[8.14] Add advanced setting to disable memory scan on behavior alerts (#180636)

## Summary On behavior alerts with Defend, the default behavior is to enrich the alert by scanning some memory regions against Yara memory signatures. This PR adds an advanced setting to opt-out of this behavior. ### Checklist Delete any items that are not applicable to this PR. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Daniel Ferullo <56368752+ferullo@users.noreply.github.com>
2025-04-23 17:28:26 -04:00 · 2024-04-12 15:20:56 -07:00 · 2024-04-12 15:20:56 -07:00 · a3db876ab7
commit a3db876ab7
parent d3c7e180fd
1 changed files with 11 additions and 0 deletions
--- a/x-pack/plugins/security_solution/public/management/pages/policy/models/advanced_policy_schema.ts
+++ b/x-pack/plugins/security_solution/public/management/pages/policy/models/advanced_policy_schema.ts
@ -1655,6 +1655,17 @@ export const AdvancedPolicySchema: AdvancedPolicySchemaType[] = [
      }
    ),
  },
+  {
+    key: 'windows.advanced.events.memory_scan',
+    first_supported_version: '8.14',
+    documentation: i18n.translate(
+      'xpack.securitySolution.endpoint.policy.advanced.windows.advanced.events.memory_scan',
+      {
+        defaultMessage:
+          'On behavior alerts, this feature enables an additional scan of identified memory regions against well-known malware signatures. Default: true',
+      }
+    ),
+  },
  {
    key: 'windows.advanced.flags',
    first_supported_version: '8.13.0',