[Security Solution] Reputation service on by default if a cloud deployment (#163836)

## Summary The reputation service Policy option should be `true` by default if it is a cloud deployment. Otherwise it should be `false`. This PR corrects the default option for new policies if it is a cloud deployment. The migrated Policies should still always default to `false` (already implemented in a previous PR) New Policy with `cloud: true` ![image](3f33375b-3bbb-4e3c-be2f-ebe489fcf0d1) New Policy with `cloud: false` ![image](82c0df3b-ce93-412f-89c6-c26b54eff8dd) ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
2025-06-27 18:51:07 -04:00 · 2023-08-17 08:45:27 -04:00 · 2023-08-17 08:45:27 -04:00 · cb444bc319
commit cb444bc319
parent 6d076ee5b1
3 changed files with 19 additions and 21 deletions
--- a/x-pack/plugins/security_solution/common/endpoint/models/policy_config.ts
+++ b/x-pack/plugins/security_solution/common/endpoint/models/policy_config.ts
@ -53,7 +53,7 @@ export const policyFactory = (
      },
      behavior_protection: {
        mode: ProtectionModes.prevent,
-        reputation_service: false,
+        reputation_service: cloud, // Defaults to true if on cloud
        supported: true,
      },
      popup: {
@ -98,7 +98,7 @@ export const policyFactory = (
      },
      behavior_protection: {
        mode: ProtectionModes.prevent,
-        reputation_service: false,
+        reputation_service: cloud, // Defaults to true if on cloud
        supported: true,
      },
      memory_protection: {
@ -140,7 +140,7 @@ export const policyFactory = (
      },
      behavior_protection: {
        mode: ProtectionModes.prevent,
-        reputation_service: false,
+        reputation_service: cloud, // Defaults to true if on cloud
        supported: true,
      },
      memory_protection: {
--- a/x-pack/plugins/security_solution/server/fleet_integration/handlers/create_default_policy.test.ts
+++ b/x-pack/plugins/security_solution/server/fleet_integration/handlers/create_default_policy.test.ts
@ -66,7 +66,7 @@ describe('Create Default Policy tests ', () => {
      const disabledButSupportedBehaviorProtection = {
        mode: ProtectionModes.off,
        supported: true,
-        reputation_service: false,
+        reputation_service: true,
      };
      expect(policy.windows.behavior_protection).toEqual(disabledButSupportedBehaviorProtection);
      expect(policy.mac.memory_protection).toEqual(disabledButSupported);
@ -157,7 +157,7 @@ describe('Create Default Policy tests ', () => {
      const disabledButSupportedBehaviorProtection = {
        mode: ProtectionModes.off,
        supported: true,
-        reputation_service: false,
+        reputation_service: true,
      };
      expect(policy.windows.behavior_protection).toEqual(disabledButSupportedBehaviorProtection);
      expect(policy.mac.memory_protection).toEqual(disabledButSupported);
@ -201,10 +201,12 @@ describe('Create Default Policy tests ', () => {
    it('Should return the default config when preset is EDR Complete', async () => {
      const config = createEndpointConfig({ preset: 'EDRComplete' });
      const policy = await createDefaultPolicyCallback(config);
-      const defaultPolicy = policyFactory();
+      const licenseType = 'platinum';
+      const isCloud = true;
+      const defaultPolicy = policyFactory(licenseType, isCloud);
      // update defaultPolicy w/ platinum license & cloud info
-      defaultPolicy.meta.license = 'platinum';
-      defaultPolicy.meta.cloud = true;
+      defaultPolicy.meta.license = licenseType;
+      defaultPolicy.meta.cloud = isCloud;
      expect(policy).toMatchObject(defaultPolicy);
    });

--- a/x-pack/plugins/security_solution/server/fleet_integration/handlers/create_default_policy.ts
+++ b/x-pack/plugins/security_solution/server/fleet_integration/handlers/create_default_policy.ts
@ -37,19 +37,15 @@ export const createDefaultPolicy = (
  esClientInfo: InfoResponse,
  appFeatures: AppFeatures
 ): PolicyConfig => {
-  const factoryPolicy = policyConfigFactory();
-
-  // Add license and cloud information after policy creation
-  factoryPolicy.meta.license = licenseService.getLicenseType();
-  factoryPolicy.meta.cloud = cloud?.isCloudEnabled;
-  factoryPolicy.meta.cluster_name = esClientInfo?.cluster_name
-    ? esClientInfo.cluster_name
-    : factoryPolicy.meta.cluster_name;
-  factoryPolicy.meta.cluster_uuid = esClientInfo?.cluster_uuid
-    ? esClientInfo.cluster_uuid
-    : factoryPolicy.meta.cluster_uuid;
-  factoryPolicy.meta.license_uid = licenseService.getLicenseUID();
-  factoryPolicy.meta.serverless = cloud.isServerlessEnabled || false;
+  // Pass license and cloud information to use in Policy creation
+  const factoryPolicy = policyConfigFactory(
+    licenseService.getLicenseType(),
+    cloud?.isCloudEnabled,
+    licenseService.getLicenseUID(),
+    esClientInfo?.cluster_uuid,
+    esClientInfo?.cluster_name,
+    cloud?.isServerlessEnabled
+  );

  let defaultPolicyPerType: PolicyConfig =
    config?.type === 'cloud'