Skip to content

[EDR Workflows] Update description on data reduction advanced options #213970

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
gergoabraham merged 5 commits into from
Mar 12, 2025
Merged

[EDR Workflows] Update description on data reduction advanced options #213970

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
9e7bbcf
update description for event hash advanced options
gergoabraham Mar 11, 2025
8fc0f51
update description for alers hash advanced options
gergoabraham Mar 11, 2025
05b0ebe
add default history for 12 hash options
gergoabraham Mar 11, 2025
5984d8e
add default history for `aggregate_process`
gergoabraham Mar 11, 2025
5da25a3
add default history for `set_extended_host_information`
gergoabraham Mar 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 21 additions & 21 deletions ...plugins/security_solution/public/management/pages/policy/models/advanced_policy_schema.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2121,7 +2121,7 @@ export const AdvancedPolicySchema: AdvancedPolicySchemaType[] = [
'xpack.securitySolution.endpoint.policy.advanced.windows.advanced.events.aggregate_process',
{
defaultMessage:
'Reduce event volume by merging related process events into fewer aggregate events. Default is true.',
'Reduce event volume by merging related process events into fewer aggregate events. <=8.17 default: false, >=8.18 default: true',
}
),
},
Expand All @@ -2132,7 +2132,7 @@ export const AdvancedPolicySchema: AdvancedPolicySchemaType[] = [
'xpack.securitySolution.endpoint.policy.advanced.linux.advanced.events.aggregate_process',
{
defaultMessage:
'Reduce event volume by merging related process events into fewer aggregate events. Default is true.',
'Reduce event volume by merging related process events into fewer aggregate events. <=8.17 default: false, >=8.18 default: true',
}
),
},
Expand All @@ -2143,7 +2143,7 @@ export const AdvancedPolicySchema: AdvancedPolicySchemaType[] = [
'xpack.securitySolution.endpoint.policy.advanced.mac.advanced.events.aggregate_process',
{
defaultMessage:
'Reduce event volume by merging related process events into fewer aggregate events. Default is true.',
'Reduce event volume by merging related process events into fewer aggregate events. <=8.17 default: false, >=8.18 default: true',
}
),
},
Expand Down Expand Up @@ -2187,7 +2187,7 @@ export const AdvancedPolicySchema: AdvancedPolicySchemaType[] = [
'xpack.securitySolution.endpoint.policy.advanced.windows.advanced.alerts.hash.md5',
{
defaultMessage:
'Compute and include MD5 hashes in alerts? This will increase CPU usage and alert sizes. If any user exceptionlist, trustlist, or blocklists reference this hash type, Endpoint will ignore this setting and automatically enable this hash type. Default: false',
'Compute and include MD5 hashes for processes and libraries in alerts? This will increase CPU usage and alert sizes. If any user exceptionlist, trustlist, or blocklists reference this hash type, Endpoint will ignore this setting and automatically enable this hash type. <=8.17 default: true, >=8.18 default: false',
}
),
},
Expand All @@ -2198,7 +2198,7 @@ export const AdvancedPolicySchema: AdvancedPolicySchemaType[] = [
'xpack.securitySolution.endpoint.policy.advanced.windows.advanced.alerts.hash.sha1',
{
defaultMessage:
'Compute and include SHA-1 hashes in alerts? This will increase CPU usage and alert sizes. If any user exceptionlist, trustlist, or blocklists reference this hash type, Endpoint will ignore this setting and automatically enable this hash type. Default: false',
'Compute and include SHA-1 hashes for processes and libraries in alerts? This will increase CPU usage and alert sizes. If any user exceptionlist, trustlist, or blocklists reference this hash type, Endpoint will ignore this setting and automatically enable this hash type. <=8.17 default: true, >=8.18 default: false',
}
),
},
Expand All @@ -2209,7 +2209,7 @@ export const AdvancedPolicySchema: AdvancedPolicySchemaType[] = [
'xpack.securitySolution.endpoint.policy.advanced.windows.advanced.events.hash.md5',
{
defaultMessage:
'Compute and include MD5 hashes for processes and libraries in events? This will increase CPU usage and event sizes. Default: false',
'Compute and include MD5 hashes for processes and libraries in events? This will increase CPU usage and event sizes. If any user event filter or trustlists reference this hash type, Endpoint will ignore this setting and automatically enable this hash type. <=8.17 default: true, >=8.18 default: false',
}
),
},
Expand All @@ -2220,7 +2220,7 @@ export const AdvancedPolicySchema: AdvancedPolicySchemaType[] = [
'xpack.securitySolution.endpoint.policy.advanced.windows.advanced.events.hash.sha1',
{
defaultMessage:
'Compute and include SHA-1 hashes for processes and libraries in events? This will increase CPU usage and event sizes. Default: false',
'Compute and include SHA-1 hashes for processes and libraries in events? This will increase CPU usage and event sizes. If any user event filter or trustlists reference this hash type, Endpoint will ignore this setting and automatically enable this hash type. <=8.17 default: true, >=8.18 default: false',
}
),
},
Expand All @@ -2231,7 +2231,7 @@ export const AdvancedPolicySchema: AdvancedPolicySchemaType[] = [
'xpack.securitySolution.endpoint.policy.advanced.windows.advanced.events.hash.sha256',
{
defaultMessage:
'Compute and include SHA-256 hashes for processes and libraries in events? This will increase CPU usage and event sizes. Default: true',
'Compute and include SHA-256 hashes for processes and libraries in events? This will increase CPU usage and event sizes. If any user event filter or trustlists reference this hash type, Endpoint will ignore this setting and automatically enable this hash type. Default: true',
}
),
},
Expand All @@ -2242,7 +2242,7 @@ export const AdvancedPolicySchema: AdvancedPolicySchemaType[] = [
'xpack.securitySolution.endpoint.policy.advanced.linux.advanced.alerts.hash.md5',
{
defaultMessage:
'Compute and include MD5 hashes in alerts? This will increase CPU usage and alert sizes. If any user exceptionlist, trustlist, or blocklists reference this hash type, Endpoint will ignore this setting and automatically enable this hash type. Default: false',
'Compute and include MD5 hashes for processes and libraries in alerts? This will increase CPU usage and alert sizes. If any user exceptionlist, trustlist, or blocklists reference this hash type, Endpoint will ignore this setting and automatically enable this hash type. <=8.17 default: true, >=8.18 default: false',
}
),
},
Expand All @@ -2253,7 +2253,7 @@ export const AdvancedPolicySchema: AdvancedPolicySchemaType[] = [
'xpack.securitySolution.endpoint.policy.advanced.linux.advanced.alerts.hash.sha1',
{
defaultMessage:
'Compute and include SHA-1 hashes in alerts? This will increase CPU usage and alert sizes. If any user exceptionlist, trustlist, or blocklists reference this hash type, Endpoint will ignore this setting and automatically enable this hash type. Default: false',
'Compute and include SHA-1 hashes for processes and libraries in alerts? This will increase CPU usage and alert sizes. If any user exceptionlist, trustlist, or blocklists reference this hash type, Endpoint will ignore this setting and automatically enable this hash type. <=8.17 default: true, >=8.18 default: false',
}
),
},
Expand All @@ -2264,7 +2264,7 @@ export const AdvancedPolicySchema: AdvancedPolicySchemaType[] = [
'xpack.securitySolution.endpoint.policy.advanced.linux.advanced.events.hash.md5',
{
defaultMessage:
'Compute and include MD5 hashes for processes and libraries in events? This will increase CPU usage and event sizes. Default: false',
'Compute and include MD5 hashes for processes and libraries in events? This will increase CPU usage and event sizes. If any user event filter or trustlists reference this hash type, Endpoint will ignore this setting and automatically enable this hash type. <=8.17 default: true, >=8.18 default: false',
}
),
},
Expand All @@ -2275,7 +2275,7 @@ export const AdvancedPolicySchema: AdvancedPolicySchemaType[] = [
'xpack.securitySolution.endpoint.policy.advanced.linux.advanced.events.hash.sha1',
{
defaultMessage:
'Compute and include SHA-1 hashes for processes and libraries in events? This will increase CPU usage and event sizes. Default: false',
'Compute and include SHA-1 hashes for processes and libraries in events? This will increase CPU usage and event sizes. If any user event filter or trustlists reference this hash type, Endpoint will ignore this setting and automatically enable this hash type. <=8.17 default: true, >=8.18 default: false',
}
),
},
Expand All @@ -2286,7 +2286,7 @@ export const AdvancedPolicySchema: AdvancedPolicySchemaType[] = [
'xpack.securitySolution.endpoint.policy.advanced.linux.advanced.events.hash.sha256',
{
defaultMessage:
'Compute and include SHA-256 hashes for processes and libraries in events? This will increase CPU usage and event sizes. Default: true',
'Compute and include SHA-256 hashes for processes and libraries in events? This will increase CPU usage and event sizes. If any user event filter or trustlists reference this hash type, Endpoint will ignore this setting and automatically enable this hash type. Default: true',
}
),
},
Expand All @@ -2297,7 +2297,7 @@ export const AdvancedPolicySchema: AdvancedPolicySchemaType[] = [
'xpack.securitySolution.endpoint.policy.advanced.mac.advanced.alerts.hash.md5',
{
defaultMessage:
'Compute and include MD5 hashes in alerts? This will increase CPU usage and alert sizes. If any user exceptionlist, trustlist, or blocklists reference this hash type, Endpoint will ignore this setting and automatically enable this hash type. Default: false',
'Compute and include MD5 hashes for processes and libraries in alerts? This will increase CPU usage and alert sizes. If any user exceptionlist, trustlist, or blocklists reference this hash type, Endpoint will ignore this setting and automatically enable this hash type. <=8.17 default: true, >=8.18 default: false',
}
),
},
Expand All @@ -2308,7 +2308,7 @@ export const AdvancedPolicySchema: AdvancedPolicySchemaType[] = [
'xpack.securitySolution.endpoint.policy.advanced.mac.advanced.alerts.hash.sha1',
{
defaultMessage:
'Compute and include SHA-1 hashes in alerts? This will increase CPU usage and alert sizes. If any user exceptionlist, trustlist, or blocklists reference this hash type, Endpoint will ignore this setting and automatically enable this hash type. Default: false',
'Compute and include SHA-1 hashes for processes and libraries in alerts? This will increase CPU usage and alert sizes. If any user exceptionlist, trustlist, or blocklists reference this hash type, Endpoint will ignore this setting and automatically enable this hash type. <=8.17 default: true, >=8.18 default: false',
}
),
},
Expand All @@ -2319,7 +2319,7 @@ export const AdvancedPolicySchema: AdvancedPolicySchemaType[] = [
'xpack.securitySolution.endpoint.policy.advanced.mac.advanced.events.hash.md5',
{
defaultMessage:
'Compute and include MD5 hashes for processes and libraries in events? This will increase CPU usage and event sizes. Default: false',
'Compute and include MD5 hashes for processes and libraries in events? This will increase CPU usage and event sizes. If any user event filter or trustlists reference this hash type, Endpoint will ignore this setting and automatically enable this hash type. <=8.17 default: true, >=8.18 default: false',
}
),
},
Expand All @@ -2330,7 +2330,7 @@ export const AdvancedPolicySchema: AdvancedPolicySchemaType[] = [
'xpack.securitySolution.endpoint.policy.advanced.mac.advanced.events.hash.sha1',
{
defaultMessage:
'Compute and include SHA-1 hashes for processes and libraries in events? This will increase CPU usage and event sizes. Default: false',
'Compute and include SHA-1 hashes for processes and libraries in events? This will increase CPU usage and event sizes. If any user event filter or trustlists reference this hash type, Endpoint will ignore this setting and automatically enable this hash type. <=8.17 default: true, >=8.18 default: false',
}
),
},
Expand All @@ -2341,7 +2341,7 @@ export const AdvancedPolicySchema: AdvancedPolicySchemaType[] = [
'xpack.securitySolution.endpoint.policy.advanced.mac.advanced.events.hash.sha256',
{
defaultMessage:
'Compute and include SHA-256 hashes for processes and libraries in events? This will increase CPU usage and event sizes. Default: true',
'Compute and include SHA-256 hashes for processes and libraries in events? This will increase CPU usage and event sizes. If any user event filter or trustlists reference this hash type, Endpoint will ignore this setting and automatically enable this hash type. Default: true',
}
),
},
Expand All @@ -2352,7 +2352,7 @@ export const AdvancedPolicySchema: AdvancedPolicySchemaType[] = [
'xpack.securitySolution.endpoint.policy.advanced.windows.advanced.set_extended_host_information',
{
defaultMessage:
'Include more details about hosts in events? Set to false to receive only id, name and os. Setting to true will increase event size. Default: false',
'Include more details about hosts in events? Set to false to receive only id, name and os. Setting to true will increase event size. <=8.17 default: true, >=8.18 default: false',
}
),
},
Expand All @@ -2363,7 +2363,7 @@ export const AdvancedPolicySchema: AdvancedPolicySchemaType[] = [
'xpack.securitySolution.endpoint.policy.advanced.mac.advanced.set_extended_host_information',
{
defaultMessage:
'Include more details about hosts in events? Set to false to receive only id, name and os. Setting to true will increase event size. Default: false',
'Include more details about hosts in events? Set to false to receive only id, name and os. Setting to true will increase event size. <=8.17 default: true, >=8.18 default: false',
}
),
},
Expand All @@ -2374,7 +2374,7 @@ export const AdvancedPolicySchema: AdvancedPolicySchemaType[] = [
'xpack.securitySolution.endpoint.policy.advanced.linux.advanced.set_extended_host_information',
{
defaultMessage:
'Include more details about hosts in events? Set to false to receive only id, name and os. Setting to true will increase event size. Default: false',
'Include more details about hosts in events? Set to false to receive only id, name and os. Setting to true will increase event size. <=8.17 default: true, >=8.18 default: false',
}
),
},
Expand Down