[Security Solution] Update detection rule callout for Endpoint Policy protections (#172471)

## Summary This PR updates the callouts in the Endpoint Policy where we mention the detection rules associated with Endpoint. This makes it more current and provides a docs link with more details. - Banner is added to the top of the Policy page - Individual banners are removed from the individual cards ![image](39c772fa-ae82-4539-b457-3ef42276cd77) ### Checklist Delete any items that are not applicable to this PR. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
2025-04-24 01:38:56 -04:00 · 2023-12-05 15:45:49 -05:00 · 2023-12-05 15:45:49 -05:00 · 76b8fae881
commit 76b8fae881
parent 7655a88d90
16 changed files with 34 additions and 61 deletions
--- a/packages/kbn-doc-links/src/get_doc_links.ts
+++ b/packages/kbn-doc-links/src/get_doc_links.ts
@ -464,6 +464,7 @@ export const getDocLinks = ({ kibanaBranch }: GetDocLinkOptions): DocLinks => {
        userRiskScore: `${SECURITY_SOLUTION_DOCS}user-risk-score.html`,
        entityRiskScoring: `${SECURITY_SOLUTION_DOCS}advanced-entity-analytics-overview.html`,
      },
+      detectionEngineOverview: `${SECURITY_SOLUTION_DOCS}detection-engine-overview.html`,
    },
    query: {
      eql: `${ELASTICSEARCH_DOCS}eql.html`,
--- a/packages/kbn-doc-links/src/types.ts
+++ b/packages/kbn-doc-links/src/types.ts
@ -355,6 +355,7 @@ export interface DocLinks {
      readonly userRiskScore: string;
      readonly entityRiskScoring: string;
    };
+    readonly detectionEngineOverview: string;
  };
  readonly query: {
    readonly eql: string;
--- a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/cards/behaviour_protection_card.test.tsx
+++ b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/cards/behaviour_protection_card.test.tsx
@ -55,7 +55,6 @@ describe('Policy Behaviour Protection Card', () => {
    expect(getByTestId(testSubj.enableDisableSwitch));
    expect(getByTestId(testSubj.protectionPreventRadio));
    expect(getByTestId(testSubj.notifyUserCheckbox));
-    expect(getByTestId(testSubj.rulesCallout));
    expect(queryByTestId(testSubj.reputationServiceCheckbox)).not.toBeInTheDocument();
  });

@ -132,12 +131,6 @@ describe('Policy Behaviour Protection Card', () => {
              ...(config.notifyUser
                ? ['Notify user', 'Notification message', '—']
                : ['Notify user']),
-              ...(config.prebuiltRules
-                ? [
-                    'View related detection rules. ',
-                    'Prebuilt rules are tagged “Elastic” on the Detection Rules page.',
-                  ]
-                : ['View related detection rules.']),
            ]
          : baseText
      ).join('');
--- a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/cards/malware_protections_card.test.tsx
+++ b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/cards/malware_protections_card.test.tsx
@ -50,7 +50,6 @@ describe('Policy Malware Protections Card', () => {
    expect(getByTestId(testSubj.enableDisableSwitch));
    expect(getByTestId(testSubj.protectionPreventRadio));
    expect(getByTestId(testSubj.notifyUserCheckbox));
-    expect(getByTestId(testSubj.rulesCallout));
  });

  it('should show supported OS values', () => {
@ -129,8 +128,7 @@ describe('Policy Malware Protections Card', () => {
            'Agent version 7.11+' +
            'Notify user' +
            'Notification message' +
-            '—' +
-            'View related detection rules. Prebuilt rules are tagged “Elastic” on the Detection Rules page.'
+            '—'
        )
      );
    });
@ -172,8 +170,7 @@ describe('Policy Malware Protections Card', () => {
            'Info' +
            'User notification' +
            'Agent version 7.11+' +
-            'Notify user' +
-            'View related detection rules. Prebuilt rules are tagged “Elastic” on the Detection Rules page.'
+            'Notify user'
        )
      );
    });
--- a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/cards/malware_protections_card.tsx
+++ b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/cards/malware_protections_card.tsx
@ -12,7 +12,6 @@ import { EuiSpacer, EuiSwitch, EuiFlexGroup, EuiFlexItem, EuiIconTip } from '@el
 import { OperatingSystem } from '@kbn/securitysolution-utils';
 import { cloneDeep } from 'lodash';
 import { useGetProtectionsUnavailableComponent } from '../../hooks/use_get_protections_unavailable_component';
-import { RelatedDetectionRulesCallout } from '../related_detection_rules_callout';
 import { NotifyUserOption } from '../notify_user_option';
 import { SettingCard } from '../setting_card';
 import type { PolicyFormComponentCommonProps } from '../../types';
@ -130,8 +129,6 @@ export const MalwareProtectionsCard = React.memo<MalwareProtectionsProps>(
          data-test-subj={getTestId('notifyUser')}
        />
        <EuiSpacer size="m" />
-
-        <RelatedDetectionRulesCallout data-test-subj={getTestId('rulesCallout')} />
      </SettingCard>
    );
  }
--- a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/cards/memory_protection_card.test.tsx
+++ b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/cards/memory_protection_card.test.tsx
@ -49,7 +49,6 @@ describe('Policy Memory Protections Card', () => {
    expect(getByTestId(testSubj.enableDisableSwitch));
    expect(getByTestId(testSubj.protectionPreventRadio));
    expect(getByTestId(testSubj.notifyUserCheckbox));
-    expect(getByTestId(testSubj.rulesCallout));
  });

  it('should show supported OS values', () => {
@ -104,8 +103,7 @@ describe('Policy Memory Protections Card', () => {
            'Agent version 7.15+' +
            'Notify user' +
            'Notification message' +
-            '—' +
-            'View related detection rules. Prebuilt rules are tagged “Elastic” on the Detection Rules page.'
+            '—'
        )
      );
    });
@ -129,8 +127,7 @@ describe('Policy Memory Protections Card', () => {
            'Agent version 7.15+' +
            'Notify user' +
            'Notification message' +
-            '—' +
-            'View related detection rules. Prebuilt rules are tagged “Elastic” on the Detection Rules page.'
+            '—'
        )
      );
    });
@ -155,8 +152,7 @@ describe('Policy Memory Protections Card', () => {
            'Agent version 7.15+' +
            'Notify user' +
            'Notification message' +
-            '—' +
-            'View related detection rules. Prebuilt rules are tagged “Elastic” on the Detection Rules page.'
+            '—'
        )
      );
    });
--- a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/cards/memory_protection_card.tsx
+++ b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/cards/memory_protection_card.tsx
@ -24,7 +24,6 @@ import type { MemoryProtectionOSes } from '../../../../types';
 import { useLicense } from '../../../../../../../common/hooks/use_license';
 import type { PolicyFormComponentCommonProps } from '../../types';
 import { SettingCard } from '../setting_card';
-import { RelatedDetectionRulesCallout } from '../related_detection_rules_callout';

 export const LOCKED_CARD_MEMORY_TITLE = i18n.translate(
  'xpack.securitySolution.endpoint.policy.details.memory',
@ -107,7 +106,6 @@ export const MemoryProtectionCard = memo<MemoryProtectionCardProps>(
        />

        <EuiSpacer size="m" />
-        <RelatedDetectionRulesCallout data-test-subj={getTestId('rulesCallout')} />
      </SettingCard>
    );
  }
--- a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/cards/protection_seetings_card/behaviour_protection_card.tsx
+++ b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/cards/protection_seetings_card/behaviour_protection_card.tsx
@ -10,7 +10,6 @@ import { i18n } from '@kbn/i18n';
 import { OperatingSystem } from '@kbn/securitysolution-utils';
 import { EuiSpacer } from '@elastic/eui';
 import { useGetProtectionsUnavailableComponent } from '../../../hooks/use_get_protections_unavailable_component';
-import { RelatedDetectionRulesCallout } from '../../related_detection_rules_callout';
 import { ReputationService } from './components/reputation_service';
 import { useTestIdGenerator } from '../../../../../../../hooks/use_test_id_generator';
 import { SettingCard } from '../../setting_card';
@ -118,7 +117,6 @@ export const BehaviourProtectionCard = memo<BehaviourProtectionCardProps>(
        />

        <EuiSpacer size="m" />
-        <RelatedDetectionRulesCallout data-test-subj={getTestId('rulesCallout')} />
      </SettingCard>
    );
  }
--- a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/cards/ransomware_protection_card.test.tsx
+++ b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/cards/ransomware_protection_card.test.tsx
@ -53,7 +53,6 @@ describe('Policy Ransomware Protections Card', () => {
    expect(getByTestId(testSubj.enableDisableSwitch));
    expect(getByTestId(testSubj.protectionPreventRadio));
    expect(getByTestId(testSubj.notifyUserCheckbox));
-    expect(getByTestId(testSubj.rulesCallout));
  });

  it('should show supported OS values', () => {
@ -108,8 +107,7 @@ describe('Policy Ransomware Protections Card', () => {
            'Agent version 7.12+' +
            'Notify user' +
            'Notification message' +
-            '—' +
-            'View related detection rules. Prebuilt rules are tagged “Elastic” on the Detection Rules page.'
+            '—'
        )
      );
    });
@ -133,8 +131,7 @@ describe('Policy Ransomware Protections Card', () => {
            'Agent version 7.12+' +
            'Notify user' +
            'Notification message' +
-            '—' +
-            'View related detection rules. Prebuilt rules are tagged “Elastic” on the Detection Rules page.'
+            '—'
        )
      );
    });
@ -159,8 +156,7 @@ describe('Policy Ransomware Protections Card', () => {
            'Agent version 7.12+' +
            'Notify user' +
            'Notification message' +
-            '—' +
-            'View related detection rules. Prebuilt rules are tagged “Elastic” on the Detection Rules page.'
+            '—'
        )
      );
    });
--- a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/cards/ransomware_protection_card.tsx
+++ b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/cards/ransomware_protection_card.tsx
@ -23,7 +23,6 @@ import {
 import type { RansomwareProtectionOSes } from '../../../../types';
 import { useLicense } from '../../../../../../../common/hooks/use_license';
 import { SettingLockedCard } from '../setting_locked_card';
-import { RelatedDetectionRulesCallout } from '../related_detection_rules_callout';
 import { useGetProtectionsUnavailableComponent } from '../../hooks/use_get_protections_unavailable_component';

 const RANSOMEWARE_OS_VALUES: Immutable<RansomwareProtectionOSes[]> = [
@ -107,8 +106,6 @@ export const RansomwareProtectionCard = React.memo<RansomwareProtectionCardProps
          data-test-subj={getTestId('notifyUser')}
        />
        <EuiSpacer size="m" />
-
-        <RelatedDetectionRulesCallout data-test-subj={getTestId('rulesCallout')} />
      </SettingCard>
    );
  }
--- a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/related_detection_rules_callout.test.tsx
+++ b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/related_detection_rules_callout.test.tsx
@ -10,17 +10,14 @@ import { createAppRootMockRenderer } from '../../../../../../common/mock/endpoin
 import React from 'react';
 import { RelatedDetectionRulesCallout } from './related_detection_rules_callout';
 import { exactMatchText } from '../mocks';
-import userEvent from '@testing-library/user-event';

 describe('Policy form RelatedDetectionRulesCallout component', () => {
  let render: () => ReturnType<AppContextTestRender['render']>;
  let renderResult: ReturnType<typeof render>;
-  let history: AppContextTestRender['history'];

  beforeEach(() => {
    const mockedContext = createAppRootMockRenderer();

-    history = mockedContext.history;
    render = () => {
      renderResult = mockedContext.render(<RelatedDetectionRulesCallout data-test-subj="test" />);
      return renderResult;
@ -32,15 +29,15 @@ describe('Policy form RelatedDetectionRulesCallout component', () => {

    expect(renderResult.getByTestId('test')).toHaveTextContent(
      exactMatchText(
-        'View related detection rules. Prebuilt rules are tagged “Elastic” on the Detection Rules page.'
+        'The Endpoint Security detection rule is enabled automatically with Elastic Defend. This rule must remain enabled to receive Endpoint alerts. Learn MoreExternal link(opens in a new tab or window).'
      )
    );
  });

-  it('should navigate to Detection Rules when link is clicked', () => {
+  it('should contain a link to the detection engine overview docs', () => {
    render();
-    userEvent.click(renderResult.getByTestId('test-link'));
+    const anchor: HTMLAnchorElement = renderResult.getByTestId('test-link') as HTMLAnchorElement;

-    expect(history.location.pathname).toEqual('/rules');
+    expect(anchor.href).toContain('detection-engine-overview.html');
  });
 });
--- a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/related_detection_rules_callout.tsx
+++ b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/related_detection_rules_callout.tsx
@ -7,32 +7,37 @@

 import React, { memo } from 'react';
 import { FormattedMessage } from '@kbn/i18n-react';
-import { EuiCallOut } from '@elastic/eui';
+import { EuiCallOut, EuiLink } from '@elastic/eui';
 import { useTestIdGenerator } from '../../../../../hooks/use_test_id_generator';
-import { LinkToApp } from '../../../../../../common/components/endpoint/link_to_app';
-import { APP_UI_ID, SecurityPageName } from '../../../../../../../common';
+import { useKibana } from '../../../../../../common/lib/kibana';

 export const RelatedDetectionRulesCallout = memo<{ 'data-test-subj'?: string }>(
  ({ 'data-test-subj': dataTestSubj }) => {
    const getTestId = useTestIdGenerator(dataTestSubj);

+    const {
+      docLinks: {
+        links: { securitySolution },
+      },
+    } = useKibana().services;
+
    return (
      <EuiCallOut iconType="iInCircle" data-test-subj={getTestId()}>
        <FormattedMessage
-          id="xpack.securitySolution.endpoint.policy.details.detectionRulesMessage"
-          defaultMessage="View {detectionRulesLink}. Prebuilt rules are tagged “Elastic” on the Detection Rules page."
+          id="xpack.securitySolution.endpoint.policy.details.detectionRulesDocsMessage"
+          defaultMessage="The Endpoint Security detection rule is enabled automatically with Elastic Defend. This rule must remain enabled to receive Endpoint alerts. {detectionRulesDocsLink}."
          values={{
-            detectionRulesLink: (
-              <LinkToApp
-                appId={APP_UI_ID}
-                deepLinkId={SecurityPageName.rules}
+            detectionRulesDocsLink: (
+              <EuiLink
                data-test-subj={getTestId('link')}
+                target="_blank"
+                href={`${securitySolution.detectionEngineOverview}`}
              >
                <FormattedMessage
-                  id="xpack.securitySolution.endpoint.policy.details.detectionRulesLink"
-                  defaultMessage="related detection rules"
+                  id="xpack.securitySolution.endpoint.policy.details.detectionRulesMessageDocsLink"
+                  defaultMessage="Learn More"
                />
-              </LinkToApp>
+              </EuiLink>
            ),
          }}
        />
--- a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/policy_settings_form.tsx
+++ b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/policy_settings_form.tsx
@ -16,6 +16,7 @@ import { WindowsEventCollectionCard } from './components/cards/windows_event_col
 import { AttackSurfaceReductionCard } from './components/cards/attack_surface_reduction_card';
 import { BehaviourProtectionCard } from './components/cards/protection_seetings_card/behaviour_protection_card';
 import { MemoryProtectionCard } from './components/cards/memory_protection_card';
+import { RelatedDetectionRulesCallout } from './components/related_detection_rules_callout';
 import { RansomwareProtectionCard } from './components/cards/ransomware_protection_card';
 import { MalwareProtectionsCard } from './components/cards/malware_protections_card';
 import type { PolicyFormComponentCommonProps } from './types';
@ -53,6 +54,8 @@ export const PolicySettingsForm = memo<PolicySettingsFormProps>((props) => {

      {!ProtectionsUpSellingComponent && (
        <>
+          <RelatedDetectionRulesCallout />
+          <EuiSpacer size="l" />
          <MalwareProtectionsCard {...props} data-test-subj={getTestId('malware')} />
          <EuiSpacer size="l" />

--- a/x-pack/plugins/translations/translations/fr-FR.json
+++ b/x-pack/plugins/translations/translations/fr-FR.json
@ -31995,7 +31995,6 @@
    "xpack.securitySolution.endpoint.policy.blocklist.layout.flyout.toastSuccess.textSingle": "La liste noire \"{name}\" a été ajoutée à votre liste.",
    "xpack.securitySolution.endpoint.policy.blocklist.list.about": "Il y {count, plural, one {est} many {sont} other {a}} {count} {count, plural, =1 {liste noire associée à cette politique} one {entrées de liste noire associées à cette politique} many {entrées de liste noire associées à cette politique} other {entrées de liste noire associées à cette politique}}. Cliquez ici pour {link}",
    "xpack.securitySolution.endpoint.policy.blocklists.list.totalItemCount": "Affichage de {totalItemsCount, plural, one {# entrée de liste noire} many {# entrées de liste noire} other {# entrées de liste noire}}",
-    "xpack.securitySolution.endpoint.policy.details.detectionRulesMessage": "Affichez {detectionRulesLink}. Les règles prédéfinies sont étiquetées “Elastic” sur la page Règles de détection.",
    "xpack.securitySolution.endpoint.policy.details.eventCollectionsEnabled": "{selected} collection(s) d'événements activée(s) sur {total}",
    "xpack.securitySolution.endpoint.policy.details.lockedCardUpgradeMessage": "Pour activer cette protection, vous devez mettre à niveau votre licence vers Platinum, démarrer un essai gratuit de 30 jours ou lancer un {cloudDeploymentLink} sur AWS, GCP ou Azure.",
    "xpack.securitySolution.endpoint.policy.details.updateConfirm.warningTitle": "Cette action va mettre à jour {endpointCount, plural, one {# point de terminaison} many {# points de terminaison} other {# points de terminaison}}",
@ -34725,7 +34724,6 @@
    "xpack.securitySolution.endpoint.policy.details.credentialHardening.toggleDisabled": "Renforcement de l'identification désactivé",
    "xpack.securitySolution.endpoint.policy.details.credentialHardening.toggleEnabled": "Renforcement de l'identification activé",
    "xpack.securitySolution.endpoint.policy.details.detect": "Détecter",
-    "xpack.securitySolution.endpoint.policy.details.detectionRulesLink": "règles de détection associées",
    "xpack.securitySolution.endpoint.policy.details.eventCollection": "Collection d'événements",
    "xpack.securitySolution.endpoint.policy.details.malware": "Malware",
    "xpack.securitySolution.endpoint.policy.details.memory": "Menace sur la mémoire",
--- a/x-pack/plugins/translations/translations/ja-JP.json
+++ b/x-pack/plugins/translations/translations/ja-JP.json
@ -31994,7 +31994,6 @@
    "xpack.securitySolution.endpoint.policy.blocklist.layout.flyout.toastSuccess.textSingle": "\"{name}\"ブロックリストがリストに追加されました。",
    "xpack.securitySolution.endpoint.policy.blocklist.list.about": "このポリシーに関連付けられた{count}個の{count, plural, =1 {ブロックリスト} other {ブロックリストエントリ}}が{count, plural, other {あります}}。ここをクリックして{link}",
    "xpack.securitySolution.endpoint.policy.blocklists.list.totalItemCount": "{totalItemsCount, plural, other {#個のブロックリストエントリ}}を表示中",
-    "xpack.securitySolution.endpoint.policy.details.detectionRulesMessage": "{detectionRulesLink}を表示します。事前構築済みルールは、［検出ルール］ページで「Elastic」というタグが付けられています。",
    "xpack.securitySolution.endpoint.policy.details.eventCollectionsEnabled": "{selected} / {total}イベント収集が有効です",
    "xpack.securitySolution.endpoint.policy.details.lockedCardUpgradeMessage": "この保護をオンにするには、ライセンスをプラチナに更新するか、30日間の無料トライアルを開始するか、AWS、GCP、またはAzureで{cloudDeploymentLink}にサインアップしてください。",
    "xpack.securitySolution.endpoint.policy.details.updateConfirm.warningTitle": "{endpointCount, plural, other {#個のエンドポイント}}が更新されます",
@ -34724,7 +34723,6 @@
    "xpack.securitySolution.endpoint.policy.details.credentialHardening.toggleDisabled": "資格情報強化無効",
    "xpack.securitySolution.endpoint.policy.details.credentialHardening.toggleEnabled": "資格情報強化有効",
    "xpack.securitySolution.endpoint.policy.details.detect": "検知",
-    "xpack.securitySolution.endpoint.policy.details.detectionRulesLink": "関連する検出ルール",
    "xpack.securitySolution.endpoint.policy.details.eventCollection": "イベント収集",
    "xpack.securitySolution.endpoint.policy.details.malware": "マルウェア",
    "xpack.securitySolution.endpoint.policy.details.memory": "メモリ脅威",
--- a/x-pack/plugins/translations/translations/zh-CN.json
+++ b/x-pack/plugins/translations/translations/zh-CN.json
@ -31989,7 +31989,6 @@
    "xpack.securitySolution.endpoint.policy.blocklist.layout.flyout.toastSuccess.textSingle": "“{name}”阻止列表已添加到您的列表。",
    "xpack.securitySolution.endpoint.policy.blocklist.list.about": "有{count, plural, other {有}}{count} 个{count, plural, =1 {阻止列表} other {阻止列表条目}}与此策略关联。单击此处以 {link}",
    "xpack.securitySolution.endpoint.policy.blocklists.list.totalItemCount": "正在显示 {totalItemsCount, plural, other {# 个阻止列表条目}}",
-    "xpack.securitySolution.endpoint.policy.details.detectionRulesMessage": "查看 {detectionRulesLink}。在“检测规则”页面上，预置规则标记有“Elastic”。",
    "xpack.securitySolution.endpoint.policy.details.eventCollectionsEnabled": "{selected} / {total} 个事件收集已启用",
    "xpack.securitySolution.endpoint.policy.details.lockedCardUpgradeMessage": "要打开此防护，必须将您的许可证升级到白金级、开始 30 天免费试用或在 AWS、GCP 或 Azure 中实施{cloudDeploymentLink}。",
    "xpack.securitySolution.endpoint.policy.details.updateConfirm.warningTitle": "此操作将更新 {endpointCount, plural, other {# 个终端}}",
@ -34719,7 +34718,6 @@
    "xpack.securitySolution.endpoint.policy.details.credentialHardening.toggleDisabled": "已禁用凭据强化",
    "xpack.securitySolution.endpoint.policy.details.credentialHardening.toggleEnabled": "已启用凭据强化",
    "xpack.securitySolution.endpoint.policy.details.detect": "检测",
-    "xpack.securitySolution.endpoint.policy.details.detectionRulesLink": "相关检测规则",
    "xpack.securitySolution.endpoint.policy.details.eventCollection": "事件收集",
    "xpack.securitySolution.endpoint.policy.details.malware": "恶意软件",
    "xpack.securitySolution.endpoint.policy.details.memory": "内存威胁",