Skip to content

Mitigation policies #319

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Dec 5, 2022
Merged

Mitigation policies #319

merged 4 commits into from
Dec 5, 2022

Conversation

@Trinity2019
Copy link
Contributor

@Trinity2019 Trinity2019 commented Nov 28, 2022
edited
Loading

Change Summary

Add mitigation_policies to Windows process creation events.

Sample values

                "mitigation_policies": [
                    "Microsoft only",
                    "CET dynamic APIs can only be called out of proc",
                    "CF Guard"
                ],

Sample document:

Here's a sample process event document.

Release Target

8.7.0

For mapping changes:

  • I ran make after making the schema changes, and committed all changes

@Trinity2019 Trinity2019 requested a review from a team as a code owner November 28, 2022 03:21
@elasticmachine
Copy link
Contributor

elasticmachine commented Nov 28, 2022
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2022-11-29T23:11:36.444+0000

  • Duration: 9 min 37 sec

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@Trinity2019 Trinity2019 enabled auto-merge (squash) November 29, 2022 05:19
@Trinity2019 Trinity2019 disabled auto-merge November 29, 2022 05:21
@Trinity2019
Copy link
Contributor Author

Trinity2019 commented Nov 29, 2022

/test

@Trinity2019
Copy link
Contributor Author

Trinity2019 commented Nov 30, 2022

@elastic/security-onboarding-and-lifecycle-mgt could anyone review this pr if anyone got any spare cycles?

@Trinity2019
Copy link
Contributor Author

Trinity2019 commented Dec 5, 2022

@elastic/security-onboarding-and-lifecycle-mgt can I get some review of this pr or is it code freezing time? Thanks in advance!

@kevinlog
Copy link
Contributor

kevinlog commented Dec 5, 2022

@Trinity2019 - apologies for the late review. This looks good to me. We were working out some issues with the 8.6.0 package and merged a couple bug fixes last week.

This change looks good to me and is purely additive, so it won't cause any mapping collisions.

@Trinity2019
Copy link
Contributor Author

Trinity2019 commented Dec 5, 2022

Thanks all the reviewers! No worries about delay, all good :)

@Trinity2019 Trinity2019 merged commit 4a7289d into main Dec 5, 2022
@Trinity2019 Trinity2019 deleted the mitigation_policies branch December 5, 2022 16:53
@elasticmachine
Copy link
Contributor

elasticmachine commented Feb 8, 2023

Package endpoint - 8.7.0 containing this change is available at https://epr.elastic.co/search?package=endpoint

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gabriellandau gabriellandau gabriellandau approved these changes

@ferullo ferullo ferullo approved these changes

@ashokaditya ashokaditya Awaiting requested review from ashokaditya ashokaditya was automatically assigned from elastic/security-onboarding-and-lifecycle-mgt

@dasansol92 dasansol92 Awaiting requested review from dasansol92 dasansol92 was automatically assigned from elastic/security-onboarding-and-lifecycle-mgt

+1 more reviewer

@kevinlog kevinlog kevinlog approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

v8.7.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@Trinity2019 @elasticmachine @kevinlog @gabriellandau @ferullo