[EDR Workflows] Option to sync antivirus registration with malware settings #180484
Conversation
gergoabraham
added
release_note:skip
|
Pinging @elastic/security-defend-workflows (Team:Defend Workflows) |
botelastic
bot
added
the
Team:Fleet
|
Pinging @elastic/fleet (Team:Fleet) |
… src/core/server/integration_tests/ci_checks'
|
@elasticmachine merge upstream |
… src/core/server/integration_tests/ci_checks'
| @@ -1000,6 +1000,7 @@ export interface PolicyConfig { | |||
| }; | |||
| }; | |||
| antivirus_registration: { | |||
| mode?: AntivirusRegistrationModes; | |||
There was a problem hiding this comment.
Is mode truly optional?
There was a problem hiding this comment.
it is optional only for one release cycle, afterwards it will be required - this is for supporting serverless rollout, see this comment: #179176 (comment)
| import type { PolicyConfig } from '../types'; | ||
| import { ProtectionModes, AntivirusRegistrationModes } from '../types'; | ||
|
|
||
| export const updateAntivirusRegistrationEnabledInPlace = (policy: PolicyConfig): PolicyConfig => { |
There was a problem hiding this comment.
Maybe drop InPlace from the name? Spent way too much time trying to figure out what does it mean :D
There was a problem hiding this comment.
done, also added JSOC 3d1bdba
| ), | ||
| [AntivirusRegistrationModes.sync]: i18n.translate( | ||
| 'xpack.securitySolution.endpoint.policy.details.antivirusRegistration.syncWithMalwarePrevent', | ||
| { defaultMessage: 'Sync with Malware Prevent' } |
There was a problem hiding this comment.
| { defaultMessage: 'Sync with Malware Prevent' } | |
| { defaultMessage: 'Sync with Malware Protection level' } |
Either way, I believe we could use a popover of sorts to explain what will happen on Prevent and Detect
There was a problem hiding this comment.
done, also added hint 3f23c6d
| if (antivirusRegistrationMode) { | ||
| // calculate only if `mode` exists | ||
| policy.windows.antivirus_registration.enabled = | ||
| modeToEnabled[antivirusRegistrationMode] ?? false; |
There was a problem hiding this comment.
can modeToEnabled[antivirusRegistrationMode] be undefined?
There was a problem hiding this comment.
yes, if there is an invalid value in antivirusRegistrationMode. so it should not happen, but if it happens because of reasons, the safest is to keep antivirus registration disabled
|
@caitlinbetz @joepeeples @ferullo what do you think about the tooltip text? also, I've displayed the current outcome of antivirus registration, so the user can see immediately what setting the antivirus registration to sync with malware results in. should we go with this? |
| 'aria-checked', | ||
| 'false' | ||
| ); | ||
| expect(renderResult.getByTestId(antivirusTestSubj.radioButtons)).toBeTruthy(); |
There was a problem hiding this comment.
Why the change in this test case? it now just seem to be checking that its in the DOM and not really checking what state it is in (checked or unchecked)
There was a problem hiding this comment.
good point - I forgot to check it :)
fixed here 2b457bf
There was a problem hiding this comment.
Thanks for including me in the review, @gergoabraham! Left a couple suggested edits, just let me know if you need anything else.
...ment/pages/policy/view/policy_settings_form/components/cards/antivirus_registration_card.tsx
Outdated
Show resolved
Hide resolved
...ment/pages/policy/view/policy_settings_form/components/cards/antivirus_registration_card.tsx
Outdated
Show resolved
Hide resolved
...ment/pages/policy/view/policy_settings_form/components/cards/antivirus_registration_card.tsx
Outdated
Show resolved
Hide resolved
Co-authored-by: Joe Peeples <[email protected]>
|
@elasticmachine merge upstream |
|
@elasticmachine merge upstream |
💚 Build Succeeded
Metrics [docs]Module Count
Async chunks
History
To update your PR or re-run it, just comment with: |
gergoabraham
deleted the
sync-antivirus-registration-with-malware-settings
branch
…n.mode` from optional to required (#181986) ## Summary `antivirus_registration.mode` field was added to Endpoint integration policy config in this PR: #180484 It was optional to support roll-out, now it's changed to required as it has been released since. Co-authored-by: Kibana Machine <[email protected]>
Summary
Adds option to Defend integration's Antivirus Registration card to sync registration with Malware settings.
Details:
PolicyConfig:antivirus_registration.mode, which can beenabled,disabledorsync_with_malware_preventantivirus_registration.enabledfield is derived from this field, so it's compatible with older Endpoints, tooantivirus_registration.enabledhappens both on client side and on server side (in Fleet'spackagePolicyUpdateingest callback)disabled, as in previous versionChecklist
Delete any items that are not applicable to this PR.