[Security Solution] Advnaced policy option for Rollback, Platinum only (#132282)

2025-04-24 09:48:58 -04:00 · 2022-06-21 16:44:09 -04:00 · 2022-06-21 16:44:09 -04:00 · decdafab31
commit decdafab31
parent faede27bf7
7 changed files with 85 additions and 11 deletions
--- a/x-pack/plugins/security_solution/common/endpoint/models/policy_config.ts
+++ b/x-pack/plugins/security_solution/common/endpoint/models/policy_config.ts
@ -149,6 +149,13 @@ export const policyFactoryWithoutPaidFeatures = (
    ...policy,
    windows: {
      ...policy.windows,
+      advanced:
+        policy.windows.advanced === undefined
+          ? undefined
+          : {
+              ...policy.windows.advanced,
+              rollback: undefined,
+            },
      ransomware: {
        mode: ProtectionModes.off,
        supported: false,
--- a/x-pack/plugins/security_solution/common/endpoint/types/index.ts
+++ b/x-pack/plugins/security_solution/common/endpoint/types/index.ts
@ -911,7 +911,10 @@ type KbnConfigSchemaNonOptionalProps<Props extends Record<string, unknown>> = Pi
 */
 export interface PolicyConfig {
  windows: {
-    advanced?: {};
+    advanced?: {
+      [key: string]: unknown;
+      rollback?: string | boolean;
+    };
    events: {
      dll_and_driver_load: boolean;
      dns: boolean;
--- a/x-pack/plugins/security_solution/common/license/policy_config.test.ts
+++ b/x-pack/plugins/security_solution/common/license/policy_config.test.ts
@ -123,6 +123,23 @@ describe('policy_config and licenses', () => {
      expect(valid).toBeTruthy();
    });

+    it('allows advanced rollback option when Platinum', () => {
+      const policy = policyFactory();
+      policy.windows.advanced = { rollback: true }; // make policy change
+      const valid = isEndpointPolicyValidForLicense(policy, Platinum);
+      expect(valid).toBeTruthy();
+    });
+
+    it('blocks advanced rollback option when below Platinum', () => {
+      const policy = policyFactory();
+      policy.windows.advanced = { rollback: true }; // make policy change
+      let valid = isEndpointPolicyValidForLicense(policy, Gold);
+      expect(valid).toBeFalsy();
+
+      valid = isEndpointPolicyValidForLicense(policy, Basic);
+      expect(valid).toBeFalsy();
+    });
+
    describe('ransomware protection checks', () => {
      it('blocks ransomware to be turned on for Gold and below licenses', () => {
        const policy = policyFactoryWithoutPaidFeatures();
@ -474,6 +491,21 @@ describe('policy_config and licenses', () => {
      );
    });

+    it('resets Platinum-paid advanced fields for lower license tiers', () => {
+      const defaults = policyFactoryWithoutPaidFeatures(); // reference
+      const policy = policyFactory(); // what we will modify, and should be reset
+
+      policy.windows.advanced = { rollback: true };
+      policy.windows.advanced = { another_advanced: true };
+
+      const retPolicy = unsetPolicyFeaturesAccordingToLicenseLevel(policy, Gold);
+
+      expect(retPolicy.windows.advanced?.rollback).toEqual(defaults.windows.advanced?.rollback);
+
+      // Preserves non-license gated advanced settings.
+      expect(retPolicy.windows.advanced?.another_advanced).toEqual(true);
+    });
+
    it('sets ransomware supported field to false when license is below Platinum', () => {
      const defaults = policyFactoryWithoutPaidFeatures(); // reference
      const policy = policyFactory(); // what we will modify, and should be reset
--- a/x-pack/plugins/security_solution/common/license/policy_config.ts
+++ b/x-pack/plugins/security_solution/common/license/policy_config.ts
@ -202,6 +202,22 @@ function isEndpointBehaviorPolicyValidForLicense(policy: PolicyConfig, license:
  return true;
 }

+function isEndpointAdvancedPolicyValidForLicense(policy: PolicyConfig, license: ILicense | null) {
+  if (isAtLeast(license, 'platinum')) {
+    // platinum allows all advanced features
+    return true;
+  }
+
+  const defaults = policyFactoryWithoutPaidFeatures();
+
+  // only platinum or higher may use rollback
+  if (policy.windows.advanced?.rollback !== defaults.windows.advanced?.rollback) {
+    return false;
+  }
+
+  return true;
+}
+
 /**
 * Given an endpoint package policy, verifies that all enabled features that
 * require a certain license level have a valid license for them.
@ -214,7 +230,8 @@ export const isEndpointPolicyValidForLicense = (
    isEndpointMalwarePolicyValidForLicense(policy, license) &&
    isEndpointRansomwarePolicyValidForLicense(policy, license) &&
    isEndpointMemoryPolicyValidForLicense(policy, license) &&
-    isEndpointBehaviorPolicyValidForLicense(policy, license)
+    isEndpointBehaviorPolicyValidForLicense(policy, license) &&
+    isEndpointAdvancedPolicyValidForLicense(policy, license)
  );
 };

--- a/x-pack/plugins/security_solution/public/management/pages/policy/models/advanced_policy_schema.ts
+++ b/x-pack/plugins/security_solution/public/management/pages/policy/models/advanced_policy_schema.ts
@ -12,6 +12,7 @@ interface AdvancedPolicySchemaType {
  first_supported_version: string;
  last_supported_version?: string;
  documentation: string;
+  license?: string;
 }

 export const AdvancedPolicySchema: AdvancedPolicySchemaType[] = [
@ -936,4 +937,15 @@ export const AdvancedPolicySchema: AdvancedPolicySchemaType[] = [
      }
    ),
  },
+  {
+    key: 'windows.advanced.rollback',
+    first_supported_version: '8.4',
+    documentation: i18n.translate(
+      'xpack.securitySolution.endpoint.policy.advanced.windows.rollback',
+      {
+        defaultMessage: 'Experimental',
+      }
+    ),
+    license: 'platinum',
+  },
 ];
--- a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_advanced.tsx
+++ b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_advanced.tsx
@ -95,7 +95,7 @@ const warningMessage = i18n.translate(
  }
 );

-export const AdvancedPolicyForms = React.memo(() => {
+export const AdvancedPolicyForms = React.memo(({ isPlatinumPlus }: { isPlatinumPlus: boolean }) => {
  return (
    <>
      <EuiCallOut title={calloutTitle} color="warning" iconType="alert">
@ -113,14 +113,17 @@ export const AdvancedPolicyForms = React.memo(() => {
      <EuiPanel data-test-subj="advancedPolicyPanel" paddingSize="s">
        {AdvancedPolicySchema.map((advancedField, index) => {
          const configPath = advancedField.key.split('.');
+          const failsPlatinumLicenseCheck = !isPlatinumPlus && advancedField.license === 'platinum';
          return (
-            <PolicyAdvanced
-              key={index}
-              configPath={configPath}
-              firstSupportedVersion={advancedField.first_supported_version}
-              lastSupportedVersion={advancedField.last_supported_version}
-              documentation={advancedField.documentation}
-            />
+            !failsPlatinumLicenseCheck && (
+              <PolicyAdvanced
+                key={index}
+                configPath={configPath}
+                firstSupportedVersion={advancedField.first_supported_version}
+                lastSupportedVersion={advancedField.last_supported_version}
+                documentation={advancedField.documentation}
+              />
+            )
          );
        })}
      </EuiPanel>
--- a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_details_form.tsx
+++ b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_details_form.tsx
@ -104,7 +104,7 @@ export const PolicyDetailsForm = memo(() => {
      </EuiButtonEmpty>

      <EuiSpacer size="l" />
-      {showAdvancedPolicy && <AdvancedPolicyForms />}
+      {showAdvancedPolicy && <AdvancedPolicyForms isPlatinumPlus={isPlatinumPlus} />}
    </>
  );
 });