Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] add Ransomware canary advanced policy option #101068

Merged
merged 3 commits into from
Jun 2, 2021
Merged

[Security Solution] add Ransomware canary advanced policy option #101068

merged 3 commits into from
Jun 2, 2021

Conversation

kevinlog
Copy link
Contributor

@kevinlog kevinlog commented Jun 1, 2021
edited
Loading

Summary

Adds a policy option for advanced policy for Ransomware canary.

image

image

Checklist

Delete any items that are not applicable to this PR.

@kevinlog kevinlog added v8.0.0 release_note:skip Skip the PR/issue when compiling release notes Team:Defend Workflows “EDR Workflows” sub-team of Security Solution v7.14.0 labels Jun 1, 2021
@kevinlog kevinlog requested a review from a team as a code owner June 1, 2021 16:15
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-onboarding-and-lifecycle-mgt (Team:Onboarding and Lifecycle Mgt)

@kevinlog
Copy link
Contributor Author

kevinlog commented Jun 1, 2021

@elasticmachine merge upstream

@kevinlog
Copy link
Contributor Author

kevinlog commented Jun 1, 2021

@ferullo we just need to agree on the key for the canary advanced option.

FYI @wburgess1

@kevinlog kevinlog requested a review from ferullo June 1, 2021 16:17
ferullo
ferullo approved these changes Jun 1, 2021
View reviewed changes
Copy link
Contributor

@ferullo ferullo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM if @wburgess1 agrees

pzl
pzl approved these changes Jun 1, 2021
View reviewed changes
Copy link
Member

@pzl pzl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

short n sweet (assuming no work needed for tests to pass)

magermark
magermark approved these changes Jun 1, 2021
View reviewed changes
Copy link
Contributor

@magermark magermark left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Formatting looks good to me.

@kevinlog kevinlog added the auto-backport Deprecated - use backport:version if exact versions are needed label Jun 1, 2021
@kevinlog
Copy link
Contributor Author

kevinlog commented Jun 1, 2021

@ferullo I checked with @wburgess1 offline - we're good to go

@wburgess1
Copy link

wburgess1 commented Jun 1, 2021
edited
Loading

I did a quick sanity check against the endpoint configs (windows->advanced->ransomware->canary) and double checked its consistent with the previous ransomware MBR entry, so PR looks good to me 👍

@kevinlog
Copy link
Contributor Author

kevinlog commented Jun 1, 2021

@elasticmachine merge upstream

@kibanamachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 6.9MB 6.9MB +313.0B
Unknown metric groups

References to deprecated APIs

id before after diff
canvas 29 25 -4
crossClusterReplication 8 6 -2
fleet 22 20 -2
globalSearch 4 2 -2
indexManagement 12 7 -5
infra 256 146 -110
lens 67 45 -22
licensing 18 15 -3
lists 239 236 -3
maps 286 208 -78
ml 121 115 -6
monitoring 109 56 -53
securitySolution 390 346 -44
stackAlerts 101 95 -6
total -340

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@kevinlog kevinlog merged commit 7f8f89e into elastic:master Jun 2, 2021
@kevinlog kevinlog deleted the task/canary-advanced-policy branch June 2, 2021 11:29
kibanamachine added a commit to kibanamachine/kibana that referenced this pull request Jun 2, 2021
@kevinlog @kibanamachine
[Security Solution] Add Ransomware canary advanced policy option (ela…
b305da5 
…stic#101068)

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
@kibanamachine kibanamachine mentioned this pull request Jun 2, 2021
Merged
@kibanamachine
Copy link
Contributor

💚 Backport successful

Status Branch Result
7.x

This backport PR will be merged automatically after passing CI.

jloleysens added a commit to jloleysens/kibana that referenced this pull request Jun 2, 2021
@jloleysens
Merge branch 'reporting/new-png-pdf-report-type' of github.com:jloley…
f34d980 
…sens/kibana into reporting/new-png-pdf-report-type

* 'reporting/new-png-pdf-report-type' of github.com:jloleysens/kibana: (46 commits)
  [Security Solution] Add Ransomware canary advanced policy option (elastic#101068)
  [Exploratory view] Core web vitals (elastic#100320)
  [Security solution][Endpoint] Add unit tests for fleet event filters/trusted apps cards (elastic#101034)
  [Lens] Use a setter function for the dimension panel (elastic#101123)
  [Index Patterns] Fix return saved index pattern object (elastic#101051)
  [CI] For PRs, build TS refs before public api docs check (elastic#100791)
  [Maps] fix line and polygon label regression (elastic#101085)
  Migrate CCR to new ES JS client. (elastic#100131)
  [Canvas] Switch Canvas to use React Router (elastic#100579)
  [Expressions] Use table column ID instead of name when set (elastic#99724)
  [DOCS] Updates docs landing page (elastic#100749)
  [DOCS] Corrects typo in step 3 (elastic#101079)
  [DOCS] Updates runtime example in Discover (elastic#100926)
  Migrate kibana.autocomplete config to data plugin (elastic#100586)
  [Uptime] New width/delay definition for waterfall sidebar item tooltip (elastic#100147)
  [FTR] Use importExport for saved_object/basic archive (elastic#100244)
  [Fleet] Better input for multi text input in agent policy builder (elastic#101020)
  [CI] Buildkite support with Baseline pipeline (elastic#100492)
  [Reporting/Telemetry] Do not send telemetry if we are in screenshot mode (elastic#100388)
  Create API keys with metadata (elastic#100682)
  ...
gmmorris added a commit to gmmorris/kibana that referenced this pull request Jun 2, 2021
@gmmorris
Merge branch 'master' into task-manager/capacity-estimation
2b9bd67 
* master: (68 commits)
  Unskip advanced settings a11y test (elastic#100558)
  [App Search] Crawler Landing Page (elastic#100822)
  [DOCS] Clarify when to use kbn clean (elastic#101155)
  change label behavior (elastic#100991)
  skip flaky suite (elastic#101126)
  Fix cases plugin ownership (elastic#101073)
  [Home] Adding file upload to add data page (elastic#100863)
  [ML] Functional tests - reenable categorization tests (elastic#101137)
  [DOCS] Adds server.uuid to settings docs (elastic#101121)
  Fix newsfeed unread notifications always on when reloading Kibana (elastic#100357)
  [Lens] Time shift metrics (elastic#98781)
  [Deprecations service] make `correctiveActions.manualSteps` required (elastic#100997)
  Add "Risk Matrix" section to the PR template (elastic#100649)
  [Maps] spatially filter by all geo fields (elastic#100735)
  [Security Solution] Add Ransomware canary advanced policy option (elastic#101068)
  [Exploratory view] Core web vitals (elastic#100320)
  [Security solution][Endpoint] Add unit tests for fleet event filters/trusted apps cards (elastic#101034)
  [Lens] Use a setter function for the dimension panel (elastic#101123)
  [Index Patterns] Fix return saved index pattern object (elastic#101051)
  [CI] For PRs, build TS refs before public api docs check (elastic#100791)
  ...
kibanamachine added a commit that referenced this pull request Jun 3, 2021
@kibanamachine @kevinlog
[Security Solution] Add Ransomware canary advanced policy option (#10…
88615e4 
…1068) (#101149)

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>

Co-authored-by: Kevin Logan <56395104+kevinlog@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pzl pzl pzl approved these changes

@magermark magermark magermark approved these changes

@ferullo ferullo ferullo approved these changes

Assignees
No one assigned
Labels
auto-backport Deprecated - use backport:version if exact versions are needed release_note:skip Skip the PR/issue when compiling release notes Team:Defend Workflows “EDR Workflows” sub-team of Security Solution v7.14.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@kevinlog @elasticmachine @wburgess1 @kibanamachine @pzl @magermark @ferullo