[8.5][Elastic Defend onboarding] Updates to text for Endpoint presets (#142138)

2025-04-24 01:38:56 -04:00 · 2022-10-03 19:01:01 -07:00 · 2022-10-03 19:01:01 -07:00 · aa12bea33c
commit aa12bea33c
parent 6de0091178
2 changed files with 89 additions and 19 deletions
--- a/x-pack/plugins/security_solution/public/management/pages/policy/view/ingest_manager_integration/endpoint_policy_create_extension/endpoint_policy_create_extension.tsx
+++ b/x-pack/plugins/security_solution/public/management/pages/policy/view/ingest_manager_integration/endpoint_policy_create_extension/endpoint_policy_create_extension.tsx
@ -14,10 +14,14 @@ import {
  EuiTitle,
  EuiSpacer,
  EuiFormRow,
+  EuiCallOut,
+  EuiLink,
+  EuiCode,
 } from '@elastic/eui';
 import { FormattedMessage } from '@kbn/i18n-react';
 import styled from 'styled-components';
 import type { PackagePolicyCreateExtensionComponentProps } from '@kbn/fleet-plugin/public';
+import { useLicense } from '../../../../../../common/hooks/use_license';
 import {
  ALL_EVENTS,
  CLOUD_SECURITY,
@ -26,6 +30,8 @@ import {
  EDR_ESSENTIAL,
  ENDPOINT,
  INTERACTIVE_ONLY,
+  NGAV_NOTE,
+  EDR_NOTE,
 } from './translations';

 const PREFIX = 'endpoint_policy_create_extension';
@ -38,9 +44,18 @@ const environmentMapping = {
 };

 const endpointPresetsMapping = {
-  NGAV,
-  EDREssential: EDR_ESSENTIAL,
-  EDRComplete: EDR_COMPLETE,
+  NGAV: {
+    label: NGAV,
+    note: NGAV_NOTE,
+  },
+  EDREssential: {
+    label: EDR_ESSENTIAL,
+    note: EDR_NOTE,
+  },
+  EDRComplete: {
+    label: EDR_COMPLETE,
+    note: EDR_NOTE,
+  },
 };

 const cloudEventMapping = {
@ -67,12 +82,21 @@ const HelpTextWithPadding = styled.div`
 */
 export const EndpointPolicyCreateExtension = memo<PackagePolicyCreateExtensionComponentProps>(
  ({ newPolicy, onChange }) => {
+    const isPlatinumPlus = useLicense().isPlatinumPlus();
+    const isEnterprise = useLicense().isEnterprise();
+
    // / Endpoint Radio Options (NGAV and EDRs)
    const [endpointPreset, setEndpointPreset] = useState<EndpointPreset>('NGAV');
-    const [selectedCloudEvent, setSelectedCloudEvent] = useState<CloudEvent>('ALL_EVENTS');
+    const [selectedCloudEvent, setSelectedCloudEvent] = useState<CloudEvent>('INTERACTIVE_ONLY');
    const [selectedEnvironment, setSelectedEnvironment] = useState<Environment>('endpoint');
    const initialRender = useRef(true);

+    // Show NGAV license note when Gold and below
+    // Show other licenses note when Platinum and Below
+    const showNote =
+      (endpointPreset === 'NGAV' && !isPlatinumPlus) ||
+      (endpointPreset !== 'NGAV' && !isEnterprise);
+
    // Fleet will initialize the create form with a default name for the integrating policy, however,
    // for endpoint security, we want the user to explicitly type in a name, so we blank it out
    // only during 1st component render (thus why the eslint disabled rule below).
@ -156,7 +180,7 @@ export const EndpointPolicyCreateExtension = memo<PackagePolicyCreateExtensionCo
    const getEndpointPresetsProps = useCallback(
      (preset: EndpointPreset) => ({
        id: `${PREFIX}_endpoint_preset_${preset}`,
-        label: endpointPresetsMapping[preset],
+        label: endpointPresetsMapping[preset].label,
        value: preset,
        checked: endpointPreset === preset,
        onChange: onChangeEndpointPreset,
@ -231,7 +255,7 @@ export const EndpointPolicyCreateExtension = memo<PackagePolicyCreateExtensionCo
                <HelpTextWithPadding>
                  <FormattedMessage
                    id="xpack.securitySolution.createPackagePolicy.stepConfigure.packagePolicyTypeEndpointNGAV"
-                    defaultMessage="Prevents Malware, Ransomware and Memory Threats and provides process telemetry"
+                    defaultMessage="Machine learning malware, ransomware, memory threat, malicious behavior, and credential theft preventions, plus process telemetry"
                  />
                </HelpTextWithPadding>
              }
@ -245,7 +269,7 @@ export const EndpointPolicyCreateExtension = memo<PackagePolicyCreateExtensionCo
                <HelpTextWithPadding>
                  <FormattedMessage
                    id="xpack.securitySolution.createPackagePolicy.stepConfigure.packagePolicyTypeEndpointEDREssential"
-                    defaultMessage="Endpoint Alerts, Process Events, Network Events, File Events"
+                    defaultMessage="Everything in NGAV, plus file and network telemetry"
                  />
                </HelpTextWithPadding>
              }
@ -259,13 +283,42 @@ export const EndpointPolicyCreateExtension = memo<PackagePolicyCreateExtensionCo
                <HelpTextWithPadding>
                  <FormattedMessage
                    id="xpack.securitySolution.createPackagePolicy.stepConfigure.packagePolicyTypeEndpointEDRComplete"
-                    defaultMessage="Endpoint Alerts, Full Event capture"
+                    defaultMessage="Everything in Essential EDR, plus full telemetry"
                  />
                </HelpTextWithPadding>
              }
            >
              <EuiRadio {...getEndpointPresetsProps('EDRComplete')} />
            </EuiFormRow>
+            {showNote && (
+              <>
+                <EuiSpacer size="m" />
+                <EuiCallOut iconType="iInCircle">
+                  <EuiText size="s">
+                    <p>
+                      {endpointPresetsMapping[endpointPreset].note}{' '}
+                      <FormattedMessage
+                        id="xpack.securitySolution.createPackagePolicy.stepConfigure.seeDocumentation"
+                        defaultMessage="See {documentation} for more information."
+                        values={{
+                          documentation: (
+                            <EuiLink
+                              href="https://www.elastic.co/guide/en/security/current/configure-endpoint-integration-policy.html"
+                              target="_blank"
+                            >
+                              <FormattedMessage
+                                id="xpack.securitySolution.endpoint.ingestManager.createPackagePolicy.seeDocumentationLink"
+                                defaultMessage="documentation"
+                              />
+                            </EuiLink>
+                          ),
+                        }}
+                      />
+                    </p>
+                  </EuiText>
+                </EuiCallOut>
+              </>
+            )}
          </>
        ) : (
          <>
@ -285,7 +338,11 @@ export const EndpointPolicyCreateExtension = memo<PackagePolicyCreateExtensionCo
                <HelpTextWithPadding>
                  <FormattedMessage
                    id="xpack.securitySolution.createPackagePolicy.stepConfigure.packagePolicyTypeComprehensiveInfo"
-                    defaultMessage="Monitors and collects session data from all process executions. "
+                    defaultMessage="Monitors and collects process data from all executions, including those launched by daemon processes, like {nginx} or {postgres}"
+                    values={{
+                      nginx: <EuiCode>{'nginx'}</EuiCode>,
+                      postgres: <EuiCode>{'postgres'}</EuiCode>,
+                    }}
                  />
                </HelpTextWithPadding>
              }
@ -299,7 +356,11 @@ export const EndpointPolicyCreateExtension = memo<PackagePolicyCreateExtensionCo
                <HelpTextWithPadding>
                  <FormattedMessage
                    id="xpack.securitySolution.createPackagePolicy.stepConfigure.packagePolicyTypeInteractiveOnlyInfo"
-                    defaultMessage="Monitors and collects session data from interactive sessions only. "
+                    defaultMessage="Monitors and collects session data from interactive sessions, like {ssh} or {telnet}"
+                    values={{
+                      ssh: <EuiCode>{'ssh'}</EuiCode>,
+                      telnet: <EuiCode>{'telnet'}</EuiCode>,
+                    }}
                  />
                </HelpTextWithPadding>
              }
--- a/x-pack/plugins/security_solution/public/management/pages/policy/view/ingest_manager_integration/endpoint_policy_create_extension/translations.ts
+++ b/x-pack/plugins/security_solution/public/management/pages/policy/view/ingest_manager_integration/endpoint_policy_create_extension/translations.ts
@ -10,20 +10,35 @@ import { i18n } from '@kbn/i18n';
 export const NGAV = i18n.translate(
  'xpack.securitySolution.createPackagePolicy.stepConfigure.endpointDropdownOptionNGAV',
  {
-    defaultMessage: 'NGAV',
+    defaultMessage: 'Next-Generation Antivirus (NGAV)',
+  }
+);
+
+export const NGAV_NOTE = i18n.translate(
+  'xpack.securitySolution.createPackagePolicy.stepConfigure.endpointDropdownOptionNGAVNote',
+  {
+    defaultMessage: 'Note: advanced protections require a platinum license level.',
  }
 );

 export const EDR_ESSENTIAL = i18n.translate(
  'xpack.securitySolution.createPackagePolicy.stepConfigure.endpointDropdownOptionEDREssential',
  {
-    defaultMessage: 'EDR Essential',
+    defaultMessage: 'Essential EDR (Endpoint Detection & Response)',
  }
 );
 export const EDR_COMPLETE = i18n.translate(
  'xpack.securitySolution.createPackagePolicy.stepConfigure.endpointDropdownOptionEDRComplete',
  {
-    defaultMessage: 'EDR Complete',
+    defaultMessage: 'Complete EDR (Endpoint Detection & Response)',
+  }
+);
+
+export const EDR_NOTE = i18n.translate(
+  'xpack.securitySolution.createPackagePolicy.stepConfigure.endpointDropdownOptionEDRNote',
+  {
+    defaultMessage:
+      'Note: advanced protections require a platinum license, and full response capabilities require an enterprise license.',
  }
 );

@ -51,9 +66,3 @@ export const ALL_EVENTS = i18n.translate(
    defaultMessage: 'All events',
  }
 );
-export const PREVENT_MALICIOUS_BEHAVIOR = i18n.translate(
-  'xpack.securitySolution.createPackagePolicy.stepConfigure.cloudEventFiltersPreventionMaliciousBehavior',
-  {
-    defaultMessage: 'Prevent Malicious Behavior',
-  }
-);