From 47733406845ce2c3fb5edb56533925338c9ecd98 Mon Sep 17 00:00:00 2001 From: Gabriel Landau <42078554+gabriellandau@users.noreply.github.com> Date: Thu, 17 Apr 2025 15:00:15 -0400 Subject: [PATCH] Advanced policy opt-out for scan-on-event (#218354) ## Summary Allow users to opt out of scan-on-event to help troubleshoot and resolve performance issues. ## Release note {elastic-defend} users can now opt out of event-driven Memory Protection scanning via advanced policy. ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: Konrad Szwarc (cherry picked from commit 906c8978e7b0a2e9e503bc10a758d3b6a03f237d) --- .../policy/models/advanced_policy_schema.ts | 55 +++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/x-pack/solutions/security/plugins/security_solution/public/management/pages/policy/models/advanced_policy_schema.ts b/x-pack/solutions/security/plugins/security_solution/public/management/pages/policy/models/advanced_policy_schema.ts index 05f1fc7c59616..a198a2da2cdeb 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/management/pages/policy/models/advanced_policy_schema.ts +++ b/x-pack/solutions/security/plugins/security_solution/public/management/pages/policy/models/advanced_policy_schema.ts @@ -2367,4 +2367,59 @@ export const AdvancedPolicySchema: AdvancedPolicySchemaType[] = [ } ), }, + { + key: 'linux.advanced.memory_protection.scan_on_network_event', + first_supported_version: '8.17.6', + documentation: i18n.translate( + 'xpack.securitySolution.endpoint.policy.advanced.linux.advanced.memory_protection.scan_on_network_event', + { + defaultMessage: + 'Allow Memory Protection to perform memory scans in response to network activity. Default: true', + } + ), + }, + { + key: 'mac.advanced.memory_protection.scan_on_network_event', + first_supported_version: '8.17.6', + documentation: i18n.translate( + 'xpack.securitySolution.endpoint.policy.advanced.mac.advanced.memory_protection.scan_on_network_event', + { + defaultMessage: + 'Allow Memory Protection to perform memory scans in response to network activity. Default: true', + } + ), + }, + { + key: 'windows.advanced.memory_protection.scan_on_network_event', + first_supported_version: '8.17.6', + documentation: i18n.translate( + 'xpack.securitySolution.endpoint.policy.advanced.windows.advanced.memory_protection.scan_on_network_event', + { + defaultMessage: + 'Allow Memory Protection to perform memory scans in response to network activity. Default: true', + } + ), + }, + { + key: 'windows.advanced.memory_protection.scan_on_api_event', + first_supported_version: '8.17.6', + documentation: i18n.translate( + 'xpack.securitySolution.endpoint.policy.advanced.windows.advanced.memory_protection.scan_on_api_event', + { + defaultMessage: + 'Allow Memory Protection to perform memory scans in response to API events. Default: true', + } + ), + }, + { + key: 'windows.advanced.memory_protection.scan_on_image_load_event', + first_supported_version: '8.17.6', + documentation: i18n.translate( + 'xpack.securitySolution.endpoint.policy.advanced.windows.advanced.memory_protection.scan_on_image_load_event', + { + defaultMessage: + 'Allow Memory Protection to perform memory scans in response to image loads. Default: true', + } + ), + }, ];