[8.5][Elastic Defend onboarding] Endpoint and Cloud settings

[animehart]

Summary

We are going to introduce new fields on the Endpoint and Cloud Security integration onboarding page. The primary objective is to offer the user optimized options for Endpoint usage versus Cloud Security usage, which involves enabling some of the fields that are only available on the Edit Integration page (like session_data and preventions), plus adding options for data retention that will be sent to the backend to create an Event Filter based on the user's choice of data retention.

Changes:

• Added Options to choose between Endpoint Security and Cloud Security
• Added More sub-options under the options above
• Disabled malware protections for Cloud security due to performance issues.

Screenshots (Click on the Image to see it larger)

Current	New (Endpoint selected)	New (Cloud Security selected)

Settings for Endpoint

NGAV
-- Malware: Prevent
-- Ransomware: Prevent
-- Memory Protection: Prevent
-- Event Collection: Process Only

EDR Essential
-- Malware: Prevent
-- Ransomware: Prevent
-- Memory Protection: Prevent
-- Event Collection: Process, Network, File

EDR Complete
-- Malware: Prevent
-- Ransomware: Prevent
-- Memory Protection: Prevent
-- Event Collection: Process, Network, File + Session Data

[paul-tavares]

can you make this read only? or use `Object.freeze() on the array.

also, can you add a type to it.

[opauloh]

@paul-tavares - thanks for all the tips on the first PR review round. I just pushed a code refactoring that addresses most of the suggestions, plus some optimizations on the logic, so I'll ask you to review it one more time, but I'm unsure if this one is still needed now that I have added the mappings.

[benironside]

I have some suggestions for the UI copy, assuming the screenshots at the top of the PR are still current:

• Instead of “You can make changes to the configurations after you add it.” -> “You can make configuration changes after you create the integration.”

• Instead of “Select for what environment you would like to add the integration” -> “Select the type of environment you want to protect”

• Instead of “To save on data ingestion volume select interactive session only” -> “To reduce data ingestion volume, select Interactive only”

• Instead of “You can disable detections anytime in the agent policy configurations settings.” -> “You can disable protections anytime in the agent policy configurations settings.” (Right? This section is about protections not detections.)

[opauloh]

Thanks for the suggestions @benironside!

Edit: updated the PR with the suggestions

[paul-tavares]

Thanks for all of the changes. It's looking good.

My only concern is the disabling of the ESLint for the react useEffect() hooks. Can we remove those? I can help if needed - let me know.

[paul-tavares]

Looks good. Thanks for all the changes.

[kevinlog]

@opauloh @animehart - just a heads up, this PR skips the flakey test, so make sure you've this in and your PR should pass. One of our PRs was having the same issue.

[opauloh]

@opauloh @animehart - just a heads up, this PR skips the flakey test, so make sure you've this in and your PR should pass. One of our PRs was having the same issue.

thanks a lot @kevinlog

[kibana-ci]

💚 Build Succeeded

• Buildkite Build
• Commit: a7cd8f6

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id	before	after	diff
securitySolution	3143	3145	+2

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
securitySolution	6.5MB	6.5MB	+6.8KB

Unknown metric groups

ESLint disabled line counts

id	before	after	diff
securitySolution	409	408	-1

Total ESLint disabled count

id	before	after	diff
securitySolution	481	480	-1

History

• 💔 Build #74196 failed fcebe3a
• 💔 Build #74153 failed b4cfbcc
• 💔 Build #74117 failed 8659f2c
• 💚 Build #73698 succeeded 5af214a
• 💚 Build #73574 succeeded 84c7edf

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @opauloh