[EDR Workflows][Device Control] Trusted Devices components #229921

szwarckonrad · 2025-07-30T08:09:39Z

Prerequisite #228958
Followup #230174

Device Control — Trusted Devices (UI only)

This is the next PR in the Device Control series and focuses on the UI for Trusted Devices.

What’s included

New Trusted Devices section under Management and a “Trusted devices” tab in policy settings.
Lists API now accepts the trusted_device list type (read-only for now).
Feature flag and RBAC/PLI visibility wired up.

What’s missing

Artifact CRUD ops; the form is stubbed and will be completed in the next PR.

Heads-up
All texts and icons are placeholders while we wait for final assets. That shouldn’t block this PR - we’ll merge with the feature flag disabled.

See the attached screenshots for how it behaves in various states.

ESS Feature Flag Disabled 📸

ESS Platinum Feature Flag Enabled 📸

Serverless Complete Feature Flag Enabled 📸

Serverless Complete Feature Flag Disabled 📸

Serverless Essentials Feature Flag Enabled 📸

…/kibana into device-control-rbac

…enterprise tier

… cases

elasticmachine · 2025-08-05T11:01:23Z

Pinging @elastic/security-defend-workflows (Team:Defend Workflows)

Follow up elastic#229921 This PR adds support for Trusted Devices management in Endpoint policy settings, introducing new UI and backend capabilities gated by license and product feature checks. Final card <img width="1236" height="470" alt="Screenshot 2025-08-01 at 13 01 16" src="https://github.com/user-attachments/assets/d1e14488-507f-4569-bf13-208c10b06196" /> <img width="1652" height="1288" alt="Screenshot 2025-07-30 at 11 42 55" src="https://github.com/user-attachments/assets/e3d6289e-c796-4d23-9cc8-5e3bbc1d8000" /> #### Key Features - **Trusted Devices Privilege:** Users can be assigned a "Trusted Devices" privilege, granting access to the Device Control panel within policy settings. <details><summary>:camera: Screenshots</summary><img width="1423" height="1342" alt="Screenshot 2025-07-28 at 09 49 50" src="https://github.com/user-attachments/assets/f115e31b-6e09-4f04-bf86-ccc77643a408" /></details> - **Product Feature Flag:** Adds the `endpointTrustedDevice` product feature, available as part of the Endpoint Complete Serverless PLI. - **Device Control Section:** Policies now include a Device Control section, allowing users to enable/disable the feature and set the required protection level. - **Feature Flag Coverage:** All UI and backend flows are orchestrated by a dedicated feature flag to ensure consistent enablement and rollout. #### Supported Scenarios - **Exitsting Policy:** When upgrading to this version, existing endpoint policies will display the Device Control section (disabled by default). <details><summary>:camera: Screenshots</summary><img width="1331" height="1194" alt="Screenshot 2025-07-28 at 09 44 11" src="https://github.com/user-attachments/assets/164efc19-bc48-4657-8989-09764556c2f1" /></details> - **New Policy Creation:** New policies have Device Control enabled and set to "Block all" by default. <details><summary>:camera: Screenshots</summary><img width="1364" height="1275" alt="Screenshot 2025-07-28 at 09 44 21" src="https://github.com/user-attachments/assets/299b3f77-0ee4-4921-bd26-f6ad334c4583" /></details> - **Serverless Upsell:** On Serverless, users without Endpoint Complete tier see an upsell component in place of Device Control. <details><summary>:camera: Screenshots</summary><img width="2555" height="1241" alt="Screenshot 2025-07-25 at 21 54 33" src="https://github.com/user-attachments/assets/4137e6bf-8b91-44a2-92c1-927620935d4e" /></details> - **ESS Upsell:** On ESS, users without an Enterprise license see an upsell component instead of Device Control. <details><summary>:camera: Screenshots</summary><img width="1412" height="1168" alt="Screenshot 2025-07-28 at 09 47 20" src="https://github.com/user-attachments/assets/58fe310e-ae77-4dfc-b72d-ce2d6d3cf948" /></details> - **API Enforcement:** All API endpoints for policy creation/modification are gated with PLI and license checks to prevent unauthorized use of Device Control. - **Compliance Task:** A background task checks all policies for compliance with enabled features. Device Control is automatically disabled on non-compliant policies.

…ences

natasha-moore-elastic

Approving for Docs.

*Didn't review UI copy at this stage since, per description, "All texts and icons are placeholders "

semd

Threat Hunting code LGTM

jkelas

From the perspective of Rules Management team the code LGTM.
I checked that with the FF the mentioned UI changes are visible correctly.
I am approving.

paul-tavares

Left a few minor comments - nothing that should prevent the PR from being merged. Looks good overall.

x-pack/solutions/security/packages/navigation/src/navigation_tree/assets_navigation_tree.ts

x-pack/solutions/security/plugins/security_solution/public/management/links.ts

...ger_integration/endpoint_policy_edit_extension/components/endpoint_policy_artifact_cards.tsx

...lutions/security/plugins/security_solution/public/management/pages/trusted_apps/constants.ts

…edDevices"

gergoabraham

looks and works great! checked with read/write/none privileges on ess, with classic and with security solution view (which is the same as on serverless), and no issues found

nice work! 🚀

...urity/plugins/security_solution/public/management/pages/trusted_devices/view/translations.ts

..._manager_integration/endpoint_package_custom_extension/endpoint_package_custom_extension.tsx

js-jankisalvi

Snapshot update of x-pack/platform/plugins/shared/alerting/server/integration_tests/__snapshots__/serverless_upgrade_and_rollback_checks.test.ts.snap looks good 👍

elasticmachine · 2025-08-07T20:32:21Z

💛 Build succeeded, but was flaky

Buildkite Build
Commit: 04862c0

Failed CI Steps

Serverless Rule Management - Prebuilt Rules - Security Solution Cypress Tests #1

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id	before	after	diff
`securitySolution`	7868	7875	+7

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
`aiAssistantManagementSelection`	78.1KB	78.2KB	+83.0B
`lists`	125.3KB	125.6KB	+313.0B
`securitySolution`	10.3MB	10.4MB	+16.9KB
total			+17.3KB

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id	before	after	diff
`core`	499.9KB	500.0KB	+83.0B
`elasticAssistant`	273.7KB	273.8KB	+35.0B
`securitySolution`	94.5KB	94.6KB	+73.0B
`securitySolutionEss`	30.7KB	30.7KB	+86.0B
`securitySolutionServerless`	44.5KB	44.6KB	+93.0B
total			+370.0B

Unknown metric groups

References to deprecated APIs

id	before	after	diff
`securitySolution`	354	348	-6

History

💔 Build #327652 failed 5bd3495
💔 Build #327538 failed efb0f1d
💔 Build #327357 failed 099f6df
💚 Build #326414 succeeded 2629125
💔 Build #326369 failed ad6858c

cc @szwarckonrad

Follow up elastic#229921 This PR adds support for Trusted Devices management in Endpoint policy settings, introducing new UI and backend capabilities gated by license and product feature checks. Final card <img width="1236" height="470" alt="Screenshot 2025-08-01 at 13 01 16" src="https://github.com/user-attachments/assets/d1e14488-507f-4569-bf13-208c10b06196" /> <img width="1652" height="1288" alt="Screenshot 2025-07-30 at 11 42 55" src="https://github.com/user-attachments/assets/e3d6289e-c796-4d23-9cc8-5e3bbc1d8000" /> #### Key Features - **Trusted Devices Privilege:** Users can be assigned a "Trusted Devices" privilege, granting access to the Device Control panel within policy settings. <details><summary>:camera: Screenshots</summary><img width="1423" height="1342" alt="Screenshot 2025-07-28 at 09 49 50" src="https://github.com/user-attachments/assets/f115e31b-6e09-4f04-bf86-ccc77643a408" /></details> - **Product Feature Flag:** Adds the `endpointTrustedDevice` product feature, available as part of the Endpoint Complete Serverless PLI. - **Device Control Section:** Policies now include a Device Control section, allowing users to enable/disable the feature and set the required protection level. - **Feature Flag Coverage:** All UI and backend flows are orchestrated by a dedicated feature flag to ensure consistent enablement and rollout. #### Supported Scenarios - **Exitsting Policy:** When upgrading to this version, existing endpoint policies will display the Device Control section (disabled by default). <details><summary>:camera: Screenshots</summary><img width="1331" height="1194" alt="Screenshot 2025-07-28 at 09 44 11" src="https://github.com/user-attachments/assets/164efc19-bc48-4657-8989-09764556c2f1" /></details> - **New Policy Creation:** New policies have Device Control enabled and set to "Block all" by default. <details><summary>:camera: Screenshots</summary><img width="1364" height="1275" alt="Screenshot 2025-07-28 at 09 44 21" src="https://github.com/user-attachments/assets/299b3f77-0ee4-4921-bd26-f6ad334c4583" /></details> - **Serverless Upsell:** On Serverless, users without Endpoint Complete tier see an upsell component in place of Device Control. <details><summary>:camera: Screenshots</summary><img width="2555" height="1241" alt="Screenshot 2025-07-25 at 21 54 33" src="https://github.com/user-attachments/assets/4137e6bf-8b91-44a2-92c1-927620935d4e" /></details> - **ESS Upsell:** On ESS, users without an Enterprise license see an upsell component instead of Device Control. <details><summary>:camera: Screenshots</summary><img width="1412" height="1168" alt="Screenshot 2025-07-28 at 09 47 20" src="https://github.com/user-attachments/assets/58fe310e-ae77-4dfc-b72d-ce2d6d3cf948" /></details> - **API Enforcement:** All API endpoints for policy creation/modification are gated with PLI and license checks to prevent unauthorized use of Device Control. - **Compliance Task:** A background task checks all policies for compliance with enabled features. Device Control is automatically disabled on non-compliant policies.

…29921) Prerequisite elastic#228958 Followup elastic#230174 ### Device Control — Trusted Devices (UI only) This is the next PR in the Device Control series and focuses on the UI for **Trusted Devices**. **What’s included** - New **Trusted Devices** section under **Management** and a “Trusted devices” tab in policy settings. - Lists API now accepts the `trusted_device` list type (read-only for now). - Feature flag and RBAC/PLI visibility wired up. **What’s missing** - Artifact CRUD ops; the form is stubbed and will be completed in the next PR. **Heads-up** All texts and icons are placeholders while we wait for final assets. That shouldn’t block this PR - we’ll merge with the feature flag disabled. See the attached screenshots for how it behaves in various states. <img width="1405" height="967" alt="Screenshot 2025-07-29 at 13 57 46" src="https://github.com/user-attachments/assets/2c3a3951-5410-44cf-b533-2865a342eb13" /> <img width="1402" height="1124" alt="Screenshot 2025-07-29 at 13 57 59" src="https://github.com/user-attachments/assets/796bc42e-7a40-4306-a6c2-73cb850329aa" /> <img width="1419" height="1142" alt="Screenshot 2025-07-29 at 13 58 06" src="https://github.com/user-attachments/assets/8289d165-8a66-4b12-b554-8dc38b7022c8" /> <img width="1407" height="887" alt="Screenshot 2025-07-29 at 16 51 25" src="https://github.com/user-attachments/assets/39e0543f-d0bc-4698-a169-e6dc54c8c934" /> <img width="1420" height="1181" alt="Screenshot 2025-07-30 at 09 20 46" src="https://github.com/user-attachments/assets/f82b8551-6ada-4ac7-980a-f56daf4f22df" /> <img width="1396" height="1216" alt="Screenshot 2025-07-30 at 09 21 02" src="https://github.com/user-attachments/assets/fb0a1cd2-2e8b-417a-800c-b02926dfe79f" /> <details><summary>ESS Feature Flag Disabled 📸 </summary> <img width="1424" height="880" alt="Screenshot 2025-07-30 at 09 35 27" src="https://github.com/user-attachments/assets/c7b517ed-367f-4783-ad28-5089e7e59341" /> <img width="1399" height="992" alt="Screenshot 2025-07-30 at 09 35 58" src="https://github.com/user-attachments/assets/227944d1-121c-443c-bd54-6b731476cfe1" /> <img width="1412" height="853" alt="Screenshot 2025-07-30 at 09 36 14" src="https://github.com/user-attachments/assets/de37e0af-a9e2-45c7-bb8e-736ecca8c473" /> <img width="1418" height="975" alt="Screenshot 2025-07-30 at 09 36 38" src="https://github.com/user-attachments/assets/9bff9aeb-4cdf-4d33-80a7-4fb765c1e38a" /> <img width="1373" height="1069" alt="Screenshot 2025-07-30 at 09 37 01" src="https://github.com/user-attachments/assets/010a45f9-67ef-439b-a413-8d5c69aa2622" /> <img width="1407" height="826" alt="Screenshot 2025-07-30 at 09 37 16" src="https://github.com/user-attachments/assets/a889f4f9-b4cd-4803-b176-addbd081b161" /> <img width="1405" height="955" alt="Screenshot 2025-07-30 at 09 37 28" src="https://github.com/user-attachments/assets/0f5fee8a-79ee-4b74-9975-013ee13ca0f8" /> </details> <details><summary>ESS Platinum Feature Flag Enabled 📸 </summary> <img width="1427" height="968" alt="Screenshot 2025-07-30 at 09 41 05" src="https://github.com/user-attachments/assets/2bccb7a7-2931-413f-bfae-9d9e7a439236" /> <img width="1413" height="885" alt="Screenshot 2025-07-30 at 09 41 57" src="https://github.com/user-attachments/assets/dd72c88f-ddc1-4b85-9732-fde5877d976f" /> <img width="1338" height="893" alt="Screenshot 2025-07-30 at 09 42 13" src="https://github.com/user-attachments/assets/90e52017-d7b0-48e2-8e4d-1972a1addbe8" /> <img width="1402" height="1377" alt="Screenshot 2025-07-30 at 09 42 26" src="https://github.com/user-attachments/assets/4623dfdd-40e3-471c-b993-c52bcba05ca9" /> <img width="1413" height="1375" alt="Screenshot 2025-07-30 at 09 42 38" src="https://github.com/user-attachments/assets/6deba224-85d2-4356-adc7-59dc9b951d46" /> <img width="1411" height="1379" alt="Screenshot 2025-07-30 at 09 42 49" src="https://github.com/user-attachments/assets/dabb63b4-840d-47f2-82bb-509656723ba4" /> <img width="1415" height="934" alt="Screenshot 2025-07-30 at 09 44 25" src="https://github.com/user-attachments/assets/bc8d59bb-698a-463d-b5e9-d803ddf7310a" /> </details> <details><summary>Serverless Complete Feature Flag Enabled 📸 </summary> <img width="1408" height="940" alt="Screenshot 2025-07-30 at 09 48 37" src="https://github.com/user-attachments/assets/df052087-16cd-4514-bad0-6d426d2d40fe" /> </details> <details><summary>Serverless Complete Feature Flag Disabled 📸 </summary> <img width="1419" height="1175" alt="Screenshot 2025-07-30 at 09 57 31" src="https://github.com/user-attachments/assets/7da1e6f9-c34d-4785-b474-978a1b8054c6" /> </details> <details><summary>Serverless Essentials Feature Flag Enabled 📸 </summary> <img width="1423" height="1090" alt="Screenshot 2025-07-30 at 10 03 09" src="https://github.com/user-attachments/assets/7ec19cee-5665-48b8-b17e-517f19b319fe" /> <img width="1418" height="1092" alt="Screenshot 2025-07-30 at 10 03 45" src="https://github.com/user-attachments/assets/05a021fb-c258-48dc-84bb-d02b3a435911" /> <img width="1418" height="883" alt="Screenshot 2025-07-30 at 10 04 15" src="https://github.com/user-attachments/assets/732ef702-7407-47d0-b8fa-4937b4c6c1cb" /> <img width="1412" height="1026" alt="Screenshot 2025-07-30 at 10 04 51" src="https://github.com/user-attachments/assets/f263892d-4d0b-4993-a65f-730400b57c0a" /> <img width="1418" height="811" alt="Screenshot 2025-07-30 at 10 04 58" src="https://github.com/user-attachments/assets/53336a3d-1b04-41a6-b94e-4ac5e9d6810c" /> <img width="1406" height="1378" alt="Screenshot 2025-07-30 at 10 05 19" src="https://github.com/user-attachments/assets/52e822e6-4c74-46ee-9b45-1552659c2671" /> <img width="1425" height="1007" alt="Screenshot 2025-07-30 at 10 05 36" src="https://github.com/user-attachments/assets/56a0db6f-f295-457f-82bf-1637f4ea85cb" /> </details> --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>

Prerequisite #229921 Followup #231167 This PR introduces the Trusted Devices functionality. With these changes, users can: 1. Create Trusted Devices using filters and matching patterns 2. Update existing Trusted Devices 3. Delete Trusted Devices 4. Assign a Trusted Device either globally or to specific policies All functionality is gated behind a feature flag. **Note:** The next PR will introduce artifact creation for Trusted Devices. These artifacts will be consumed by the Endpoint. <img width="1590" height="902" alt="Screenshot 2025-08-08 at 16 19 25" src="https://github.com/user-attachments/assets/e2c0c3e7-e324-49b3-a79a-0e89c232727a" /> <img width="1589" height="932" alt="Screenshot 2025-08-08 at 16 21 28" src="https://github.com/user-attachments/assets/7d508aca-f8dc-40fb-8f45-cac548869960" /> <details><summary>More screenshots</summary> <img width="1591" height="930" alt="Screenshot 2025-08-08 at 16 24 48" src="https://github.com/user-attachments/assets/07bfab25-68ed-4de3-8b8e-7d657d4b5fe3" /> <img width="1563" height="862" alt="Screenshot 2025-08-08 at 16 25 08" src="https://github.com/user-attachments/assets/a4170927-dcb4-4d9a-9327-e26098851532" /> <img width="1589" height="933" alt="Screenshot 2025-08-08 at 16 25 27" src="https://github.com/user-attachments/assets/b43862f3-23f2-48cc-80e8-a8a6f219cf48" /> <img width="731" height="813" alt="Screenshot 2025-08-08 at 16 26 12" src="https://github.com/user-attachments/assets/65334d91-c4e2-4868-924d-e202793dd38d" /> <img width="1309" height="750" alt="Screenshot 2025-08-08 at 16 26 44" src="https://github.com/user-attachments/assets/43e7ae73-f3cb-49ce-a499-7a7587c249c2" /> </details> --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>

…29921) Prerequisite elastic#228958 Followup elastic#230174 ### Device Control — Trusted Devices (UI only) This is the next PR in the Device Control series and focuses on the UI for **Trusted Devices**. **What’s included** - New **Trusted Devices** section under **Management** and a “Trusted devices” tab in policy settings. - Lists API now accepts the `trusted_device` list type (read-only for now). - Feature flag and RBAC/PLI visibility wired up. **What’s missing** - Artifact CRUD ops; the form is stubbed and will be completed in the next PR. **Heads-up** All texts and icons are placeholders while we wait for final assets. That shouldn’t block this PR - we’ll merge with the feature flag disabled. See the attached screenshots for how it behaves in various states. <img width="1405" height="967" alt="Screenshot 2025-07-29 at 13 57 46" src="https://github.com/user-attachments/assets/2c3a3951-5410-44cf-b533-2865a342eb13" /> <img width="1402" height="1124" alt="Screenshot 2025-07-29 at 13 57 59" src="https://github.com/user-attachments/assets/796bc42e-7a40-4306-a6c2-73cb850329aa" /> <img width="1419" height="1142" alt="Screenshot 2025-07-29 at 13 58 06" src="https://github.com/user-attachments/assets/8289d165-8a66-4b12-b554-8dc38b7022c8" /> <img width="1407" height="887" alt="Screenshot 2025-07-29 at 16 51 25" src="https://github.com/user-attachments/assets/39e0543f-d0bc-4698-a169-e6dc54c8c934" /> <img width="1420" height="1181" alt="Screenshot 2025-07-30 at 09 20 46" src="https://github.com/user-attachments/assets/f82b8551-6ada-4ac7-980a-f56daf4f22df" /> <img width="1396" height="1216" alt="Screenshot 2025-07-30 at 09 21 02" src="https://github.com/user-attachments/assets/fb0a1cd2-2e8b-417a-800c-b02926dfe79f" /> <details><summary>ESS Feature Flag Disabled 📸 </summary> <img width="1424" height="880" alt="Screenshot 2025-07-30 at 09 35 27" src="https://github.com/user-attachments/assets/c7b517ed-367f-4783-ad28-5089e7e59341" /> <img width="1399" height="992" alt="Screenshot 2025-07-30 at 09 35 58" src="https://github.com/user-attachments/assets/227944d1-121c-443c-bd54-6b731476cfe1" /> <img width="1412" height="853" alt="Screenshot 2025-07-30 at 09 36 14" src="https://github.com/user-attachments/assets/de37e0af-a9e2-45c7-bb8e-736ecca8c473" /> <img width="1418" height="975" alt="Screenshot 2025-07-30 at 09 36 38" src="https://github.com/user-attachments/assets/9bff9aeb-4cdf-4d33-80a7-4fb765c1e38a" /> <img width="1373" height="1069" alt="Screenshot 2025-07-30 at 09 37 01" src="https://github.com/user-attachments/assets/010a45f9-67ef-439b-a413-8d5c69aa2622" /> <img width="1407" height="826" alt="Screenshot 2025-07-30 at 09 37 16" src="https://github.com/user-attachments/assets/a889f4f9-b4cd-4803-b176-addbd081b161" /> <img width="1405" height="955" alt="Screenshot 2025-07-30 at 09 37 28" src="https://github.com/user-attachments/assets/0f5fee8a-79ee-4b74-9975-013ee13ca0f8" /> </details> <details><summary>ESS Platinum Feature Flag Enabled 📸 </summary> <img width="1427" height="968" alt="Screenshot 2025-07-30 at 09 41 05" src="https://github.com/user-attachments/assets/2bccb7a7-2931-413f-bfae-9d9e7a439236" /> <img width="1413" height="885" alt="Screenshot 2025-07-30 at 09 41 57" src="https://github.com/user-attachments/assets/dd72c88f-ddc1-4b85-9732-fde5877d976f" /> <img width="1338" height="893" alt="Screenshot 2025-07-30 at 09 42 13" src="https://github.com/user-attachments/assets/90e52017-d7b0-48e2-8e4d-1972a1addbe8" /> <img width="1402" height="1377" alt="Screenshot 2025-07-30 at 09 42 26" src="https://github.com/user-attachments/assets/4623dfdd-40e3-471c-b993-c52bcba05ca9" /> <img width="1413" height="1375" alt="Screenshot 2025-07-30 at 09 42 38" src="https://github.com/user-attachments/assets/6deba224-85d2-4356-adc7-59dc9b951d46" /> <img width="1411" height="1379" alt="Screenshot 2025-07-30 at 09 42 49" src="https://github.com/user-attachments/assets/dabb63b4-840d-47f2-82bb-509656723ba4" /> <img width="1415" height="934" alt="Screenshot 2025-07-30 at 09 44 25" src="https://github.com/user-attachments/assets/bc8d59bb-698a-463d-b5e9-d803ddf7310a" /> </details> <details><summary>Serverless Complete Feature Flag Enabled 📸 </summary> <img width="1408" height="940" alt="Screenshot 2025-07-30 at 09 48 37" src="https://github.com/user-attachments/assets/df052087-16cd-4514-bad0-6d426d2d40fe" /> </details> <details><summary>Serverless Complete Feature Flag Disabled 📸 </summary> <img width="1419" height="1175" alt="Screenshot 2025-07-30 at 09 57 31" src="https://github.com/user-attachments/assets/7da1e6f9-c34d-4785-b474-978a1b8054c6" /> </details> <details><summary>Serverless Essentials Feature Flag Enabled 📸 </summary> <img width="1423" height="1090" alt="Screenshot 2025-07-30 at 10 03 09" src="https://github.com/user-attachments/assets/7ec19cee-5665-48b8-b17e-517f19b319fe" /> <img width="1418" height="1092" alt="Screenshot 2025-07-30 at 10 03 45" src="https://github.com/user-attachments/assets/05a021fb-c258-48dc-84bb-d02b3a435911" /> <img width="1418" height="883" alt="Screenshot 2025-07-30 at 10 04 15" src="https://github.com/user-attachments/assets/732ef702-7407-47d0-b8fa-4937b4c6c1cb" /> <img width="1412" height="1026" alt="Screenshot 2025-07-30 at 10 04 51" src="https://github.com/user-attachments/assets/f263892d-4d0b-4993-a65f-730400b57c0a" /> <img width="1418" height="811" alt="Screenshot 2025-07-30 at 10 04 58" src="https://github.com/user-attachments/assets/53336a3d-1b04-41a6-b94e-4ac5e9d6810c" /> <img width="1406" height="1378" alt="Screenshot 2025-07-30 at 10 05 19" src="https://github.com/user-attachments/assets/52e822e6-4c74-46ee-9b45-1552659c2671" /> <img width="1425" height="1007" alt="Screenshot 2025-07-30 at 10 05 36" src="https://github.com/user-attachments/assets/56a0db6f-f295-457f-82bf-1637f4ea85cb" /> </details> --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>

Prerequisite elastic#229921 Followup elastic#231167 This PR introduces the Trusted Devices functionality. With these changes, users can: 1. Create Trusted Devices using filters and matching patterns 2. Update existing Trusted Devices 3. Delete Trusted Devices 4. Assign a Trusted Device either globally or to specific policies All functionality is gated behind a feature flag. **Note:** The next PR will introduce artifact creation for Trusted Devices. These artifacts will be consumed by the Endpoint. <img width="1590" height="902" alt="Screenshot 2025-08-08 at 16 19 25" src="https://github.com/user-attachments/assets/e2c0c3e7-e324-49b3-a79a-0e89c232727a" /> <img width="1589" height="932" alt="Screenshot 2025-08-08 at 16 21 28" src="https://github.com/user-attachments/assets/7d508aca-f8dc-40fb-8f45-cac548869960" /> <details><summary>More screenshots</summary> <img width="1591" height="930" alt="Screenshot 2025-08-08 at 16 24 48" src="https://github.com/user-attachments/assets/07bfab25-68ed-4de3-8b8e-7d657d4b5fe3" /> <img width="1563" height="862" alt="Screenshot 2025-08-08 at 16 25 08" src="https://github.com/user-attachments/assets/a4170927-dcb4-4d9a-9327-e26098851532" /> <img width="1589" height="933" alt="Screenshot 2025-08-08 at 16 25 27" src="https://github.com/user-attachments/assets/b43862f3-23f2-48cc-80e8-a8a6f219cf48" /> <img width="731" height="813" alt="Screenshot 2025-08-08 at 16 26 12" src="https://github.com/user-attachments/assets/65334d91-c4e2-4868-924d-e202793dd38d" /> <img width="1309" height="750" alt="Screenshot 2025-08-08 at 16 26 44" src="https://github.com/user-attachments/assets/43e7ae73-f3cb-49ce-a499-7a7587c249c2" /> </details> --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>

szwarckonrad added 23 commits July 22, 2025 13:02

feat: add trusted devices feature flag and role

4d405a0

feat: add dedicated product feature key for Trusted Devices management

254e119

Merge branch 'main' into device-control-rbac

f1206c1

Merge branch 'main' into device-control-rbac

b4a07ca

Merge branch 'device-control-rbac' of https://github.com/szwarckonrad…

b187040

…/kibana into device-control-rbac

Merge branch 'main' into device-control-rbac

168132c

feat: add USB device protection card with enterprise license check

298cffc

refactor: rename and update Device Control card component

b231c5f

Merge branch 'main' into device-control-rbac

fabb491

Merge branch 'main' into device-control-rbac

0662df5

Merge branch 'main' into device-control-rbac

7c670d2

Merge branch 'refs/heads/main' into device-control-rbac

8a42e2c

feat: add device control settings to endpoint security policy

a7a112f

feat: add device control settings to endpoint policy configuration

9420353

chore: remove legacy locked card upgrade message from translations

a4a8dea

Merge branch 'main' into device-control-rbac

8885331

feat: add device control license validation to endpoint policy config

35cf852

Merge branch 'main' into device-control-rbac

d6decda

Merge branch 'main' into device-control-rbac

6708c91

feat: add device control popup settings and update license checks to …

d0118aa

…enterprise tier

Merge branch 'main' into device-control-rbac

9ac0f77

feat: add trusted devices management functionality

7d0f505

Merge branch 'main' into device-control-manage

b94b6ca

szwarckonrad changed the title ~~feat: add trusted devices management functionality~~ [EDR Workflows][Device Control] Trusted Devices components Jul 30, 2025

szwarckonrad self-assigned this Jul 30, 2025

Merge branch 'main' into device-control-rbac

9b21efe

szwarckonrad mentioned this pull request Jul 30, 2025

[EDR Workflows][Device Control] Policy configuration #228958

Merged

szwarckonrad added 2 commits July 30, 2025 11:43

feat: add execute only access level to device control and update test…

9988f8a

… cases

Merge branch 'main' into device-control-rbac

5ba098d

szwarckonrad added the release_note:skip Skip the PR/issue when compiling release notes label Jul 30, 2025

szwarckonrad requested review from a team as code owners August 5, 2025 11:01

szwarckonrad requested review from jkelas and nkhristinin August 5, 2025 11:01

szwarckonrad added 2 commits August 6, 2025 09:51

Remove unused createEndpointTrustedDevicesList function and its refer…

5786b57

…ences

Merge branch 'main' into device-control-manage

41a7afc

natasha-moore-elastic approved these changes Aug 6, 2025

View reviewed changes

semd approved these changes Aug 6, 2025

View reviewed changes

jkelas approved these changes Aug 6, 2025

View reviewed changes

paul-tavares approved these changes Aug 6, 2025

View reviewed changes

szwarckonrad added 2 commits August 7, 2025 09:46

Merge branch 'main' into device-control-manage

fa311fd

Update data-test-subj attribute in TrustedDevicesPolicyCard to "trust…

099f6df

…edDevices"

nkhristinin approved these changes Aug 7, 2025

View reviewed changes

gergoabraham approved these changes Aug 7, 2025

View reviewed changes

...urity/plugins/security_solution/public/management/pages/trusted_devices/view/translations.ts Show resolved Hide resolved

..._manager_integration/endpoint_package_custom_extension/endpoint_package_custom_extension.tsx Show resolved Hide resolved

Merge branch 'main' into device-control-manage

efb0f1d

js-jankisalvi approved these changes Aug 7, 2025

View reviewed changes

szwarckonrad added 2 commits August 7, 2025 18:47

Merge branch 'main' into device-control-manage

5bd3495

Merge branch 'main' into device-control-manage

04862c0

szwarckonrad merged commit cd7bf92 into elastic:main Aug 8, 2025
12 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[EDR Workflows][Device Control] Trusted Devices components #229921

[EDR Workflows][Device Control] Trusted Devices components #229921

Uh oh!

szwarckonrad commented Jul 30, 2025 •

edited

Loading

Uh oh!

elasticmachine commented Aug 5, 2025

Uh oh!

natasha-moore-elastic left a comment

Uh oh!

semd left a comment

Uh oh!

jkelas left a comment

Uh oh!

paul-tavares left a comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

gergoabraham left a comment

Uh oh!

Uh oh!

Uh oh!

js-jankisalvi left a comment

Uh oh!

elasticmachine commented Aug 7, 2025 •

edited

Loading

References to deprecated APIs

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

10 participants

[EDR Workflows][Device Control] Trusted Devices components #229921

[EDR Workflows][Device Control] Trusted Devices components #229921

Uh oh!

Conversation

szwarckonrad commented Jul 30, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Device Control — Trusted Devices (UI only)

Uh oh!

elasticmachine commented Aug 5, 2025

Uh oh!

natasha-moore-elastic left a comment

Choose a reason for hiding this comment

Uh oh!

semd left a comment

Choose a reason for hiding this comment

Uh oh!

jkelas left a comment

Choose a reason for hiding this comment

Uh oh!

paul-tavares left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

gergoabraham left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

js-jankisalvi left a comment

Choose a reason for hiding this comment

Uh oh!

elasticmachine commented Aug 7, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

💛 Build succeeded, but was flaky

Failed CI Steps

Metrics [docs]

Module Count

Async chunks

Page load bundle

References to deprecated APIs

History

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

10 participants

szwarckonrad commented Jul 30, 2025 •

edited

Loading

elasticmachine commented Aug 7, 2025 •

edited

Loading