Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution][Endpoint][Admin] Malware user notification checkbox #78084

Merged
merged 20 commits into from
Oct 21, 2020
Merged

[Security Solution][Endpoint][Admin] Malware user notification checkbox #78084

Show file tree
Hide file tree
Changes from 18 commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
4267f8c
basic user notification checkbox
parkiino Sep 21, 2020
72a4be0
Merge remote-tracking branch 'upstream/master' into task/malware-user…
parkiino Oct 1, 2020
c9af419
Merge remote-tracking branch 'upstream/master' into task/malware-user…
parkiino Oct 2, 2020
bc20a81
Merge remote-tracking branch 'upstream/master' into task/malware-user…
parkiino Oct 13, 2020
b9ce8c1
working migration, user notification tied to prevent or detect
parkiino Oct 13, 2020
f652794
fix existing jest test
parkiino Oct 13, 2020
6d5c35e
fixed existing functional test
parkiino Oct 13, 2020
1c1f11a
add mac migration
parkiino Oct 15, 2020
0cd6e0a
migration unit test
parkiino Oct 15, 2020
872fcf3
Merge remote-tracking branch 'upstream/master' into task/malware-user…
parkiino Oct 15, 2020
190ecac
add mac stuff
parkiino Oct 15, 2020
8bcd5b9
move migration from ingest manager to endpoint
parkiino Oct 15, 2020
c195a63
moving to common folder
parkiino Oct 19, 2020
dad57cc
didn't even push the actual changes...
parkiino Oct 19, 2020
32de69d
Merge remote-tracking branch 'upstream/master' into task/malware-user…
parkiino Oct 19, 2020
57b8993
migration works for sure now
parkiino Oct 19, 2020
a7add0d
completed ui
parkiino Oct 19, 2020
aee43b3
fix test
parkiino Oct 19, 2020
ee04d14
2nd migration test
parkiino Oct 20, 2020
6b1801c
add type to test variable
parkiino Oct 20, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions x-pack/plugins/ingest_manager/server/saved_objects/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@

import { SavedObjectsServiceSetup, SavedObjectsType } from 'kibana/server';
import { EncryptedSavedObjectsPluginSetup } from '../../../encrypted_saved_objects/server';
import { migratePackagePolicyToV7110 } from '../../../security_solution/common';
import {
OUTPUT_SAVED_OBJECT_TYPE,
AGENT_POLICY_SAVED_OBJECT_TYPE,
Expand Down Expand Up @@ -268,6 +269,7 @@ const getSavedObjectTypes = (
},
migrations: {
'7.10.0': migratePackagePolicyToV7100,
'7.11.0': migratePackagePolicyToV7110,
},
},
[PACKAGES_SAVED_OBJECT_TYPE]: {
Expand Down
12 changes: 12 additions & 0 deletions x-pack/plugins/security_solution/common/endpoint/models/policy_config.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,12 @@ export const factory = (): PolicyConfig => {
malware: {
mode: ProtectionModes.prevent,
},
popup: {
malware: {
message: '',
enabled: true,
},
},
logging: {
file: 'info',
},
Expand All @@ -37,6 +43,12 @@ export const factory = (): PolicyConfig => {
malware: {
mode: ProtectionModes.prevent,
},
popup: {
malware: {
message: '',
enabled: true,
},
},
logging: {
file: 'info',
},
Expand Down
104 changes: 104 additions & 0 deletions x-pack/plugins/security_solution/common/endpoint/policy/migrations/to_v7_11.0.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,104 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/

import { SavedObjectMigrationContext, SavedObjectUnsanitizedDoc } from 'kibana/server';
import { PackagePolicy } from '../../../../../ingest_manager/common';
import { migratePackagePolicyToV7110 } from './to_v7_11.0';

describe('7.11.0 Endpoint Package Policy migration', () => {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

could you add another test case that ensures package policies are not modified for non-endpoint package policies?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yesss will do!

const migration = migratePackagePolicyToV7110;
it('adds malware notification checkbox and optional message', () => {
const doc = {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe add a Type to doc? so that in the future the structure changes, we're reminded (error) to come revisit this.

attributes: {
name: 'Some Policy Name',
package: {
name: 'endpoint',
title: '',
version: '',
},
id: 'endpoint',
policy_id: '',
enabled: true,
namespace: '',
output_id: '',
revision: 0,
updated_at: '',
updated_by: '',
created_at: '',
created_by: '',
inputs: [
{
type: 'endpoint',
enabled: true,
streams: [],
config: {
policy: {
value: {
windows: {},
mac: {},
},
},
},
},
],
},
type: ' nested',
};

expect(
migration(doc, {} as SavedObjectMigrationContext) as SavedObjectUnsanitizedDoc<PackagePolicy>
).toEqual({
attributes: {
name: 'Some Policy Name',
package: {
name: 'endpoint',
title: '',
version: '',
},
id: 'endpoint',
policy_id: '',
enabled: true,
namespace: '',
output_id: '',
revision: 0,
updated_at: '',
updated_by: '',
created_at: '',
created_by: '',
inputs: [
{
type: 'endpoint',
enabled: true,
streams: [],
config: {
policy: {
value: {
windows: {
popup: {
malware: {
message: '',
enabled: false,
},
},
},
mac: {
popup: {
malware: {
message: '',
enabled: false,
},
},
},
},
},
},
},
],
},
type: ' nested',
});
});
});
32 changes: 32 additions & 0 deletions x-pack/plugins/security_solution/common/endpoint/policy/migrations/to_v7_11.0.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/

import { SavedObjectMigrationFn, SavedObjectUnsanitizedDoc } from 'kibana/server';
import { cloneDeep } from 'lodash';
import { PackagePolicy } from '../../../../../ingest_manager/common';

export const migratePackagePolicyToV7110: SavedObjectMigrationFn<PackagePolicy, PackagePolicy> = (
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is only used by server code correct?
perhaps it would be more appropriate to store it under ./server directory and have it exposed via ./server/index?

@nnamdifrankie what do you think? ⬆️

packagePolicyDoc
) => {
const updatedPackagePolicyDoc: SavedObjectUnsanitizedDoc<PackagePolicy> = cloneDeep(
packagePolicyDoc
);
if (packagePolicyDoc.attributes.package?.name === 'endpoint') {
const input = updatedPackagePolicyDoc.attributes.inputs[0];
const popup = {
malware: {
message: '',
enabled: false,
},
};
if (input && input.config) {
input.config.policy.value.windows.popup = popup;
input.config.policy.value.mac.popup = popup;
}
}

return updatedPackagePolicyDoc;
};
16 changes: 14 additions & 2 deletions x-pack/plugins/security_solution/common/endpoint/types/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -873,6 +873,12 @@ export interface PolicyConfig {
logging: {
file: string;
};
popup: {
malware: {
message: string;
enabled: boolean;
};
};
};
mac: {
events: {
Expand All @@ -881,6 +887,12 @@ export interface PolicyConfig {
network: boolean;
};
malware: MalwareFields;
popup: {
malware: {
message: string;
enabled: boolean;
};
};
logging: {
file: string;
};
Expand All @@ -904,11 +916,11 @@ export interface UIPolicyConfig {
/**
* Windows-specific policy configuration that is supported via the UI
*/
windows: Pick<PolicyConfig['windows'], 'events' | 'malware'>;
windows: Pick<PolicyConfig['windows'], 'events' | 'malware' | 'popup'>;
/**
* Mac-specific policy configuration that is supported via the UI
*/
mac: Pick<PolicyConfig['mac'], 'malware' | 'events'>;
mac: Pick<PolicyConfig['mac'], 'malware' | 'events' | 'popup'>;
/**
* Linux-specific policy configuration that is supported via the UI
*/
Expand Down
1 change: 1 addition & 0 deletions x-pack/plugins/security_solution/common/shared_exports.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,3 +16,4 @@ export { exactCheck } from './exact_check';
export { getPaths, foldLeftRight } from './test_utils';
export { validate, validateEither } from './validate';
export { formatErrors } from './format_errors';
export { migratePackagePolicyToV7110 } from './endpoint/policy/migrations/to_v7_11.0';
12 changes: 12 additions & 0 deletions ...ugins/security_solution/public/management/pages/policy/store/policy_details/index.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -238,11 +238,23 @@ describe('policy details: ', () => {
security: true,
},
malware: { mode: 'prevent' },
popup: {
malware: {
enabled: true,
message: '',
},
},
logging: { file: 'info' },
},
mac: {
events: { process: true, file: true, network: true },
malware: { mode: 'prevent' },
popup: {
malware: {
enabled: true,
message: '',
},
},
logging: { file: 'info' },
},
linux: {
Expand Down
2 changes: 2 additions & 0 deletions ...lugins/security_solution/public/management/pages/policy/store/policy_details/selectors.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -105,10 +105,12 @@ export const policyConfig: (s: PolicyDetailsState) => UIPolicyConfig = createSel
windows: {
events: windows.events,
malware: windows.malware,
popup: windows.popup,
},
mac: {
events: mac.events,
malware: mac.malware,
popup: mac.popup,
},
linux: {
events: linux.events,
Expand Down
46 changes: 45 additions & 1 deletion ...ecurity_solution/public/management/pages/policy/view/policy_forms/protections/malware.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ import {
EuiSpacer,
htmlIdGenerator,
EuiCallOut,
EuiCheckbox,
} from '@elastic/eui';
import { i18n } from '@kbn/i18n';
import { FormattedMessage } from '@kbn/i18n/react';
Expand Down Expand Up @@ -50,6 +51,11 @@ const ProtectionRadio = React.memo(({ id, label }: { id: ProtectionModes; label:
const newPayload = clone(policyDetailsConfig);
for (const os of OSes) {
newPayload[os][protection].mode = id;
if (id === ProtectionModes.prevent) {
newPayload[os].popup[protection].enabled = true;
} else {
newPayload[os].popup[protection].enabled = false;
}
}
dispatch({
type: 'userChangedPolicyConfig',
Expand Down Expand Up @@ -85,6 +91,8 @@ export const MalwareProtections = React.memo(() => {
const dispatch = useDispatch();
// currently just taking windows.malware, but both windows.malware and mac.malware should be the same value
const selected = policyDetailsConfig && policyDetailsConfig.windows.malware.mode;
const userNotificationSelected =
policyDetailsConfig && policyDetailsConfig.windows.popup.malware.enabled;

const radios: Immutable<Array<{
id: ProtectionModes;
Expand Down Expand Up @@ -116,10 +124,12 @@ export const MalwareProtections = React.memo(() => {
if (event.target.checked === false) {
for (const os of OSes) {
newPayload[os][protection].mode = ProtectionModes.off;
newPayload[os].popup[protection].enabled = event.target.checked;
}
} else {
for (const os of OSes) {
newPayload[os][protection].mode = ProtectionModes.prevent;
newPayload[os].popup[protection].enabled = event.target.checked;
}
}
dispatch({
Expand All @@ -131,6 +141,22 @@ export const MalwareProtections = React.memo(() => {
[dispatch, policyDetailsConfig]
);

const handleUserNotificationCheckbox = useCallback(
(event) => {
if (policyDetailsConfig) {
const newPayload = clone(policyDetailsConfig);
for (const os of OSes) {
newPayload[os].popup[protection].enabled = event.target.checked;
}
dispatch({
type: 'userChangedPolicyConfig',
payload: { policyConfig: newPayload },
});
}
},
[policyDetailsConfig, dispatch]
);

const radioButtons = useMemo(() => {
return (
<>
Expand All @@ -154,9 +180,27 @@ export const MalwareProtections = React.memo(() => {
);
})}
</ProtectionRadioGroup>
<EuiSpacer size="s" />
<EuiTitle size="xxxs">
<h6>
<FormattedMessage
id="xpack.securitySolution.endpoint.policyDetailsConfig.userNotification"
defaultMessage="User Notification"
/>
</h6>
</EuiTitle>
<EuiCheckbox
id="xpack.securitySolution.endpoint.policyDetail.malware.userNotification"
onChange={handleUserNotificationCheckbox}
checked={userNotificationSelected}
label={i18n.translate(
'xpack.securitySolution.endpoint.policyDetail.malware.userNotification',
{ defaultMessage: 'User Notification' }
)}
/>
</>
);
}, [radios]);
}, [radios, handleUserNotificationCheckbox, userNotificationSelected]);

const protectionSwitch = useMemo(() => {
return (
Expand Down
12 changes: 12 additions & 0 deletions x-pack/test/security_solution_endpoint/apps/endpoint/policy_details.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -206,6 +206,12 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
events: { file: false, network: true, process: true },
logging: { file: 'info' },
malware: { mode: 'prevent' },
popup: {
malware: {
enabled: true,
message: '',
},
},
},
windows: {
events: {
Expand All @@ -219,6 +225,12 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
},
logging: { file: 'info' },
malware: { mode: 'prevent' },
popup: {
malware: {
enabled: true,
message: '',
},
},
},
},
streams: [],
Expand Down