Skip to content

[Security Solution][Endpoint][Admin] Malware user notification checkbox #78084

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 20 commits into from
Oct 21, 2020
Merged

[Security Solution][Endpoint][Admin] Malware user notification checkbox #78084

Show file tree
Hide file tree
Changes from 19 commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
4267f8c
basic user notification checkbox
parkiino Sep 21, 2020
72a4be0
Merge remote-tracking branch 'upstream/master' into task/malware-user…
parkiino Oct 1, 2020
c9af419
Merge remote-tracking branch 'upstream/master' into task/malware-user…
parkiino Oct 2, 2020
bc20a81
Merge remote-tracking branch 'upstream/master' into task/malware-user…
parkiino Oct 13, 2020
b9ce8c1
working migration, user notification tied to prevent or detect
parkiino Oct 13, 2020
f652794
fix existing jest test
parkiino Oct 13, 2020
6d5c35e
fixed existing functional test
parkiino Oct 13, 2020
1c1f11a
add mac migration
parkiino Oct 15, 2020
0cd6e0a
migration unit test
parkiino Oct 15, 2020
872fcf3
Merge remote-tracking branch 'upstream/master' into task/malware-user…
parkiino Oct 15, 2020
190ecac
add mac stuff
parkiino Oct 15, 2020
8bcd5b9
move migration from ingest manager to endpoint
parkiino Oct 15, 2020
c195a63
moving to common folder
parkiino Oct 19, 2020
dad57cc
didn't even push the actual changes...
parkiino Oct 19, 2020
32de69d
Merge remote-tracking branch 'upstream/master' into task/malware-user…
parkiino Oct 19, 2020
57b8993
migration works for sure now
parkiino Oct 19, 2020
a7add0d
completed ui
parkiino Oct 19, 2020
aee43b3
fix test
parkiino Oct 19, 2020
ee04d14
2nd migration test
parkiino Oct 20, 2020
6b1801c
add type to test variable
parkiino Oct 20, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions x-pack/plugins/ingest_manager/server/saved_objects/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@

import { SavedObjectsServiceSetup, SavedObjectsType } from 'kibana/server';
import { EncryptedSavedObjectsPluginSetup } from '../../../encrypted_saved_objects/server';
import { migratePackagePolicyToV7110 } from '../../../security_solution/common';
import {
OUTPUT_SAVED_OBJECT_TYPE,
AGENT_POLICY_SAVED_OBJECT_TYPE,
Expand Down Expand Up @@ -268,6 +269,7 @@ const getSavedObjectTypes = (
},
migrations: {
'7.10.0': migratePackagePolicyToV7100,
'7.11.0': migratePackagePolicyToV7110,
},
},
[PACKAGES_SAVED_OBJECT_TYPE]: {
Expand Down
12 changes: 12 additions & 0 deletions x-pack/plugins/security_solution/common/endpoint/models/policy_config.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,12 @@ export const factory = (): PolicyConfig => {
malware: {
mode: ProtectionModes.prevent,
},
popup: {
malware: {
message: '',
enabled: true,
},
},
logging: {
file: 'info',
},
Expand All @@ -37,6 +43,12 @@ export const factory = (): PolicyConfig => {
malware: {
mode: ProtectionModes.prevent,
},
popup: {
malware: {
message: '',
enabled: true,
},
},
logging: {
file: 'info',
},
Expand Down
168 changes: 168 additions & 0 deletions x-pack/plugins/security_solution/common/endpoint/policy/migrations/to_v7_11.0.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,168 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/

import { SavedObjectMigrationContext, SavedObjectUnsanitizedDoc } from 'kibana/server';
import { PackagePolicy } from '../../../../../ingest_manager/common';
import { migratePackagePolicyToV7110 } from './to_v7_11.0';

describe('7.11.0 Endpoint Package Policy migration', () => {
Copy link
Contributor

@jen-huang jen-huang Oct 20, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

could you add another test case that ensures package policies are not modified for non-endpoint package policies?

Copy link
Contributor Author

@parkiino parkiino Oct 20, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yesss will do!

const migration = migratePackagePolicyToV7110;
it('adds malware notification checkbox and optional message', () => {
const doc = {
Copy link
Contributor

@paul-tavares paul-tavares Oct 20, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe add a Type to doc? so that in the future the structure changes, we're reminded (error) to come revisit this.

attributes: {
name: 'Some Policy Name',
package: {
name: 'endpoint',
title: '',
version: '',
},
id: 'endpoint',
policy_id: '',
enabled: true,
namespace: '',
output_id: '',
revision: 0,
updated_at: '',
updated_by: '',
created_at: '',
created_by: '',
inputs: [
{
type: 'endpoint',
enabled: true,
streams: [],
config: {
policy: {
value: {
windows: {},
mac: {},
},
},
},
},
],
},
type: ' nested',
};

expect(
migration(doc, {} as SavedObjectMigrationContext) as SavedObjectUnsanitizedDoc<PackagePolicy>
).toEqual({
attributes: {
name: 'Some Policy Name',
package: {
name: 'endpoint',
title: '',
version: '',
},
id: 'endpoint',
policy_id: '',
enabled: true,
namespace: '',
output_id: '',
revision: 0,
updated_at: '',
updated_by: '',
created_at: '',
created_by: '',
inputs: [
{
type: 'endpoint',
enabled: true,
streams: [],
config: {
policy: {
value: {
windows: {
popup: {
malware: {
message: '',
enabled: false,
},
},
},
mac: {
popup: {
malware: {
message: '',
enabled: false,
},
},
},
},
},
},
},
],
},
type: ' nested',
});
});

it('does not modify non-endpoint package policies', () => {
const doc = {
attributes: {
name: 'Some Policy Name',
package: {
name: 'notEndpoint',
title: '',
version: '',
},
id: 'notEndpoint',
policy_id: '',
enabled: true,
namespace: '',
output_id: '',
revision: 0,
updated_at: '',
updated_by: '',
created_at: '',
created_by: '',
inputs: [
{
type: 'notEndpoint',
enabled: true,
streams: [],
config: {},
},
],
},
type: ' nested',
Copy link
Contributor

@jen-huang jen-huang Oct 20, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

small spacing typo here and on the rest of the type: lines in this file

};

expect(
migration(doc, {} as SavedObjectMigrationContext) as SavedObjectUnsanitizedDoc<PackagePolicy>
).toEqual({
attributes: {
name: 'Some Policy Name',
package: {
name: 'notEndpoint',
title: '',
version: '',
},
id: 'notEndpoint',
policy_id: '',
enabled: true,
namespace: '',
output_id: '',
revision: 0,
updated_at: '',
updated_by: '',
created_at: '',
created_by: '',
inputs: [
{
type: 'notEndpoint',
enabled: true,
streams: [],
config: {},
},
],
},
type: ' nested',
});
});
});
32 changes: 32 additions & 0 deletions x-pack/plugins/security_solution/common/endpoint/policy/migrations/to_v7_11.0.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/

import { SavedObjectMigrationFn, SavedObjectUnsanitizedDoc } from 'kibana/server';
import { cloneDeep } from 'lodash';
import { PackagePolicy } from '../../../../../ingest_manager/common';

export const migratePackagePolicyToV7110: SavedObjectMigrationFn<PackagePolicy, PackagePolicy> = (
Copy link
Contributor

@paul-tavares paul-tavares Oct 20, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is only used by server code correct?
perhaps it would be more appropriate to store it under ./server directory and have it exposed via ./server/index?

@nnamdifrankie what do you think? ⬆️

packagePolicyDoc
) => {
const updatedPackagePolicyDoc: SavedObjectUnsanitizedDoc<PackagePolicy> = cloneDeep(
packagePolicyDoc
);
if (packagePolicyDoc.attributes.package?.name === 'endpoint') {
const input = updatedPackagePolicyDoc.attributes.inputs[0];
const popup = {
malware: {
message: '',
enabled: false,
},
};
if (input && input.config) {
input.config.policy.value.windows.popup = popup;
input.config.policy.value.mac.popup = popup;
}
}

return updatedPackagePolicyDoc;
};
16 changes: 14 additions & 2 deletions x-pack/plugins/security_solution/common/endpoint/types/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -873,6 +873,12 @@ export interface PolicyConfig {
logging: {
file: string;
};
popup: {
malware: {
message: string;
enabled: boolean;
};
};
};
mac: {
events: {
Expand All @@ -881,6 +887,12 @@ export interface PolicyConfig {
network: boolean;
};
malware: MalwareFields;
popup: {
malware: {
message: string;
enabled: boolean;
};
};
logging: {
file: string;
};
Expand All @@ -904,11 +916,11 @@ export interface UIPolicyConfig {
/**
* Windows-specific policy configuration that is supported via the UI
*/
windows: Pick<PolicyConfig['windows'], 'events' | 'malware'>;
windows: Pick<PolicyConfig['windows'], 'events' | 'malware' | 'popup'>;
/**
* Mac-specific policy configuration that is supported via the UI
*/
mac: Pick<PolicyConfig['mac'], 'malware' | 'events'>;
mac: Pick<PolicyConfig['mac'], 'malware' | 'events' | 'popup'>;
/**
* Linux-specific policy configuration that is supported via the UI
*/
Expand Down
1 change: 1 addition & 0 deletions x-pack/plugins/security_solution/common/shared_exports.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,3 +16,4 @@ export { exactCheck } from './exact_check';
export { getPaths, foldLeftRight } from './test_utils';
export { validate, validateEither } from './validate';
export { formatErrors } from './format_errors';
export { migratePackagePolicyToV7110 } from './endpoint/policy/migrations/to_v7_11.0';
12 changes: 12 additions & 0 deletions ...ugins/security_solution/public/management/pages/policy/store/policy_details/index.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -238,11 +238,23 @@ describe('policy details: ', () => {
security: true,
},
malware: { mode: 'prevent' },
popup: {
malware: {
enabled: true,
message: '',
},
},
logging: { file: 'info' },
},
mac: {
events: { process: true, file: true, network: true },
malware: { mode: 'prevent' },
popup: {
malware: {
enabled: true,
message: '',
},
},
logging: { file: 'info' },
},
linux: {
Expand Down
2 changes: 2 additions & 0 deletions ...lugins/security_solution/public/management/pages/policy/store/policy_details/selectors.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -105,10 +105,12 @@ export const policyConfig: (s: PolicyDetailsState) => UIPolicyConfig = createSel
windows: {
events: windows.events,
malware: windows.malware,
popup: windows.popup,
},
mac: {
events: mac.events,
malware: mac.malware,
popup: mac.popup,
},
linux: {
events: linux.events,
Expand Down
Loading