github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-06-27 18:51:07 -04:00
Code Issues Projects Releases Packages Wiki Activity

[Security Solution] Reputation service on by default if a cloud deployment (#163836)

Browse source 
## Summary

The reputation service Policy option should be `true` by default if it
is a cloud deployment. Otherwise it should be `false`. This PR corrects
the default option for new policies if it is a cloud deployment.

The migrated Policies should still always default to `false` (already
implemented in a previous PR)

New Policy with `cloud: true`

![image](3f33375b-3bbb-4e3c-be2f-ebe489fcf0d1)

New Policy with `cloud: false`

![image](82c0df3b-ce93-412f-89c6-c26b54eff8dd)

### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
This commit is contained in:
Kevin Logan 2023-08-17 08:45:27 -04:00 committed by GitHub
parent 6d076ee5b1
commit cb444bc319
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 19 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

6
x-pack/plugins/security_solution/common/endpoint/models/policy_config.ts
View file

@ -53,7 +53,7 @@ export const policyFactory = (
}, },
behavior_protection: { behavior_protection: {
mode: ProtectionModes.prevent, mode: ProtectionModes.prevent,
reputation_service: false, reputation_service: cloud, // Defaults to true if on cloud
supported: true, supported: true,
}, },
popup: { popup: {
@ -98,7 +98,7 @@ export const policyFactory = (
}, },
behavior_protection: { behavior_protection: {
mode: ProtectionModes.prevent, mode: ProtectionModes.prevent,
reputation_service: false, reputation_service: cloud, // Defaults to true if on cloud
supported: true, supported: true,
}, },
memory_protection: { memory_protection: {
@ -140,7 +140,7 @@ export const policyFactory = (
}, },
behavior_protection: { behavior_protection: {
mode: ProtectionModes.prevent, mode: ProtectionModes.prevent,
reputation_service: false, reputation_service: cloud, // Defaults to true if on cloud
supported: true, supported: true,
}, },
memory_protection: { memory_protection: {

12
x-pack/plugins/security_solution/server/fleet_integration/handlers/create_default_policy.test.ts
View file

@ -66,7 +66,7 @@ describe('Create Default Policy tests ', () => {
const disabledButSupportedBehaviorProtection = { const disabledButSupportedBehaviorProtection = {
mode: ProtectionModes.off, mode: ProtectionModes.off,
supported: true, supported: true,
reputation_service: false, reputation_service: true,
}; };
expect(policy.windows.behavior_protection).toEqual(disabledButSupportedBehaviorProtection); expect(policy.windows.behavior_protection).toEqual(disabledButSupportedBehaviorProtection);
expect(policy.mac.memory_protection).toEqual(disabledButSupported); expect(policy.mac.memory_protection).toEqual(disabledButSupported);
@ -157,7 +157,7 @@ describe('Create Default Policy tests ', () => {
const disabledButSupportedBehaviorProtection = { const disabledButSupportedBehaviorProtection = {
mode: ProtectionModes.off, mode: ProtectionModes.off,
supported: true, supported: true,
reputation_service: false, reputation_service: true,
}; };
expect(policy.windows.behavior_protection).toEqual(disabledButSupportedBehaviorProtection); expect(policy.windows.behavior_protection).toEqual(disabledButSupportedBehaviorProtection);
expect(policy.mac.memory_protection).toEqual(disabledButSupported); expect(policy.mac.memory_protection).toEqual(disabledButSupported);
@ -201,10 +201,12 @@ describe('Create Default Policy tests ', () => {
it('Should return the default config when preset is EDR Complete', async () => { it('Should return the default config when preset is EDR Complete', async () => {
const config = createEndpointConfig({ preset: 'EDRComplete' }); const config = createEndpointConfig({ preset: 'EDRComplete' });
const policy = await createDefaultPolicyCallback(config); const policy = await createDefaultPolicyCallback(config);
const defaultPolicy = policyFactory(); const licenseType = 'platinum';
const isCloud = true;
const defaultPolicy = policyFactory(licenseType, isCloud);
// update defaultPolicy w/ platinum license & cloud info // update defaultPolicy w/ platinum license & cloud info
defaultPolicy.meta.license = 'platinum'; defaultPolicy.meta.license = licenseType;
defaultPolicy.meta.cloud = true; defaultPolicy.meta.cloud = isCloud;
expect(policy).toMatchObject(defaultPolicy); expect(policy).toMatchObject(defaultPolicy);
}); });

22
x-pack/plugins/security_solution/server/fleet_integration/handlers/create_default_policy.ts
View file

@ -37,19 +37,15 @@ export const createDefaultPolicy = (
esClientInfo: InfoResponse, esClientInfo: InfoResponse,
appFeatures: AppFeatures appFeatures: AppFeatures
): PolicyConfig => { ): PolicyConfig => {
const factoryPolicy = policyConfigFactory(); // Pass license and cloud information to use in Policy creation
const factoryPolicy = policyConfigFactory(
// Add license and cloud information after policy creation licenseService.getLicenseType(),
factoryPolicy.meta.license = licenseService.getLicenseType(); cloud?.isCloudEnabled,
factoryPolicy.meta.cloud = cloud?.isCloudEnabled; licenseService.getLicenseUID(),
factoryPolicy.meta.cluster_name = esClientInfo?.cluster_name esClientInfo?.cluster_uuid,
? esClientInfo.cluster_name esClientInfo?.cluster_name,
: factoryPolicy.meta.cluster_name; cloud?.isServerlessEnabled
factoryPolicy.meta.cluster_uuid = esClientInfo?.cluster_uuid );
? esClientInfo.cluster_uuid
: factoryPolicy.meta.cluster_uuid;
factoryPolicy.meta.license_uid = licenseService.getLicenseUID();
factoryPolicy.meta.serverless = cloud.isServerlessEnabled || false;
let defaultPolicyPerType: PolicyConfig = let defaultPolicyPerType: PolicyConfig =
config?.type === 'cloud' config?.type === 'cloud'