Advanced policy opt-out for scan-on-event (#218354)

## Summary Allow users to opt out of scan-on-event to help troubleshoot and resolve performance issues. ## Release note {elastic-defend} users can now opt out of event-driven Memory Protection scanning via advanced policy. ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: Konrad Szwarc <konrad.szwarc@elastic.co>
2025-04-24 01:38:56 -04:00 · 2025-04-17 15:00:15 -04:00 · 2025-04-17 15:00:15 -04:00 · 906c8978e7
commit 906c8978e7
parent 78bf949dbf
1 changed files with 55 additions and 0 deletions
--- a/x-pack/solutions/security/plugins/security_solution/public/management/pages/policy/models/advanced_policy_schema.ts
+++ b/x-pack/solutions/security/plugins/security_solution/public/management/pages/policy/models/advanced_policy_schema.ts
@ -2378,4 +2378,59 @@ export const AdvancedPolicySchema: AdvancedPolicySchemaType[] = [
      }
    ),
  },
+  {
+    key: 'linux.advanced.memory_protection.scan_on_network_event',
+    first_supported_version: '8.17.6',
+    documentation: i18n.translate(
+      'xpack.securitySolution.endpoint.policy.advanced.linux.advanced.memory_protection.scan_on_network_event',
+      {
+        defaultMessage:
+          'Allow Memory Protection to perform memory scans in response to network activity. Default: true',
+      }
+    ),
+  },
+  {
+    key: 'mac.advanced.memory_protection.scan_on_network_event',
+    first_supported_version: '8.17.6',
+    documentation: i18n.translate(
+      'xpack.securitySolution.endpoint.policy.advanced.mac.advanced.memory_protection.scan_on_network_event',
+      {
+        defaultMessage:
+          'Allow Memory Protection to perform memory scans in response to network activity. Default: true',
+      }
+    ),
+  },
+  {
+    key: 'windows.advanced.memory_protection.scan_on_network_event',
+    first_supported_version: '8.17.6',
+    documentation: i18n.translate(
+      'xpack.securitySolution.endpoint.policy.advanced.windows.advanced.memory_protection.scan_on_network_event',
+      {
+        defaultMessage:
+          'Allow Memory Protection to perform memory scans in response to network activity. Default: true',
+      }
+    ),
+  },
+  {
+    key: 'windows.advanced.memory_protection.scan_on_api_event',
+    first_supported_version: '8.17.6',
+    documentation: i18n.translate(
+      'xpack.securitySolution.endpoint.policy.advanced.windows.advanced.memory_protection.scan_on_api_event',
+      {
+        defaultMessage:
+          'Allow Memory Protection to perform memory scans in response to API events. Default: true',
+      }
+    ),
+  },
+  {
+    key: 'windows.advanced.memory_protection.scan_on_image_load_event',
+    first_supported_version: '8.17.6',
+    documentation: i18n.translate(
+      'xpack.securitySolution.endpoint.policy.advanced.windows.advanced.memory_protection.scan_on_image_load_event',
+      {
+        defaultMessage:
+          'Allow Memory Protection to perform memory scans in response to image loads. Default: true',
+      }
+    ),
+  },
 ];