From a5d4083c7b620168c9bf885b50ba5efd7a75399b Mon Sep 17 00:00:00 2001
From: nnamdifrankie <56440728+nnamdifrankie@users.noreply.github.com>
Date: Fri, 12 Jun 2020 12:45:20 -0400
Subject: [PATCH] [SECURITY SOLUTION] EMT-401: add policy data to metadata and
 fix tests (#68582)

[SECURITY SOLUTION] EMT-401: add policy data to metadata and fix tests
---
 .../common/endpoint/generate_data.ts          |  30 ++-
 .../common/endpoint/types.ts                  |  13 +-
 .../view/details/host_details.tsx             |   8 +-
 .../endpoint/routes/metadata/metadata.test.ts | 114 +++++----
 .../endpoint/test_data/all_metadata_data.json | 216 ------------------
 .../api_integration/apis/endpoint/metadata.ts |  18 ++
 .../alerts/host_api_feature/data.json.gz      | Bin 855 -> 888 bytes
 .../endpoint/metadata/api_feature/data.json   |  54 ++++-
 .../es_archives/endpoint/policy/data.json.gz  | Bin 1329 -> 1326 bytes
 9 files changed, 174 insertions(+), 279 deletions(-)
 delete mode 100644 x-pack/plugins/security_solution/server/endpoint/test_data/all_metadata_data.json

diff --git a/x-pack/plugins/security_solution/common/endpoint/generate_data.ts b/x-pack/plugins/security_solution/common/endpoint/generate_data.ts
index b17a5aa28ac6a..2d004d3315beb 100644
--- a/x-pack/plugins/security_solution/common/endpoint/generate_data.ts
+++ b/x-pack/plugins/security_solution/common/endpoint/generate_data.ts
@@ -61,14 +61,20 @@ const Mac: HostOS[] = [];
 
 const OS: HostOS[] = [...Windows, ...Mac, ...Linux];
 
-const POLICIES: Array<{ name: string; id: string }> = [
+const APPLIED_POLICIES: Array<{
+  name: string;
+  id: string;
+  status: HostPolicyResponseActionStatus;
+}> = [
   {
     name: 'Default',
     id: '00000000-0000-0000-0000-000000000000',
+    status: HostPolicyResponseActionStatus.success,
   },
   {
     name: 'With Eventing',
     id: 'C2A9093E-E289-4C0A-AA44-8C32A414FA7A',
+    status: HostPolicyResponseActionStatus.success,
   },
 ];
 
@@ -181,7 +187,11 @@ interface HostInfo {
   host: Host;
   endpoint: {
     policy: {
-      id: string;
+      applied: {
+        id: string;
+        status: HostPolicyResponseActionStatus;
+        name: string;
+      };
     };
   };
 }
@@ -271,7 +281,12 @@ export class EndpointDocGenerator {
    * Creates new random policy id for the host to simulate new policy application
    */
   public updatePolicyId() {
-    this.commonInfo.endpoint.policy.id = this.randomChoice(POLICIES).id;
+    this.commonInfo.endpoint.policy.applied.id = this.randomChoice(APPLIED_POLICIES).id;
+    this.commonInfo.endpoint.policy.applied.status = this.randomChoice([
+      HostPolicyResponseActionStatus.success,
+      HostPolicyResponseActionStatus.failure,
+      HostPolicyResponseActionStatus.warning,
+    ]);
   }
 
   private createHostData(): HostInfo {
@@ -293,7 +308,9 @@ export class EndpointDocGenerator {
         os: this.randomChoice(OS),
       },
       endpoint: {
-        policy: this.randomChoice(POLICIES),
+        policy: {
+          applied: this.randomChoice(APPLIED_POLICIES),
+        },
       },
     };
   }
@@ -974,7 +991,7 @@ export class EndpointDocGenerator {
                 status: HostPolicyResponseActionStatus.success,
               },
             ],
-            id: this.commonInfo.endpoint.policy.id,
+            id: this.commonInfo.endpoint.policy.applied.id,
             response: {
               configurations: {
                 events: {
@@ -1015,8 +1032,9 @@ export class EndpointDocGenerator {
                 ],
               },
             },
-            status: this.randomHostPolicyResponseActionStatus(),
+            status: this.commonInfo.endpoint.policy.applied.status,
             version: policyVersion,
+            name: this.commonInfo.endpoint.policy.applied.name,
           },
         },
       },
diff --git a/x-pack/plugins/security_solution/common/endpoint/types.ts b/x-pack/plugins/security_solution/common/endpoint/types.ts
index 816f9b77115ec..cfbf8f176b32d 100644
--- a/x-pack/plugins/security_solution/common/endpoint/types.ts
+++ b/x-pack/plugins/security_solution/common/endpoint/types.ts
@@ -253,7 +253,11 @@ export type AlertEvent = Immutable<{
   };
   endpoint: {
     policy: {
-      id: string;
+      applied: {
+        id: string;
+        status: HostPolicyResponseActionStatus;
+        name: string;
+      };
     };
   };
   process: {
@@ -357,7 +361,11 @@ export type HostMetadata = Immutable<{
   };
   endpoint: {
     policy: {
-      id: string;
+      applied: {
+        id: string;
+        status: HostPolicyResponseActionStatus;
+        name: string;
+      };
     };
   };
   agent: {
@@ -700,6 +708,7 @@ export interface HostPolicyResponse {
       applied: {
         version: string;
         id: string;
+        name: string;
         status: HostPolicyResponseActionStatus;
         actions: HostPolicyResponseAppliedAction[];
         response: {
diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/details/host_details.tsx b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/details/host_details.tsx
index 9b0ca73cf021f..a3862d4454c1d 100644
--- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/details/host_details.tsx
+++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/details/host_details.tsx
@@ -86,7 +86,7 @@ export const HostDetails = memo(({ details }: { details: HostMetadata }) => {
         title: i18n.translate('xpack.securitySolution.endpoint.host.details.policy', {
           defaultMessage: 'Policy',
         }),
-        description: details.endpoint.policy.id,
+        description: details.endpoint.policy.applied.id,
       },
       {
         title: i18n.translate('xpack.securitySolution.endpoint.host.details.policyStatus', {
@@ -138,10 +138,10 @@ export const HostDetails = memo(({ details }: { details: HostMetadata }) => {
       },
     ];
   }, [
-    details.endpoint.policy.id,
-    details.host.ip,
-    details.host.hostname,
     details.agent.version,
+    details.endpoint.policy.applied.id,
+    details.host.hostname,
+    details.host.ip,
     policyStatus,
     policyResponseUri,
     policyStatusClickHandler,
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/metadata/metadata.test.ts b/x-pack/plugins/security_solution/server/endpoint/routes/metadata/metadata.test.ts
index b2f5866a3ae7d..9b9d4a74e5970 100644
--- a/x-pack/plugins/security_solution/server/endpoint/routes/metadata/metadata.test.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/metadata/metadata.test.ts
@@ -27,7 +27,6 @@ import {
 } from '../../../../common/endpoint/types';
 import { SearchResponse } from 'elasticsearch';
 import { registerEndpointRoutes } from './index';
-import * as data from '../../test_data/all_metadata_data.json';
 import {
   createMockAgentService,
   createMockMetadataIndexPatternRetriever,
@@ -37,6 +36,7 @@ import { AgentService } from '../../../../../ingest_manager/server';
 import Boom from 'boom';
 import { EndpointAppContextService } from '../../endpoint_app_context_services';
 import { createMockConfig } from '../../../lib/detection_engine/routes/__mocks__';
+import { EndpointDocGenerator } from '../../../../common/endpoint/generate_data';
 
 describe('test endpoint route', () => {
   let routerMock: jest.Mocked<IRouter>;
@@ -78,10 +78,7 @@ describe('test endpoint route', () => {
 
   it('test find the latest of all endpoints', async () => {
     const mockRequest = httpServerMock.createKibanaRequest({});
-
-    const response: SearchResponse<HostMetadata> = (data as unknown) as SearchResponse<
-      HostMetadata
-    >;
+    const response = createSearchResponse(new EndpointDocGenerator().generateHostMetadata());
     mockScopedClient.callAsCurrentUser.mockImplementationOnce(() => Promise.resolve(response));
     [routeConfig, routeHandler] = routerMock.post.mock.calls.find(([{ path }]) =>
       path.startsWith('/api/endpoint/metadata')
@@ -97,8 +94,8 @@ describe('test endpoint route', () => {
     expect(routeConfig.options).toEqual({ authRequired: true });
     expect(mockResponse.ok).toBeCalled();
     const endpointResultList = mockResponse.ok.mock.calls[0][0]?.body as HostResultList;
-    expect(endpointResultList.hosts.length).toEqual(2);
-    expect(endpointResultList.total).toEqual(2);
+    expect(endpointResultList.hosts.length).toEqual(1);
+    expect(endpointResultList.total).toEqual(1);
     expect(endpointResultList.request_page_index).toEqual(0);
     expect(endpointResultList.request_page_size).toEqual(10);
   });
@@ -119,7 +116,7 @@ describe('test endpoint route', () => {
 
     mockAgentService.getAgentStatusById = jest.fn().mockReturnValue('error');
     mockScopedClient.callAsCurrentUser.mockImplementationOnce(() =>
-      Promise.resolve((data as unknown) as SearchResponse<HostMetadata>)
+      Promise.resolve(createSearchResponse(new EndpointDocGenerator().generateHostMetadata()))
     );
     [routeConfig, routeHandler] = routerMock.post.mock.calls.find(([{ path }]) =>
       path.startsWith('/api/endpoint/metadata')
@@ -138,8 +135,8 @@ describe('test endpoint route', () => {
     expect(routeConfig.options).toEqual({ authRequired: true });
     expect(mockResponse.ok).toBeCalled();
     const endpointResultList = mockResponse.ok.mock.calls[0][0]?.body as HostResultList;
-    expect(endpointResultList.hosts.length).toEqual(2);
-    expect(endpointResultList.total).toEqual(2);
+    expect(endpointResultList.hosts.length).toEqual(1);
+    expect(endpointResultList.total).toEqual(1);
     expect(endpointResultList.request_page_index).toEqual(10);
     expect(endpointResultList.request_page_size).toEqual(10);
   });
@@ -162,7 +159,7 @@ describe('test endpoint route', () => {
 
     mockAgentService.getAgentStatusById = jest.fn().mockReturnValue('error');
     mockScopedClient.callAsCurrentUser.mockImplementationOnce(() =>
-      Promise.resolve((data as unknown) as SearchResponse<HostMetadata>)
+      Promise.resolve(createSearchResponse(new EndpointDocGenerator().generateHostMetadata()))
     );
     [routeConfig, routeHandler] = routerMock.post.mock.calls.find(([{ path }]) =>
       path.startsWith('/api/endpoint/metadata')
@@ -194,8 +191,8 @@ describe('test endpoint route', () => {
     expect(routeConfig.options).toEqual({ authRequired: true });
     expect(mockResponse.ok).toBeCalled();
     const endpointResultList = mockResponse.ok.mock.calls[0][0]?.body as HostResultList;
-    expect(endpointResultList.hosts.length).toEqual(2);
-    expect(endpointResultList.total).toEqual(2);
+    expect(endpointResultList.hosts.length).toEqual(1);
+    expect(endpointResultList.total).toEqual(1);
     expect(endpointResultList.request_page_index).toEqual(10);
     expect(endpointResultList.request_page_size).toEqual(10);
   });
@@ -203,25 +200,9 @@ describe('test endpoint route', () => {
   describe('Endpoint Details route', () => {
     it('should return 404 on no results', async () => {
       const mockRequest = httpServerMock.createKibanaRequest({ params: { id: 'BADID' } });
+
       mockScopedClient.callAsCurrentUser.mockImplementationOnce(() =>
-        Promise.resolve({
-          took: 3,
-          timed_out: false,
-          _shards: {
-            total: 1,
-            successful: 1,
-            skipped: 0,
-            failed: 0,
-          },
-          hits: {
-            total: {
-              value: 9,
-              relation: 'eq',
-            },
-            max_score: null,
-            hits: [],
-          },
-        })
+        Promise.resolve(createSearchResponse())
       );
       mockAgentService.getAgentStatusById = jest.fn().mockReturnValue('error');
       [routeConfig, routeHandler] = routerMock.get.mock.calls.find(([{ path }]) =>
@@ -241,13 +222,10 @@ describe('test endpoint route', () => {
     });
 
     it('should return a single endpoint with status online', async () => {
+      const response = createSearchResponse(new EndpointDocGenerator().generateHostMetadata());
       const mockRequest = httpServerMock.createKibanaRequest({
-        // eslint-disable-next-line @typescript-eslint/no-explicit-any
-        params: { id: (data as any).hits.hits[0]._id },
+        params: { id: response.hits.hits[0]._id },
       });
-      const response: SearchResponse<HostMetadata> = (data as unknown) as SearchResponse<
-        HostMetadata
-      >;
       mockAgentService.getAgentStatusById = jest.fn().mockReturnValue('online');
       mockScopedClient.callAsCurrentUser.mockImplementationOnce(() => Promise.resolve(response));
       [routeConfig, routeHandler] = routerMock.get.mock.calls.find(([{ path }]) =>
@@ -269,9 +247,7 @@ describe('test endpoint route', () => {
     });
 
     it('should return a single endpoint with status error when AgentService throw 404', async () => {
-      const response: SearchResponse<HostMetadata> = (data as unknown) as SearchResponse<
-        HostMetadata
-      >;
+      const response = createSearchResponse(new EndpointDocGenerator().generateHostMetadata());
 
       const mockRequest = httpServerMock.createKibanaRequest({
         params: { id: response.hits.hits[0]._id },
@@ -299,9 +275,7 @@ describe('test endpoint route', () => {
     });
 
     it('should return a single endpoint with status error when status is not offline or online', async () => {
-      const response: SearchResponse<HostMetadata> = (data as unknown) as SearchResponse<
-        HostMetadata
-      >;
+      const response = createSearchResponse(new EndpointDocGenerator().generateHostMetadata());
 
       const mockRequest = httpServerMock.createKibanaRequest({
         params: { id: response.hits.hits[0]._id },
@@ -327,3 +301,59 @@ describe('test endpoint route', () => {
     });
   });
 });
+
+function createSearchResponse(hostMetadata?: HostMetadata): SearchResponse<HostMetadata> {
+  return ({
+    took: 15,
+    timed_out: false,
+    _shards: {
+      total: 1,
+      successful: 1,
+      skipped: 0,
+      failed: 0,
+    },
+    hits: {
+      total: {
+        value: 5,
+        relation: 'eq',
+      },
+      max_score: null,
+      hits: hostMetadata
+        ? [
+            {
+              _index: 'metrics-endpoint.metadata-default-1',
+              _id: '8FhM0HEBYyRTvb6lOQnw',
+              _score: null,
+              _source: hostMetadata,
+              sort: [1588337587997],
+              inner_hits: {
+                most_recent: {
+                  hits: {
+                    total: {
+                      value: 2,
+                      relation: 'eq',
+                    },
+                    max_score: null,
+                    hits: [
+                      {
+                        _index: 'metrics-endpoint.metadata-default-1',
+                        _id: 'W6Vo1G8BYQH1gtPUgYkC',
+                        _score: null,
+                        _source: hostMetadata,
+                        sort: [1579816615336],
+                      },
+                    ],
+                  },
+                },
+              },
+            },
+          ]
+        : [],
+    },
+    aggregations: {
+      total: {
+        value: 1,
+      },
+    },
+  } as unknown) as SearchResponse<HostMetadata>;
+}
diff --git a/x-pack/plugins/security_solution/server/endpoint/test_data/all_metadata_data.json b/x-pack/plugins/security_solution/server/endpoint/test_data/all_metadata_data.json
deleted file mode 100644
index 48952afb33f68..0000000000000
--- a/x-pack/plugins/security_solution/server/endpoint/test_data/all_metadata_data.json
+++ /dev/null
@@ -1,216 +0,0 @@
-{
-  "took": 343,
-  "timed_out": false,
-  "_shards": {
-    "total": 1,
-    "successful": 1,
-    "skipped": 0,
-    "failed": 0
-  },
-  "hits": {
-    "total": {
-      "value": 4,
-      "relation": "eq"
-    },
-    "max_score": null,
-    "hits": [
-      {
-        "_index": "metadata-endpoint-default-1",
-        "_id": "WqVo1G8BYQH1gtPUgYkC",
-        "_score": null,
-        "_source": {
-          "@timestamp": 1579816615336,
-          "event": {
-            "created": "2020-01-23T21:56:55.336Z"
-          },
-          "elastic": {
-            "agent": {
-              "id": "56a75650-3c8a-4e4f-ac17-6dd729c650e2"
-            }
-          },
-          "endpoint": {
-            "policy": {
-              "id": "C2A9093E-E289-4C0A-AA44-8C32A414FA7A"
-            }
-          },
-          "agent": {
-            "version": "6.8.3",
-            "id": "56a75650-3c8a-4e4f-ac17-6dd729c650e2",
-            "name": "Elastic Endpoint"
-          },
-          "host": {
-            "id": "7141a48b-e19f-4ae3-89a0-6e7179a84265",
-            "hostname": "larimer-0.example.com",
-            "ip": "10.21.48.136",
-            "mac": "77-be-30-f0-e8-d6",
-            "architecture": "x86_64",
-            "os": {
-              "name": "windows 6.2",
-              "full": "Windows Server 2012",
-              "version": "6.2",
-              "variant": "Windows Server"
-            }
-          }
-        },
-        "fields": {
-          "host.id.keyword": ["7141a48b-e19f-4ae3-89a0-6e7179a84265"]
-        },
-        "sort": [1579816615336],
-        "inner_hits": {
-          "most_recent": {
-            "hits": {
-              "total": {
-                "value": 2,
-                "relation": "eq"
-              },
-              "max_score": null,
-              "hits": [
-                {
-                  "_index": "metadata-endpoint-default-1",
-                  "_id": "WqVo1G8BYQH1gtPUgYkC",
-                  "_score": null,
-                  "_source": {
-                    "@timestamp": 1579816615336,
-                    "event": {
-                      "created": "2020-01-23T21:56:55.336Z"
-                    },
-                    "elastic": {
-                      "agent": {
-                        "id": "56a75650-3c8a-4e4f-ac17-6dd729c650e2"
-                      }
-                    },
-                    "endpoint": {
-                      "policy": {
-                        "id": "C2A9093E-E289-4C0A-AA44-8C32A414FA7A"
-                      }
-                    },
-                    "agent": {
-                      "version": "6.8.3",
-                      "id": "56a75650-3c8a-4e4f-ac17-6dd729c650e2",
-                      "name": "Elastic Endpoint"
-                    },
-                    "host": {
-                      "id": "7141a48b-e19f-4ae3-89a0-6e7179a84265",
-                      "hostname": "larimer-0.example.com",
-                      "ip": "10.21.48.136",
-                      "mac": "77-be-30-f0-e8-d6",
-                      "architecture": "x86_64",
-                      "os": {
-                        "name": "windows 6.2",
-                        "full": "Windows Server 2012",
-                        "version": "6.2",
-                        "variant": "Windows Server"
-                      }
-                    }
-                  },
-                  "sort": [1579816615336]
-                }
-              ]
-            }
-          }
-        }
-      },
-      {
-        "_index": "metadata-endpoint-default-1",
-        "_id": "W6Vo1G8BYQH1gtPUgYkC",
-        "_score": null,
-        "_source": {
-          "@timestamp": 1579816615336,
-          "event": {
-            "created": "2020-01-23T21:56:55.336Z"
-          },
-          "elastic": {
-            "agent": {
-              "id": "c2d84d8f-d355-40de-8b54-5d318d4d1312"
-            }
-          },
-          "endpoint": {
-            "policy": {
-              "id": "C2A9093E-E289-4C0A-AA44-8C32A414FA7A"
-            }
-          },
-          "agent": {
-            "version": "6.4.3",
-            "id": "c2d84d8f-d355-40de-8b54-5d318d4d1312",
-            "name": "Elastic Endpoint"
-          },
-          "host": {
-            "id": "f35ec6c1-6562-45b1-818f-2f14c0854adf",
-            "hostname": "hildebrandt-6.example.com",
-            "ip": "10.53.92.84",
-            "mac": "af-f1-8f-51-25-2a",
-            "architecture": "x86_64",
-            "os": {
-              "name": "windows 10.0",
-              "full": "Windows 10",
-              "version": "10.0",
-              "variant": "Windows Pro"
-            }
-          }
-        },
-        "fields": {
-          "host.id.keyword": ["f35ec6c1-6562-45b1-818f-2f14c0854adf"]
-        },
-        "sort": [1579816615336],
-        "inner_hits": {
-          "most_recent": {
-            "hits": {
-              "total": {
-                "value": 2,
-                "relation": "eq"
-              },
-              "max_score": null,
-              "hits": [
-                {
-                  "_index": "metadata-endpoint-default-1",
-                  "_id": "W6Vo1G8BYQH1gtPUgYkC",
-                  "_score": null,
-                  "_source": {
-                    "@timestamp": 1579816615336,
-                    "event": {
-                      "created": "2020-01-23T21:56:55.336Z"
-                    },
-                    "elastic": {
-                      "agent": {
-                        "id": "c2d84d8f-d355-40de-8b54-5d318d4d1312"
-                      }
-                    },
-                    "endpoint": {
-                      "policy": {
-                        "id": "C2A9093E-E289-4C0A-AA44-8C32A414FA7A"
-                      }
-                    },
-                    "agent": {
-                      "version": "6.4.3",
-                      "id": "c2d84d8f-d355-40de-8b54-5d318d4d1312",
-                      "name": "Elastic Endpoint"
-                    },
-                    "host": {
-                      "id": "f35ec6c1-6562-45b1-818f-2f14c0854adf",
-                      "hostname": "hildebrandt-6.example.com",
-                      "ip": "10.53.92.84",
-                      "mac": "af-f1-8f-51-25-2a",
-                      "architecture": "x86_64",
-                      "os": {
-                        "name": "windows 10.0",
-                        "full": "Windows 10",
-                        "version": "10.0",
-                        "variant": "Windows Pro"
-                      }
-                    }
-                  },
-                  "sort": [1579816615336]
-                }
-              ]
-            }
-          }
-        }
-      }
-    ]
-  },
-  "aggregations": {
-    "total": {
-      "value": 2
-    }
-  }
-}
diff --git a/x-pack/test/api_integration/apis/endpoint/metadata.ts b/x-pack/test/api_integration/apis/endpoint/metadata.ts
index 6c6db10729ab6..61f294cbd6f9c 100644
--- a/x-pack/test/api_integration/apis/endpoint/metadata.ts
+++ b/x-pack/test/api_integration/apis/endpoint/metadata.ts
@@ -199,6 +199,24 @@ export default function ({ getService }: FtrProviderContext) {
         expect(body.request_page_index).to.eql(0);
       });
 
+      it('metadata api should return the latest event for all the events where policy status is not success', async () => {
+        const { body } = await supertest
+          .post('/api/endpoint/metadata')
+          .set('kbn-xsrf', 'xxx')
+          .send({
+            filter: `not endpoint.policy.applied.status:success`,
+          })
+          .expect(200);
+        const statuses: Set<string> = new Set(
+          body.hosts.map(
+            (hostInfo: Record<string, any>) => hostInfo.metadata.endpoint.policy.applied.status
+          )
+        );
+
+        expect(statuses.size).to.eql(1);
+        expect(Array.from(statuses)).to.eql(['failure']);
+      });
+
       it('metadata api should return the endpoint based on the elastic agent id, and status should be error', async () => {
         const targetEndpointId = 'fc0ff548-feba-41b6-8367-65e8790d0eaf';
         const targetElasticAgentId = '023fa40c-411d-4188-a941-4147bfadd095';
diff --git a/x-pack/test/functional/es_archives/endpoint/alerts/host_api_feature/data.json.gz b/x-pack/test/functional/es_archives/endpoint/alerts/host_api_feature/data.json.gz
index 49082ed3bec8b0876ab3ea453581b858ce2b3d81..2921abededde5a5f343bad81a7e3ac71d752ae55 100644
GIT binary patch
literal 888
zcmV-;1Bd({iwFpqk=<SZ17u-zVJ>QOZ*BnXmP?P@HV}aC{uPGLI|3g=itMS*c8eSq
zMT-Cpf})4v%d6J53`=&hUHHG3a@HGL@;<N)awq~=hCL6>kTd)^ccbxm(%!D(<cIMj
z)P8c&3AQxfbdtOLC;zQNr@g)YWx?J~--Mq^_5S*=>kq%B-}mO7#WKWCozWt;>&iC}
zmtj>`%eKe@3e*yWm}oO^fggODdb9RlqGZXBZMBF^ON&*Oa%GSqN~uuUi-QTx;<7#R
zdB`qObQoQLL_Pv~QG!FJ!Dx@1h?R!9$;B71ZCp21z3g0dAqzXXSM44`#W^)?<xhhR
z<3D7;IU3_Ag2|x(W9h&IVSvaBA{(ONdh+158^*ieveSU8dS3b4eneWW=2Z+maaJs8
zu`lKOs=XOsZF92Ka(1-tqkJ#L)G{lt;7S+^c*&+Pog#v{lwyh;f1Z}pzGp5@yJ<S_
zX5)Qqn#qxV_tfIHgSz>3q;|iClTr^{Z|bJ!*+~uyeVcy+xkb8Jc=h+@xWu2A>Cpx5
zT>@U(5->y#R(JsdO(~s~DwpfTt82bLjyIdLg0uXTtPoh9Y{_27Wg%F8>_BB?VR*su
zsP2Crg<6pB$5Od>EpUWrAy>t*^PY9n?})US&p#J_8S0PC_+4D*79R`7#c5iHjr(|S
zsEeM#mev*Ri`9Es&+PaBi8GBoI(+X&yV2<G<)C@vdZ3xjR^J3PTIm;nMg{F7CXn1?
zcg%A?@gSh27+F3~${PD9XmnxzJ7|=1+&UEClu3YS@|nfRpk%(JV0@X>xq5sD&1tD$
z1Ddp+i@K#$(-1U~QxeKbNKtV>>Ka4vykL{>9!Z`H_5#pYQ*@l+1C|ISGKLDRhX4|$
z5K<M=ycjbmbAsSJBmtU$dgxLJ8kEaig%BX(Yazth)9lH~vuEM+>$-lFJo^`XMfCUq
zdT!o*8}wN7JbFr>Y${2DFr@QU#v?d~3K&yF!X$12djdUQVa8$7Di?(YsbofvW+p>O
z=c~#|lQU3gto)9iXV7EKYtZ9A{i9~{+)%4CGmeXfF(yG<-Q7tn<)cd+l0`3tLyT5E
ziykxu&(n$!;>?JX`$y!@P{Tww<;X|olr!itu_KGKAP9_tV0!3bU|H^M5V@;5KK)My
Opnn0M>kI*D4FCY?V7p2H

literal 855
zcmV-d1E~BTiwFppBGFy|17u-zVJ>QOZ*BnHmP>ErHW0_}{uGAK8G(->MfOy0nqm(@
z(PDuvilT?%%W-R4hAn$H4f5SP$|hMyavn$*dkA0|5;>z8@<04(u14eWq`h3{$q(a6
zYU1Ri8`#rg*Nt5913%7FH+y;h%Tm0bzDqyV=HvO_=YRZGe!nsAELJIh?u?eX-OS?_
z@+z&H`KqmWfD*L?DHqx;T99`>+h(_kU!(BIkL`S!w=FH#JSvStfvB}X<4^8PXqH#)
zfzN$*nR37!5)_IVFsd2?3JcCgltiL-B1}%cdhPROJ8xE<tF3h9C%04A_o4EFw(UGV
z3^t5^pMjL<T%Zh&LjmSGfJ@2&QB*`eWhd?A-tBrA?{>=`23$9bdAvLx@l;K{@cInS
zl=Fb6VhYnKBDhnnrYP~}X+1qyGyAP*d872ld3!NF+w)rHtJ#xD?FaiEH<{X;`VtLX
zFPd%7vm3d~;62|1g=M)|M)S|^P?|4`ix`rOp@6J?4Vbb7uc88luGYb8!`uA8t1Fs6
z4;L#%B?Vu#s1()@H=>)9x>ABKKbUg5a<Y<mpx0jqp_UZ;u?*Lo2Z@k9uogia_iVO(
zCChHH_@c-vHJ`TQ4|&6-IaWfd<I;V)HMCXFU{9Ml-H6qDS<mdS@YNCRM|c0%qwCS=
z>g9lV7kYr0&DP%q5Z2fi0Kz02GZxS?Vs|{bo@7!`Q_g}<k@3zy3J6=d{|^Wgg7g6u
z1mg-IIzFkG1=J$elw7QfIi|;(00c|)8bFlILNzUwhK7L1l8Q23L&-)0QYWaAyiCWe
z*A%4^F93vhRmTT8V1P1;@ljbj1c!2!(x%ex#dtu?2||ca6j%c4A;%zCFoAgpDM7~9
z!b6IunZe16XQA=yrg@YYH!t{x$cO`ETzvRG$nfrYWYn?vQj-Sd$nqyhW(WZd2w{kn
zE7B$L1TwxsPa(87Au9{oXhwz=j^SbX6BD%K3=BH2-z+k`dkr$;=YP#?!G*9s(o=-&
zgb*66x7{~D6h3k!p?Hj11;p&lv&cYKN$w7mQb$?})?M*$I3rZoRp>|hf+NUqxg$dG
hpa`6S<a)>u;04ztD6WQ%D{rLX_z(6@!yl0h000txpKkyF

diff --git a/x-pack/test/functional/es_archives/endpoint/metadata/api_feature/data.json b/x-pack/test/functional/es_archives/endpoint/metadata/api_feature/data.json
index 0f9f86b36dec7..a8d868ebbec15 100644
--- a/x-pack/test/functional/es_archives/endpoint/metadata/api_feature/data.json
+++ b/x-pack/test/functional/es_archives/endpoint/metadata/api_feature/data.json
@@ -17,7 +17,11 @@
       },
       "endpoint": {
         "policy": {
-          "id": "C2A9093E-E289-4C0A-AA44-8C32A414FA7A"
+          "applied": {
+            "name": "Default",
+            "id": "C2A9093E-E289-4C0A-AA44-8C32A414FA7A",
+            "status": "failure"
+          }
         }
       },
       "event": {
@@ -66,7 +70,11 @@
       },
       "endpoint": {
         "policy": {
-          "id": "C2A9093E-E289-4C0A-AA44-8C32A414FA7A"
+          "applied": {
+            "name": "Default",
+            "id": "C2A9093E-E289-4C0A-AA44-8C32A414FA7A",
+            "status": "success"
+          }
         }
       },
       "event": {
@@ -114,7 +122,11 @@
       },
       "endpoint": {
         "policy": {
-          "id": "00000000-0000-0000-0000-000000000000"
+          "applied": {
+            "name": "Default",
+            "id": "00000000-0000-0000-0000-000000000000",
+            "status": "failure"
+          }
         }
       },
       "event": {
@@ -160,7 +172,11 @@
       },
       "endpoint": {
         "policy": {
-          "id": "C2A9093E-E289-4C0A-AA44-8C32A414FA7A"
+          "applied": {
+            "name": "Default",
+            "id": "C2A9093E-E289-4C0A-AA44-8C32A414FA7A",
+            "status": "failure"
+          }
         }
       },
       "event": {
@@ -209,7 +225,11 @@
       },
       "endpoint": {
         "policy": {
-          "id": "C2A9093E-E289-4C0A-AA44-8C32A414FA7A"
+          "applied": {
+            "name": "Default",
+            "id": "C2A9093E-E289-4C0A-AA44-8C32A414FA7A",
+            "status": "success"
+          }
         }
       },
       "event": {
@@ -256,7 +276,11 @@
       },
       "endpoint": {
         "policy": {
-          "id": "00000000-0000-0000-0000-000000000000"
+          "applied": {
+            "name": "With Eventing",
+            "id": "00000000-0000-0000-0000-000000000000",
+            "status": "failure"
+          }
         }
       },
       "event": {
@@ -303,7 +327,11 @@
       },
       "endpoint": {
         "policy": {
-          "id": "00000000-0000-0000-0000-000000000000"
+          "applied": {
+            "name": "With Eventing",
+            "id": "00000000-0000-0000-0000-000000000000",
+            "status": "failure"
+          }
         }
       },
       "event": {
@@ -351,7 +379,11 @@
       },
       "endpoint": {
         "policy": {
-          "id": "C2A9093E-E289-4C0A-AA44-8C32A414FA7A"
+          "applied": {
+            "name": "Default",
+            "id": "C2A9093E-E289-4C0A-AA44-8C32A414FA7A",
+            "status": "success"
+          }
         }
       },
       "event": {
@@ -398,7 +430,11 @@
       },
       "endpoint": {
         "policy": {
-          "id": "00000000-0000-0000-0000-000000000000"
+          "applied": {
+            "name": "With Eventing",
+            "id": "00000000-0000-0000-0000-000000000000",
+            "status": "success"
+          }
         }
       },
       "event": {
diff --git a/x-pack/test/functional/es_archives/endpoint/policy/data.json.gz b/x-pack/test/functional/es_archives/endpoint/policy/data.json.gz
index 2fab424d27cad68350e8ea2544f0005c44e6a688..f380785f021bbfa49f17206df174a6a44c9d69df 100644
GIT binary patch
literal 1326
zcmV+}1=0E+iwFqfquyQs17u-zVJ>QOZ*BnXm`iWtHW0_}`4ogtyFh5@LA}~b-PAem
zq1{DW6oo;Nl*5fA3X*JZcH!?{QV(0!Beny1y9Zr@n3@^>X88Vpy8~dBza(t-6PQs!
zX7{RLi^Gj-`6hqJpPZ_%A09s^y1D%I@0Z^{Zhbra?c?XC!dzLzlzmY~5zA9fGRR_@
z2p;G2M1-8YK*|EV33I5|9+}vr<k*L7`6cHO%W@ngvQ@WS7a`NpY}2&wYZJU?ao+Gb
zuwh-p#I{_BO`kv{|A!tz7}_rNe5w-*TWofJ^xCpC<04kB`dpi9Fcbubb3-#U4e9n=
zn^m^^L*I;Kr#+v<K)o&@&T>vp-MTp(vLHV7v2MFi_oxd|;1TFD&w-9%7>?#K*LH*1
z!EN8|uPXX!hvf*gd&Ef+az<Ot>I2DTR$1qR{6s_?@bxBTt17dM;gmeBWP8jCw;nH`
zCPkLXv{i~Hj(~_L%D^Ek1=)rWX&h|A@TD<che&dI<Qv5{t1M?Nn|<4<0sYL<n1yE%
zA2AOlN-mCIpmKecD3E^A_8Ov4tk*nVpGEqkQI=-8YX7k-72$A)Q+Af?Q_Q|3a^xin
zOH+{^*d!FFgN#-*HODR;#FL8gnCBda{Hx@Q<d1-dIZH>X8fCfSk}=szBrIOBtz6)J
z>*p21EEh>4=~NV;qJSa_NLeD%e7qrU!tPR@vrB1@i$bB6oJD}!g7QfAFP90X*OygQ
z6{l)$7EyqTa$DLY70UjNGoWOxV%!Q;?Bb%D>rnVOT**FpAb0$0CO{nnEdN@9NYHcp
z;`MN4(94O`S@r@jC~75QAOes-vBPGBi^g~5&hdUESUD#0vQiE8s_g0qM=ol6A!+j<
z1_@3xiG2b$CR24%TsZE_;-sN0V`;IetFz`X6@Lb?0P_0EX?^~b?eYwebfK*NNZ=_`
zds6!vbV+GXmc0rCmaR+C_+>6>ubQh}%+mjMeC2Gvj<11Ny5A13x@=v_7jPC*@UHTj
zQ|52hTh4ax<qXY1AU3f)nBod|OwM{Wy?LDLg;SntH!0{&q|ZSpc0bmRdGfmjT|Lnr
zjD@Fp<`OOq*MsOmTfoHvA?QAs#scZ+ap5dloy$?l68WO)yH3we@CQ!eSFRIf1fr6r
ztK-Y<pB}^30njbb3D5Bj&|~*+pL3(W(l1tbmX1|tA{0==Z=mba8@w|P<l1xg3|J0c
zn{Qp5*B)YTDo!_r?~wAqBd<T@ESH;5G|r6Z&gQeze(<GV+cjUIqYnR7yHR&DYZ)}u
zDGy;?Bg})IP7H`_&xfvIGH5W(p@Hcj-*(#WF^-D;_fMWbfu$Px7W5IXM~B*WWI7@T
zH813*US;nn<oSl<F>FDsQw)(|nGh2LL&w1sA;X~-wVOiTGmi_uQsi14w%QKUlgN6N
zLll_4=PKpUvnfPMc*CY)L&Mal<Jcy3WO3?fclF=>-Tv-Q#ky2G4O`mj*Y$_nYNxhk
zPTJ|Doi-v(+Uca7PTJ`>u#<K=X{VER`c~LUI~|W{(oQGsbka`8;+(Y8NjvQ^Y#jhS
z7NbgF<4K}Dd&8v)*sYTsPue^zh=J64itvWyuF`Es7BQQzw+r;z=2PlooqxdaTyX~<
z8>7yjt9F}iz+r7v(_G&(s0)2eC`6PQ(6wwII)0#I6B&-LYu{NLZ7X+2iHn&;(z;3(
kH6YR~3u59MkeQmrFtI%r=uM&Sf7C|*19C{>=T|BK0Q6XxKL7v#

literal 1329
zcmV-11<v{(iwFp?Gq7F&17u-zVJ>QOZ*BnXSxax@HW0q&R}ebw0->P?^=dD5Q|Gvc
zb_=v93WFjkhZ|WGB-z>QBLBUlB-?uWk;rX;>ati<GsABl9CE&VzX3qYpA)A205mFy
zcB>Y)INGR{@A8NI$*KDK>HbS%Sc{+keE#+GHgKX}K7V;A#Fa!$*;ggBW_ij<23brK
z!Q*_Eh=`MCNLh$CQ4WorMkY2XIqV@<e#-fpWjS6aa@DXs4<XCd9m{fVcOrPj;=HD_
z$A%3Z6UX)-wgLi?{6F*&!qD-kA5eqX*k;=8L2Jv>jEh*Q8Z&*S!$=Su%}m|Yb!0d*
zU8`hY_IopuHFs{<K)osv&T>wgYF!`pUXXwW*l;{(_|$_a^a=Es??Tr!O;`7s=XjyE
zS9|I1R|UPfVVQyUjyOpo&S+~{eIU8?D(ifZpNNP<zS^X0S$UQ*oRWv7T#s3y)}sYf
zQDm8PTe;X!1VpUY8Q7bpAlnckg~Lr0J=gNJw<OCW-zaQaC8@P!UfN1E(2p#QS#%QO
zJ?4>wl8XZ{P^lh86iPiQdkLaQtX4c;orLsTEiCnL?excv)EY-mIAtes{T{QgiOjr&
z!qQZvdu$RE*clluXsX7}O=2TrJmxva5&tG}uH}!AM>$JJiW+6P!X<68rAS!3WLtT_
z`_9i1gjp_<M50qxfU*J#D<EZwNb~VhTnGD<@|>NE_HZZ^)DmZ5;JQHhTJA5838t5a
zRYeu2sx}KNKv}si+9VZ9{*@I_Vy$dk3#fRCi)gMQ5#VSk_vE4M_?HyG&IVZgu>fm9
zPxZyi!IehON2KnuXMjNwD-i<`g8YH)n-MM+Ka`#0<49m-PUK^yO7*hb>YYO_VtXdi
z`b7*9oMsYs1KgOHs+;1>yf2EIhO&&MMN?OI&At?W1hD|}`O4|;{wdex9U##~GWsI{
zPnqgT?Pt(Ap=}&{Wd<x-kD~FzT%x_GR=Y4u{p;Z?tNk*3HF%}^_25;Ht#k2(oJACT
zsI+F31)J5Dv!{=;LURy`O)M{_xPm(-&fRHxb)I(zr@Ym!63{1+K8BHadS4y0@w)}O
z8qw~|xv%@y0xnF?hv-h9!}%N`=-pZ792w|-?#^4A_YYuiv)LR!eI(~!!hGl(#DvK4
z1L&C+gC^5m8d@$299KK)T*|UU4t;$ueytJVfrrA87f)${sJzhSVYvLON3eBAb#vIj
za~M;4<o@ncu9bk)i`BELBh{(Z0@U!BcA0yF&)NZBd#=X;$-$TXwS#kPR(w@(x-R?+
zE)UG1{Vr#@?33$pDxzD>C(C}2jM&N52jx-Ie^JBi_S=@g8#>rw=N=Yp+aU>w%vWBJ
zUA?^Gfkq5W*Js#<*q|69)3zWcCWfwyDMF@8ZR*r%#77<%dS!=S?z?CQ(}T!*c}o;p
zf$u5a(sw9CiuS{n=|I!csp~oxbq{`*o~nOeZeDI~l&y1_+o;9dep`LIE_3VH*2LUS
z%x%rm#N1BI?Zn)U19oC=C+2oyZeI&_Vs6L7G%>dmb2~A&W8s{b+y5JLtLt9in{s3f
zFp={=WhV4&CxC7c8rVXn8yLEF)VX)b-1bO}O2Car$o90abNRPxJ2@V)x<9i6uJr`r
z70zA68jnn&)(6Zp*y8%MclKWy1_Vz9cW@pWwSF#Yh+Tuj%<QEd>TS$yn>RcVY|J7O
nh^I(d6C&NVAtr$dnWftd6US$vQKt$2LuU3LlvaA7Q!4-f3D}nT