add endpoint exceptions app feature/sub-feature

refs elastic/security-team/issues/7223
elastic · Aug 10, 2023 · 0998861 · 0998861
1 parent 48b7acf
commit 0998861
Show file tree

Hide file tree

Showing 4 changed files with 94 additions and 6 deletions.
diff --git a/x-pack/plugins/security_solution/common/types/app_features.ts b/x-pack/plugins/security_solution/common/types/app_features.ts
@@ -23,7 +23,7 @@ export enum AppFeatureSecurityKey {
   endpointHostManagement = 'endpoint_host_management',
 
   /**
-   * Enables endpoint policy views that enables user to manage endpoint security policies
+   * Enables endpoint policy views that enable user to manage endpoint security policies
    */
   endpointPolicyManagement = 'endpoint_policy_management',
 
@@ -33,7 +33,7 @@ export enum AppFeatureSecurityKey {
   endpointPolicyProtections = 'endpoint_policy_protections',
 
   /**
-   * Enables management of all endpoint related artifacts (ex. Trusted Applications, Event Filters,
+   * Enables management of all endpoint-related artifacts (ex. Trusted Applications, Event Filters,
    * Host Isolation Exceptions, Blocklist.
    */
   endpointArtifactManagement = 'endpoint_artifact_management',
@@ -44,6 +44,11 @@ export enum AppFeatureSecurityKey {
    */
   endpointResponseActions = 'endpoint_response_actions',
 
+  /**
+   * Enables access to the Endpoint Exceptions List and associated views that allows its management
+   */
+  endpointExceptions = 'endpoint_exceptions',
+
   /**
    * Enables Threat Intelligence
    */

diff --git a/x-pack/plugins/security_solution/server/lib/app_features/security_kibana_features.ts b/x-pack/plugins/security_solution/server/lib/app_features/security_kibana_features.ts
@@ -123,7 +123,7 @@ export const getSecurityBaseKibanaFeature = (): BaseKibanaFeatureConfig => ({
 });
 
 export const getSecurityBaseKibanaSubFeatureIds = (
-  _: ExperimentalFeatures // currently un-used, but left here as a convenience for possible future use
+  _: ExperimentalFeatures // currently unused, but left here as a convenience for possible future use
 ): SecuritySubFeatureId[] => [];
 
 /**
@@ -136,7 +136,7 @@ export const getSecurityBaseKibanaSubFeatureIds = (
  * - `subFeaturesPrivileges`: the privileges that will be added into the existing Security subFeature with the privilege `id` specified.
  */
 export const getSecurityAppFeaturesConfig = (
-  _: ExperimentalFeatures // currently un-used, but left here as a convenience for possible future use
+  _: ExperimentalFeatures // currently unused, but left here as a convenience for possible future use
 ): AppFeaturesSecurityConfig => {
   return {
     [AppFeatureSecurityKey.advancedInsights]: {
@@ -228,6 +228,32 @@ export const getSecurityAppFeaturesConfig = (
       ],
     },
 
+    [AppFeatureSecurityKey.endpointExceptions]: {
+      subFeatureIds: [SecuritySubFeatureId.endpointExceptions],
+      subFeaturesPrivileges: [
+        {
+          id: 'endpoint_and_rule_exceptions_all',
+          api: [
+            `${APP_ID}-readEndpointExceptions`,
+            `${APP_ID}-writeEndpointExceptions`,
+            `${APP_ID}-readRuleExceptions`,
+            `${APP_ID}-writeRuleExceptions`,
+          ],
+          ui: [
+            'readEndpointExceptions',
+            'writeEndpointExceptions',
+            'readRuleExceptions',
+            'writeRuleExceptions',
+          ],
+        },
+        {
+          id: 'endpoint_and_rule_exceptions_read',
+          api: [`${APP_ID}-readEndpointExceptions`, `${APP_ID}-readRuleExceptions`],
+          ui: ['readEndpointExceptions', 'readRuleExceptions'],
+        },
+      ],
+    },
+
     [AppFeatureSecurityKey.osqueryAutomatedResponseActions]: {},
   };
 };
diff --git a/x-pack/plugins/security_solution/server/lib/app_features/security_kibana_sub_features.ts b/x-pack/plugins/security_solution/server/lib/app_features/security_kibana_sub_features.ts
@@ -484,6 +484,61 @@ const fileOperationsSubFeature: SubFeatureConfig = {
   ],
 };
 
+const endpointExceptionsSubFeature: SubFeatureConfig = {
+  description: i18n.translate(
+    'xpack.securitySolution.featureRegistry.subFeatures.endpointExceptions.description',
+    {
+      defaultMessage: 'Manage Endpoint Exceptions on alerts and rules',
+    }
+  ),
+  name: i18n.translate(
+    'xpack.securitySolution.featureRegistry.subFeatures.endpointExceptions.name',
+    {
+      defaultMessage: 'Endpoint Exceptions',
+    }
+  ),
+  privilegeGroups: [
+    {
+      groupType: 'mutually_exclusive',
+      privileges: [
+        {
+          api: [
+            `${APP_ID}-readEndpointExceptions`,
+            `${APP_ID}-writeEndpointExceptions`,
+            `${APP_ID}-readRuleExceptions`,
+            `${APP_ID}-writeRuleExceptions`,
+          ],
+          id: 'endpoint_and_rule_exceptions_all',
+          includeIn: 'all', // we need this to be included when the main Security feature is `all` for existing roles
+          name: 'All',
+          savedObject: {
+            all: [],
+            read: [],
+          },
+          ui: [
+            'readEndpointExceptions',
+            'writeEndpointExceptions',
+            'readRuleExceptions',
+            'writeRuleExceptions',
+          ],
+        },
+        {
+          api: [`${APP_ID}-readEndpointExceptions`, `${APP_ID}-readRuleExceptions`],
+          id: 'endpoint_and_rule_exceptions_read',
+          includeIn: 'read', // we need this to be included when the main Security feature is `read` for existing roles
+          name: 'Read',
+          savedObject: {
+            all: [],
+            read: [],
+          },
+          ui: ['readEndpointExceptions', 'readRuleExceptions'],
+        },
+      ],
+    },
+  ],
+  requireAllSpaces: true,
+};
+
 // execute operations are not available in 8.7,
 // but will be available in 8.8
 const executeActionSubFeature: SubFeatureConfig = {
@@ -526,6 +581,7 @@ const executeActionSubFeature: SubFeatureConfig = {
 
 export enum SecuritySubFeatureId {
   endpointList = 'endpointListSubFeature',
+  endpointExceptions = 'endpointExceptionsSubFeature',
   trustedApplications = 'trustedApplicationsSubFeature',
   hostIsolationExceptions = 'hostIsolationExceptionsSubFeature',
   blocklist = 'blocklistSubFeature',
@@ -542,6 +598,7 @@ export enum SecuritySubFeatureId {
 export const securitySubFeaturesMap = Object.freeze(
   new Map<SecuritySubFeatureId, SubFeatureConfig>([
     [SecuritySubFeatureId.endpointList, endpointListSubFeature],
+    [SecuritySubFeatureId.endpointExceptions, endpointExceptionsSubFeature],
     [SecuritySubFeatureId.trustedApplications, trustedApplicationsSubFeature],
     [SecuritySubFeatureId.hostIsolationExceptions, hostIsolationExceptionsSubFeature],
     [SecuritySubFeatureId.blocklist, blocklistSubFeature],

diff --git a/x-pack/plugins/security_solution_serverless/common/pli/pli_config.ts b/x-pack/plugins/security_solution_serverless/common/pli/pli_config.ts
@@ -24,14 +24,14 @@ export const PLI_APP_FEATURES: PliAppFeatures = {
   },
   endpoint: {
     essentials: [
-      AppFeatureKey.endpointHostManagement,
-      AppFeatureKey.endpointPolicyManagement,
       AppFeatureKey.endpointPolicyProtections,
       AppFeatureKey.endpointArtifactManagement,
+      AppFeatureKey.endpointExceptions,
     ],
     complete: [
       AppFeatureKey.endpointResponseActions,
       AppFeatureKey.osqueryAutomatedResponseActions,
+      AppFeatureKey.endpointExceptions,
     ],
   },
   cloud: {