Skip to content

Commit

Permalink
[Security Solution]Memory protection configuration card for policies …
Browse files Browse the repository at this point in the history 
…integration. (#101365)
  • Loading branch information
@academo
academo committed Jul 19, 2021
1 parent 47c30c3 commit ebc0274
Show file tree
Hide file tree
Showing 21 changed files with 611 additions and 59 deletions.
2 changes: 2 additions & 0 deletions x-pack/plugins/fleet/server/saved_objects/index.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ import {
migrateOutputToV7130,
} from './migrations/to_v7_13_0';
import { migratePackagePolicyToV7140 } from './migrations/to_v7_14_0';
import { migratePackagePolicyToV7150 } from './migrations/to_v7_15_0';

/*
* Saved object types and mappings
Expand Down Expand Up @@ -272,6 +273,7 @@ const getSavedObjectTypes = (
'7.12.0': migratePackagePolicyToV7120,
'7.13.0': migratePackagePolicyToV7130,
'7.14.0': migratePackagePolicyToV7140,
'7.15.0': migratePackagePolicyToV7150,
},
},
[PACKAGES_SAVED_OBJECT_TYPE]: {
Expand Down
1 change: 1 addition & 0 deletions x-pack/plugins/fleet/server/saved_objects/migrations/security_solution/index.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,3 +9,4 @@ export { migratePackagePolicyToV7110 } from './to_v7_11_0';
export { migratePackagePolicyToV7120 } from './to_v7_12_0';
export { migrateEndpointPackagePolicyToV7130 } from './to_v7_13_0';
export { migrateEndpointPackagePolicyToV7140 } from './to_v7_14_0';
export { migratePackagePolicyToV7150 } from './to_v7_15_0';
174 changes: 174 additions & 0 deletions x-pack/plugins/fleet/server/saved_objects/migrations/security_solution/to_v7_15_0.test.ts
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,174 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import type { SavedObjectMigrationContext, SavedObjectUnsanitizedDoc } from 'kibana/server';

import type { PackagePolicy } from '../../../../common';

import { migratePackagePolicyToV7150 as migration } from './to_v7_15_0';

describe('7.15.0 Endpoint Package Policy migration', () => {
const policyDoc = ({
windowsMemory = {},
windowsPopup = {},
windowsMalware = {},
windowsRansomware = {},
}) => {
return {
id: 'mock-saved-object-id',
attributes: {
name: 'Some Policy Name',
package: {
name: 'endpoint',
title: '',
version: '',
},
id: 'endpoint',
policy_id: '',
enabled: true,
namespace: '',
output_id: '',
revision: 0,
updated_at: '',
updated_by: '',
created_at: '',
created_by: '',
inputs: [
{
type: 'endpoint',
enabled: true,
streams: [],
config: {
policy: {
value: {
windows: {
...windowsMalware,
...windowsRansomware,
...windowsMemory,
...windowsPopup,
},
},
},
},
},
],
},
type: ' nested',
};
};

it('adds windows memory protection alongside malware and ramsomware', () => {
const initialDoc = policyDoc({
windowsMalware: { malware: { mode: 'off' } },
windowsRansomware: { ransomware: { mode: 'off', supported: true } },
windowsPopup: {
popup: {
malware: {
message: '',
enabled: true,
},
ransomware: {
message: '',
enabled: true,
},
},
},
});

const migratedDoc = policyDoc({
windowsMalware: { malware: { mode: 'off' } },
windowsRansomware: { ransomware: { mode: 'off', supported: true } },
// new memory protection
windowsMemory: { memory_protection: { mode: 'off', supported: true } },
windowsPopup: {
popup: {
malware: {
message: '',
enabled: true,
},
ransomware: {
message: '',
enabled: true,
},
// new memory popup setup
memory_protection: {
message: '',
enabled: false,
},
},
},
});

expect(migration(initialDoc, {} as SavedObjectMigrationContext)).toEqual(migratedDoc);
});

it('does not modify non-endpoint package policies', () => {
const doc: SavedObjectUnsanitizedDoc<PackagePolicy> = {
id: 'mock-saved-object-id',
attributes: {
name: 'Some Policy Name',
package: {
name: 'notEndpoint',
title: '',
version: '',
},
id: 'notEndpoint',
policy_id: '',
enabled: true,
namespace: '',
output_id: '',
revision: 0,
updated_at: '',
updated_by: '',
created_at: '',
created_by: '',
inputs: [
{
type: 'notEndpoint',
enabled: true,
streams: [],
config: {},
},
],
},
type: ' nested',
};

expect(
migration(doc, {} as SavedObjectMigrationContext) as SavedObjectUnsanitizedDoc<PackagePolicy>
).toEqual({
attributes: {
name: 'Some Policy Name',
package: {
name: 'notEndpoint',
title: '',
version: '',
},
id: 'notEndpoint',
policy_id: '',
enabled: true,
namespace: '',
output_id: '',
revision: 0,
updated_at: '',
updated_by: '',
created_at: '',
created_by: '',
inputs: [
{
type: 'notEndpoint',
enabled: true,
streams: [],
config: {},
},
],
},
type: ' nested',
id: 'mock-saved-object-id',
});
});
});
43 changes: 43 additions & 0 deletions x-pack/plugins/fleet/server/saved_objects/migrations/security_solution/to_v7_15_0.ts
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import type { SavedObjectMigrationFn, SavedObjectUnsanitizedDoc } from 'kibana/server';
import { cloneDeep } from 'lodash';

import type { PackagePolicy } from '../../../../common';

export const migratePackagePolicyToV7150: SavedObjectMigrationFn<PackagePolicy, PackagePolicy> = (
packagePolicyDoc
) => {
if (packagePolicyDoc.attributes.package?.name !== 'endpoint') {
return packagePolicyDoc;
}

const updatedPackagePolicyDoc: SavedObjectUnsanitizedDoc<PackagePolicy> = cloneDeep(
packagePolicyDoc
);

const input = updatedPackagePolicyDoc.attributes.inputs[0];
const memory = {
mode: 'off',
// This value is based on license.
// For the migration, we add 'true', our license watcher will correct it, if needed, when the app starts.
supported: true,
};
const memoryPopup = {
message: '',
enabled: false,
};
if (input && input.config) {
const policy = input.config.policy.value;

policy.windows.memory_protection = memory;
policy.windows.popup.memory_protection = memoryPopup;
}

return updatedPackagePolicyDoc;
};
26 changes: 26 additions & 0 deletions x-pack/plugins/fleet/server/saved_objects/migrations/to_v7_15_0.ts
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import type { SavedObjectMigrationFn } from 'kibana/server';

import type { PackagePolicy } from '../../../common';

import { migratePackagePolicyToV7150 as SecSolMigratePackagePolicyToV7150 } from './security_solution';

export const migratePackagePolicyToV7150: SavedObjectMigrationFn<PackagePolicy, PackagePolicy> = (
packagePolicyDoc,
migrationContext
) => {
let updatedPackagePolicyDoc = packagePolicyDoc;

// Endpoint specific migrations
if (packagePolicyDoc.attributes.package?.name === 'endpoint') {
updatedPackagePolicyDoc = SecSolMigratePackagePolicyToV7150(packagePolicyDoc, migrationContext);
}

return updatedPackagePolicyDoc;
};
22 changes: 21 additions & 1 deletion x-pack/plugins/security_solution/common/endpoint/models/policy_config.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,10 @@ export const policyFactory = (): PolicyConfig => {
mode: ProtectionModes.prevent,
supported: true,
},
memory_protection: {
mode: ProtectionModes.prevent,
supported: true,
},
popup: {
malware: {
message: '',
Expand All @@ -38,6 +42,10 @@ export const policyFactory = (): PolicyConfig => {
message: '',
enabled: true,
},
memory_protection: {
message: '',
enabled: true,
},
},
logging: {
file: 'info',
Expand Down Expand Up @@ -101,6 +109,10 @@ export const policyFactoryWithoutPaidFeatures = (
mode: ProtectionModes.off,
supported: false,
},
memory_protection: {
mode: ProtectionModes.off,
supported: false,
},
popup: {
...policy.windows.popup,
malware: {
Expand All @@ -111,6 +123,10 @@ export const policyFactoryWithoutPaidFeatures = (
message: '',
enabled: false,
},
memory_protection: {
message: '',
enabled: false,
},
},
},
mac: {
Expand Down Expand Up @@ -150,11 +166,15 @@ export const policyFactoryWithSupportedFeatures = (
...policy.windows.ransomware,
supported: true,
},
memory_protection: {
...policy.windows.memory_protection,
supported: true,
},
},
};
};

/**
* Reflects what string the Endpoint will use when message field is default/empty
*/
export const DefaultMalwareMessage = 'Elastic Security {action} {filename}';
export const DefaultPolicyNotificationMessage = 'Elastic Security {action} {filename}';
13 changes: 12 additions & 1 deletion x-pack/plugins/security_solution/common/endpoint/types/index.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -864,6 +864,7 @@ export interface PolicyConfig {
security: boolean;
};
malware: ProtectionFields;
memory_protection: ProtectionFields & SupportedFields;
ransomware: ProtectionFields & SupportedFields;
logging: {
file: string;
Expand All @@ -877,6 +878,10 @@ export interface PolicyConfig {
message: string;
enabled: boolean;
};
memory_protection: {
message: string;
enabled: boolean;
};
};
antivirus_registration: {
enabled: boolean;
Expand Down Expand Up @@ -929,7 +934,13 @@ export interface UIPolicyConfig {
*/
windows: Pick<
PolicyConfig['windows'],
'events' | 'malware' | 'ransomware' | 'popup' | 'antivirus_registration' | 'advanced'
| 'events'
| 'malware'
| 'ransomware'
| 'popup'
| 'antivirus_registration'
| 'advanced'
| 'memory_protection'
>;
/**
* Mac-specific policy configuration that is supported via the UI
Expand Down
Loading

0 comments on commit ebc0274

Please sign in to comment.