-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution] Add supported field to ransomware #100135
[Security Solution] Add supported field to ransomware #100135
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
@elasticmachine merge upstream |
Pinging @elastic/security-onboarding-and-lifecycle-mgt (Team:Onboarding and Lifecycle Mgt) |
/** | ||
* Strips paid features from an existing or new `PolicyConfig` for gold and below license | ||
*/ | ||
export const policyFactoryWithSupportedFeatures = ( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is there a reason why you created another function as opposed to just updating the existing policyFactory (policy config with defaults for platinum licenses) and the policyFactoryWithoutPaidFeatures (policy config with defaults for gold and below licenses) windows.ransomware.supported fields?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I also use this function to correctly set the supported
when the license changes. I want to ensure that I'm only changing the fields that I want to. I broke it out to its own function so that I didn't resent everything to the default.
You can see how it's used here: https://github.com/elastic/kibana/pull/100135/files#diff-6a6ff8e750469752a4993b278b7023af4bef43a49ccee59c3933e3d7c68c78f5R26
Also here in a test: https://github.com/elastic/kibana/pull/100135/files#diff-861c70c43696ed0ea535a55a47a316c434a14510046d2eb623d6b228d32e4c8eR211
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
gotcha!
Pinging @elastic/fleet (Team:Fleet) |
@elasticmachine merge upstream |
💚 Build SucceededMetrics [docs]Async chunks
Unknown metric groupsReferences to deprecated APIs
History
To update your PR or re-run it, just comment with: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
one minor comment, but other than that LGTM 🚢 🚀
describe('7.14.0 Endpoint Package Policy migration', () => { | ||
const migration = migrateEndpointPackagePolicyToV7140; | ||
it('adds supported option for ransomware on migrations', () => { | ||
const doc = { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Any chance you can collapse several of these document mocks into a builder function instead?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@paul-tavares my next PR is Linux Malware and will build on this migration test, I'll address this there.
Summary
This PR adds a
supported
field to the Ransomware protection.The
supported
field indicates to the Endpoint via Policy config if the Ransomware protection is currently supported. Right now, this is controlled by the license level. If the user has Platinum, then Ransomware is supported. If they are below Platinum, the Ransomware is unsupported. The Endpoint needs this information in order to properly enable/disabled diagnostic Ransomware protections based on user input.Platinum license:
If you downgrade below Platinum, the Policy will update:
Checklist
Delete any items that are not applicable to this PR.