[Security Solution] Add missing 8.4 Policy advanced options (#137333) (#137351)

* [Security Solution] Add missing 8.4 Policy advanced options (cherry picked from commit e3f62dcc03) Co-authored-by: Kevin Logan <56395104+kevinlog@users.noreply.github.com>
2025-04-24 09:48:58 -04:00 · 2022-07-27 18:04:51 -04:00 · 2022-07-27 18:04:51 -04:00 · a206de1b33
commit a206de1b33
parent 435bb0c5c7
1 changed files with 22 additions and 0 deletions
--- a/x-pack/plugins/security_solution/public/management/pages/policy/models/advanced_policy_schema.ts
+++ b/x-pack/plugins/security_solution/public/management/pages/policy/models/advanced_policy_schema.ts
@ -982,4 +982,26 @@ export const AdvancedPolicySchema: AdvancedPolicySchemaType[] = [
      }
    ),
  },
+  {
+    key: 'windows.advanced.memory_protection.context_manipulation_detection',
+    first_supported_version: '8.4',
+    documentation: i18n.translate(
+      'xpack.securitySolution.endpoint.policy.advanced.windows.advanced.memory_protection.context_manipulation_detection',
+      {
+        defaultMessage:
+          'Detect injection based on thread context manipulation (e.g. `SetThreadContext`) as a part of memory protection. Default: true',
+      }
+    ),
+  },
+  {
+    key: 'windows.advanced.kernel.image_and_process_file_timestamp',
+    first_supported_version: '8.4',
+    documentation: i18n.translate(
+      'xpack.securitySolution.endpoint.policy.advanced.windows.advanced.kernel.image_and_process_file_timestamp',
+      {
+        defaultMessage:
+          'Collect executable/dll timestamps for process and async image load events. Default: true',
+      }
+    ),
+  },
 ];