysolution-utils';
import { EuiSpacer } from '@elastic/eui';
import { useTestIdGenerator } from '../../../../../../hooks/use_test_id_generator';
import { SettingCard } from '../setting_card';
import { NotifyUserOption } from '../notify_user_option';
import { DetectPreventProtectionLevel } from '../detect_prevent_protection_level';
import { ProtectionSettingCardSwitch } from '../protection_setting_card_switch';
import type { Immutable } from '../../../../../../../../common/endpoint/types';
import { PolicyOperatingSystem } from '../../../../../../../../common/endpoint/types';
import type { BehaviorProtectionOSes } from '../../../../types';
import { useLicense } from '../../../../../../../common/hooks/use_license';
import { SettingLockedCard } from '../setting_locked_card';
import type { PolicyFormComponentCommonProps } from '../../types';
import { RelatedDetectionRulesCallout } from '../related_detection_rules_callout';
import { RelatedDetectionRulesCallout } from '../../related_detection_rules_callout';
import { ReputationService } from './components/reputation_service';
import { useTestIdGenerator } from '../../../../../../../hooks/use_test_id_generator';
import { SettingCard } from '../../setting_card';
import { NotifyUserOption } from '../../notify_user_option';
import { DetectPreventProtectionLevel } from '../../detect_prevent_protection_level';
import { ProtectionSettingCardSwitch } from '../../protection_setting_card_switch';
import type { Immutable } from '../../../../../../../../../common/endpoint/types';
import { PolicyOperatingSystem } from '../../../../../../../../../common/endpoint/types';
import type { BehaviorProtectionOSes } from '../../../../../types';
import { useLicense } from '../../../../../../../../common/hooks/use_license';
import { SettingLockedCard } from '../../setting_locked_card';
import type { PolicyFormComponentCommonProps } from '../../../types';
export const LOCKED_CARD_BEHAVIOR_TITLE = i18n.translate(
'xpack.securitySolution.endpoint.policy.details.behavior',
@ -86,6 +87,13 @@ export const BehaviourProtectionCard = memo<BehaviourProtectionCardProps>(
data-test-subj={getTestId('protectionLevel')}
/>
<ReputationService
policy={policy}
onChange={onChange}
mode={mode}
protection={protection}
/>
<NotifyUserOption
policy={policy}
onChange={onChange}

137
x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/cards/protection_seetings_card/components/reputation_service.tsx Normal file
View file

@ -0,0 +1,137 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import React, { useCallback } from 'react';
import {
EuiCheckbox,
EuiFlexGroup,
EuiFlexItem,
EuiIconTip,
EuiSpacer,
EuiText,
} from '@elastic/eui';
import { FormattedMessage } from '@kbn/i18n-react';
import { i18n } from '@kbn/i18n';
import { cloneDeep } from 'lodash';
import { useKibana } from '../../../../../../../../../common/lib/kibana';
import { useTestIdGenerator } from '../../../../../../../../hooks/use_test_id_generator';
import { SettingCardHeader } from '../../../setting_card';
import type { PolicyProtection } from '../../../../../../types';
import type { PolicyFormComponentCommonProps } from '../../../../types';
import { ProtectionModes } from '../../../../../../../../../../common/endpoint/types';
interface ReputationServiceProps extends PolicyFormComponentCommonProps {
protection: PolicyProtection;
}
const USE_REPUTATION_SERVICE_CHECKBOX_LABEL = i18n.translate(
'xpack.securitySolution.endpoint.policyDetail.useReputationService',
{
defaultMessage: 'Use reputation service',
}
);
const DO_NOT_USE_REPUTATION_SERVICE_CHECKBOX_LABEL = i18n.translate(
'xpack.securitySolution.endpoint.policyDetail.doNotUseReputationService',
{
defaultMessage: "Don't use reputation service",
}
);
export const ReputationService = React.memo(
({
policy,
onChange,
mode,
protection,
'data-test-subj': dataTestSubj,
}: ReputationServiceProps) => {
const isEditMode = mode === 'edit';
const { cloud } = useKibana().services;
const isCloud = cloud?.isCloudEnabled ?? false;
const getTestId = useTestIdGenerator(dataTestSubj);
const protectionTurnedOn = policy.windows.behavior_protection.mode !== ProtectionModes.off;
const checkboxChecked =
policy.windows.behavior_protection.reputation_service && protectionTurnedOn;
const handleChange = useCallback(
(event) => {
const newPayload = cloneDeep(policy);
newPayload.windows.behavior_protection.reputation_service = event.target.checked;
newPayload.mac.behavior_protection.reputation_service = event.target.checked;
newPayload.linux.behavior_protection.reputation_service = event.target.checked;
onChange({ isValid: true, updatedPolicy: newPayload });
},
[policy, onChange]
);
const checkboxLabel = checkboxChecked
? USE_REPUTATION_SERVICE_CHECKBOX_LABEL
: DO_NOT_USE_REPUTATION_SERVICE_CHECKBOX_LABEL;
if (!isCloud) {
return null;
}
return (
<div data-test-subj={getTestId()}>
<EuiSpacer size="m" />
<SettingCardHeader>
<EuiFlexGroup gutterSize="xs">
<EuiFlexItem grow={false} data-test-subj={getTestId('label')}>
<EuiText size="s">
<h4>
<FormattedMessage
id="xpack.securitySolution.endpoint.policyDetailsConfig.reputationService"
defaultMessage="Reputation service"
/>
</h4>
</EuiText>
</EuiFlexItem>
<EuiFlexItem grow={false} data-test-subj={getTestId('tooltipIcon')}>
<EuiIconTip
position="right"
data-test-subj={getTestId('tooltip')}
content={
<FormattedMessage
id="xpack.securitySolution.endpoint.policyDetailsConfig.reputationServiceTooltip"
defaultMessage="This option enables/disables the Reputation Service feature in Endpoint. When the option is ON, Endpoint will reach out to a Cloud API for additional malware analysis. When it's OFF, Endpoint will not reach out to the Cloud API." // TODO: update message
/>
}
/>
</EuiFlexItem>
</EuiFlexGroup>
</SettingCardHeader>
<EuiSpacer size="s" />
{isEditMode ? (
<EuiCheckbox
data-test-subj={getTestId('checkbox')}
id={`${protection}ReputationServiceCheckbox}`}
onChange={handleChange}
checked={checkboxChecked}
disabled={!protectionTurnedOn}
label={i18n.translate(
'xpack.securitySolution.endpoint.policyDetail.reputationService',
{
defaultMessage: 'Reputation service',
}
)}
/>
) : (
<>{checkboxLabel}</>
)}
</div>
);
}
);
ReputationService.displayName = 'ReputationService';

10
x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/protection_setting_card_switch.tsx
View file

@ -84,6 +84,11 @@ export const ProtectionSettingCardSwitch = React.memo(
newPayload[os].popup[protection as LinuxPolicyProtection].enabled =
event.target.checked;
}
if (protection === 'behavior_protection') {
newPayload.windows.behavior_protection.reputation_service = false;
newPayload.mac.behavior_protection.reputation_service = false;
newPayload.linux.behavior_protection.reputation_service = false;
}
}
}
} else {
@ -96,6 +101,11 @@ export const ProtectionSettingCardSwitch = React.memo(
newPayload[os][protection as LinuxPolicyProtection].mode = ProtectionModes.prevent;
}
if (isPlatinumPlus) {
if (protection === 'behavior_protection') {
newPayload.windows.behavior_protection.reputation_service = false;
newPayload.mac.behavior_protection.reputation_service = false;
newPayload.linux.behavior_protection.reputation_service = false;
}
if (os === 'windows') {
newPayload[os].popup[protection].enabled = event.target.checked;
} else if (os === 'mac') {

2
x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/policy_settings_form.tsx
View file

@ -13,7 +13,7 @@ import { LinuxEventCollectionCard } from './components/cards/linux_event_collect
import { MacEventCollectionCard } from './components/cards/mac_event_collection_card';
import { WindowsEventCollectionCard } from './components/cards/windows_event_collection_card';
import { AttackSurfaceReductionCard } from './components/cards/attack_surface_reduction_card';
import { BehaviourProtectionCard } from './components/cards/behaviour_protection_card';
import { BehaviourProtectionCard } from './components/cards/protection_seetings_card/behaviour_protection_card';
import { MemoryProtectionCard } from './components/cards/memory_protection_card';
import { RansomwareProtectionCard } from './components/cards/ransomware_protection_card';
import { MalwareProtectionsCard } from './components/cards/malware_protections_card';

27
x-pack/plugins/security_solution/server/fleet_integration/handlers/create_default_policy.test.ts
View file

@ -49,9 +49,14 @@ describe('Create Default Policy tests ', () => {
// check some of the protections to be disabled
const disabledButSupported = { mode: ProtectionModes.off, supported: true };
expect(policy.windows.behavior_protection).toEqual(disabledButSupported);
const disabledButSupportedBehaviorProtection = {
mode: ProtectionModes.off,
supported: true,
reputation_service: false,
};
expect(policy.windows.behavior_protection).toEqual(disabledButSupportedBehaviorProtection);
expect(policy.mac.memory_protection).toEqual(disabledButSupported);
expect(policy.linux.behavior_protection).toEqual(disabledButSupported);
expect(policy.linux.behavior_protection).toEqual(disabledButSupportedBehaviorProtection);
// malware popups should be disabled
expect(policy.windows.popup.malware.enabled).toBeFalsy();
@ -72,9 +77,14 @@ describe('Create Default Policy tests ', () => {
// check some of the protections to be disabled and unsupported
const disabledAndUnsupported = { mode: ProtectionModes.off, supported: false };
expect(policy.windows.behavior_protection).toEqual(disabledAndUnsupported);
const disabledAndUnsupportedBehaviorProtection = {
mode: ProtectionModes.off,
supported: false,
reputation_service: false,
};
expect(policy.windows.behavior_protection).toEqual(disabledAndUnsupportedBehaviorProtection);
expect(policy.mac.memory_protection).toEqual(disabledAndUnsupported);
expect(policy.linux.behavior_protection).toEqual(disabledAndUnsupported);
expect(policy.linux.behavior_protection).toEqual(disabledAndUnsupportedBehaviorProtection);
// malware popups are enabled on unpaid license
expect(policy.windows.popup.malware.enabled).toBeTruthy();
@ -130,9 +140,14 @@ describe('Create Default Policy tests ', () => {
// check some of the protections to be disabled
const disabledButSupported = { mode: ProtectionModes.off, supported: true };
expect(policy.windows.behavior_protection).toEqual(disabledButSupported);
const disabledButSupportedBehaviorProtection = {
mode: ProtectionModes.off,
supported: true,
reputation_service: false,
};
expect(policy.windows.behavior_protection).toEqual(disabledButSupportedBehaviorProtection);
expect(policy.mac.memory_protection).toEqual(disabledButSupported);
expect(policy.linux.behavior_protection).toEqual(disabledButSupported);
expect(policy.linux.behavior_protection).toEqual(disabledButSupportedBehaviorProtection);
// malware popups should be disabled
expect(policy.windows.popup.malware.enabled).toBeFalsy();