[Security Solution] Adds behavior protection support for mac and linux (

#107749)

* Add behaviour-protection-for-mac-and-linux

* Display the correct os names in the OS section

* Fix policy config returning windows values

x-pack/plugins/fleet/server/saved_objects/migrations/security_solution/to_v7_15_0.test.ts

@@ -18,6 +18,12 @@ describe('7.15.0 Endpoint Package Policy migration', () => {
     windowsPopup = {},
     windowsMalware = {},
     windowsRansomware = {},
+    macBehavior = {},
+    macMalware = {},
+    macPopup = {},
+    linuxBehavior = {},
+    linuxMalware = {},
+    linuxPopup = {},
   }) => {
     return {
       id: 'mock-saved-object-id',
@@ -53,6 +59,16 @@ describe('7.15.0 Endpoint Package Policy migration', () => {
                     ...windowsBehavior,
                     ...windowsPopup,
                   },
+                  mac: {
+                    ...macMalware,
+                    ...macBehavior,
+                    ...macPopup,
+                  },
+                  linux: {
+                    ...linuxMalware,
+                    ...linuxBehavior,
+                    ...linuxPopup,
+                  },
                 },
               },
             },
@@ -63,7 +79,7 @@ describe('7.15.0 Endpoint Package Policy migration', () => {
     };
   };
 
-  it('adds windows memory and behavior protection alongside malware and ramsomware', () => {
+  it('adds windows memory protection, and windows, mac and linux behavior protection alongside malware and ramsomware', () => {
     const initialDoc = policyDoc({
       windowsMalware: { malware: { mode: 'off' } },
       windowsRansomware: { ransomware: { mode: 'off', supported: true } },
@@ -79,6 +95,24 @@ describe('7.15.0 Endpoint Package Policy migration', () => {
           },
         },
       },
+      macMalware: { malware: { mode: 'off' } },
+      macPopup: {
+        popup: {
+          malware: {
+            message: '',
+            enabled: true,
+          },
+        },
+      },
+      linuxMalware: { malware: { mode: 'off' } },
+      linuxPopup: {
+        popup: {
+          malware: {
+            message: '',
+            enabled: true,
+          },
+        },
+      },
     });
 
     const migratedDoc = policyDoc({
@@ -109,6 +143,36 @@ describe('7.15.0 Endpoint Package Policy migration', () => {
           },
         },
       },
+      macMalware: { malware: { mode: 'off' } },
+      macBehavior: { behavior_protection: { mode: 'off', supported: true } },
+      macPopup: {
+        popup: {
+          malware: {
+            message: '',
+            enabled: true,
+          },
+          // new behavior popup setup
+          behavior_protection: {
+            message: '',
+            enabled: false,
+          },
+        },
+      },
+      linuxMalware: { malware: { mode: 'off' } },
+      linuxBehavior: { behavior_protection: { mode: 'off', supported: true } },
+      linuxPopup: {
+        popup: {
+          malware: {
+            message: '',
+            enabled: true,
+          },
+          // new behavior popup setup
+          behavior_protection: {
+            message: '',
+            enabled: false,
+          },
+        },
+      },
     });
 
     expect(migration(initialDoc, {} as SavedObjectMigrationContext)).toEqual(migratedDoc);

x-pack/plugins/fleet/server/saved_objects/migrations/security_solution/to_v7_15_0.ts

@@ -49,6 +49,10 @@ export const migratePackagePolicyToV7150: SavedObjectMigrationFn<PackagePolicy,
     policy.windows.popup.memory_protection = memoryPopup;
     policy.windows.behavior_protection = behavior;
     policy.windows.popup.behavior_protection = behaviorPopup;
+    policy.mac.behavior_protection = behavior;
+    policy.mac.popup.behavior_protection = behaviorPopup;
+    policy.linux.behavior_protection = behavior;
+    policy.linux.popup.behavior_protection = behaviorPopup;
   }
 
   return updatedPackagePolicyDoc;

x-pack/plugins/security_solution/common/endpoint/models/policy_config.ts

@@ -71,11 +71,19 @@ export const policyFactory = (): PolicyConfig => {
       malware: {
         mode: ProtectionModes.prevent,
       },
+      behavior_protection: {
+        mode: ProtectionModes.prevent,
+        supported: true,
+      },
       popup: {
         malware: {
           message: '',
           enabled: true,
         },
+        behavior_protection: {
+          message: '',
+          enabled: true,
+        },
       },
       logging: {
         file: 'info',
@@ -90,11 +98,19 @@ export const policyFactory = (): PolicyConfig => {
       malware: {
         mode: ProtectionModes.prevent,
       },
+      behavior_protection: {
+        mode: ProtectionModes.prevent,
+        supported: true,
+      },
       popup: {
         malware: {
           message: '',
           enabled: true,
         },
+        behavior_protection: {
+          message: '',
+          enabled: true,
+        },
       },
       logging: {
         file: 'info',
@@ -147,22 +163,38 @@ export const policyFactoryWithoutPaidFeatures = (
     },
     mac: {
       ...policy.mac,
+      behavior_protection: {
+        mode: ProtectionModes.off,
+        supported: false,
+      },
       popup: {
         ...policy.mac.popup,
         malware: {
           message: '',
           enabled: true,
         },
+        behavior_protection: {
+          message: '',
+          enabled: false,
+        },
       },
     },
     linux: {
       ...policy.linux,
+      behavior_protection: {
+        mode: ProtectionModes.off,
+        supported: false,
+      },
       popup: {
         ...policy.linux.popup,
         malware: {
           message: '',
           enabled: true,
         },
+        behavior_protection: {
+          message: '',
+          enabled: false,
+        },
       },
     },
   };
@@ -191,6 +223,20 @@ export const policyFactoryWithSupportedFeatures = (
         supported: true,
       },
     },
+    mac: {
+      ...policy.mac,
+      behavior_protection: {
+        ...policy.windows.behavior_protection,
+        supported: true,
+      },
+    },
+    linux: {
+      ...policy.linux,
+      behavior_protection: {
+        ...policy.windows.behavior_protection,
+        supported: true,
+      },
+    },
   };
 };
 

x-pack/plugins/security_solution/common/endpoint/types/index.ts

@@ -900,11 +900,16 @@ export interface PolicyConfig {
       network: boolean;
     };
     malware: ProtectionFields;
+    behavior_protection: ProtectionFields & SupportedFields;
     popup: {
       malware: {
         message: string;
         enabled: boolean;
       };
+      behavior_protection: {
+        message: string;
+        enabled: boolean;
+      };
     };
     logging: {
       file: string;
@@ -918,11 +923,16 @@ export interface PolicyConfig {
       network: boolean;
     };
     malware: ProtectionFields;
+    behavior_protection: ProtectionFields & SupportedFields;
     popup: {
       malware: {
         message: string;
         enabled: boolean;
       };
+      behavior_protection: {
+        message: string;
+        enabled: boolean;
+      };
     };
     logging: {
       file: string;
@@ -951,11 +961,17 @@ export interface UIPolicyConfig {
   /**
    * Mac-specific policy configuration that is supported via the UI
    */
-  mac: Pick<PolicyConfig['mac'], 'malware' | 'events' | 'popup' | 'advanced'>;
+  mac: Pick<
+    PolicyConfig['mac'],
+    'malware' | 'events' | 'popup' | 'advanced' | 'behavior_protection'
+  >;
   /**
    * Linux-specific policy configuration that is supported via the UI
    */
-  linux: Pick<PolicyConfig['linux'], 'malware' | 'events' | 'popup' | 'advanced'>;
+  linux: Pick<
+    PolicyConfig['linux'],
+    'malware' | 'events' | 'popup' | 'advanced' | 'behavior_protection'
+  >;
 }
 
 /** Policy:  Protection fields */