Task/linux events

x-pack/plugins/endpoint/public/applications/endpoint/models/policy.ts

@@ -15,8 +15,17 @@ export const generatePolicy = (): PolicyConfig => {
   return {
     windows: {
       events: {
-        process: true,
+        api: true,
+        clr: true,
+        dll_and_driver_load: true,
+        dns: true,
+        file: true,
         network: true,
+        powershell: true,
+        process: true,
+        registry: true,
+        security: true,
+        wmi: true,
       },
       malware: {
         mode: ProtectionModes.prevent,

x-pack/plugins/endpoint/public/applications/endpoint/store/policy_details/index.test.ts

@@ -98,4 +98,26 @@ describe('policy details: ', () => {
       expect(config!.mac.events.file).toEqual(true);
     });
   });
+
+  describe('when the user has enabled linux process events', () => {
+    beforeEach(() => {
+      const config = policyConfig(getState());
+      if (!config) {
+        throw new Error();
+      }
+
+      const newPayload1 = clone(config);
+      newPayload1.linux.events.file = true;
+
+      dispatch({
+        type: 'userChangedPolicyConfig',
+        payload: { policyConfig: newPayload1 },
+      });
+    });
+
+    it('linux file events is enabled', () => {
+      const config = policyConfig(getState());
+      expect(config!.linux.events.file).toEqual(true);
+    });
+  });
 });

x-pack/plugins/endpoint/public/applications/endpoint/store/policy_details/selectors.ts

@@ -119,6 +119,26 @@ export const selectedMacEvents = (state: PolicyDetailsState): number => {
   return 0;
 };
 
+/** Returns the total number of possible linux eventing configurations */
+export const totalLinuxEvents = (state: PolicyDetailsState): number => {
+  const config = policyConfig(state);
+  if (config) {
+    return Object.keys(config.linux.events).length;
+  }
+  return 0;
+};
+
+/** Returns the number of selected liinux eventing configurations */
+export const selectedLinuxEvents = (state: PolicyDetailsState): number => {
+  const config = policyConfig(state);
+  if (config) {
+    return Object.values(config.linux.events).reduce((count, event) => {
+      return event === true ? count + 1 : count;
+    }, 0);
+  }
+  return 0;
+};
+
 /** is there an api call in flight */
 export const isLoading = (state: PolicyDetailsState) => state.isLoading;
 

x-pack/plugins/endpoint/public/applications/endpoint/types.ts

@@ -118,21 +118,46 @@ export interface PolicyDetailsState {
  * Endpoint Policy configuration
  */
 export interface PolicyConfig {
-  windows: UIPolicyConfig['windows'] & {
+  windows: {
+    events: {
+      api: boolean;
+      clr: boolean;
+      dll_and_driver_load: boolean;
+      dns: boolean;
+      file: boolean;
+      network: boolean;
+      powershell: boolean;
+      process: boolean;
+      registry: boolean;
+      security: boolean;
+      wmi: boolean;
+    };
+    malware: MalwareFields;
     logging: {
       stdout: string;
       file: string;
     };
     advanced: PolicyConfigAdvancedOptions;
   };
-  mac: UIPolicyConfig['mac'] & {
+  mac: {
+    events: {
+      file: boolean;
+      process: boolean;
+      network: boolean;
+    };
+    malware: MalwareFields;
     logging: {
       stdout: string;
       file: string;
     };
     advanced: PolicyConfigAdvancedOptions;
   };
-  linux: UIPolicyConfig['linux'] & {
+  linux: {
+    events: {
+      file: boolean;
+      process: boolean;
+      network: boolean;
+    };
     logging: {
       stdout: string;
       file: string;
@@ -156,38 +181,28 @@ interface PolicyConfigAdvancedOptions {
 }
 
 /**
- * The set of Policy configuration settings that are show/edited via the UI
+ * Windows-specific policy configuration that is supported via the UI
  */
-/* eslint-disable @typescript-eslint/consistent-type-definitions */
-export type UIPolicyConfig = {
-  windows: {
-    events: {
-      process: boolean;
-      network: boolean;
-    };
-    /** malware mode can be off, detect, prevent or prevent and notify user */
-    malware: MalwareFields;
-  };
-  mac: {
-    events: {
-      file: boolean;
-      process: boolean;
-      network: boolean;
-    };
-    malware: MalwareFields;
-  };
+type WindowsPolicyConfig = Pick<PolicyConfig['windows'], 'events' | 'malware'>;
 
-  /**
-   * Linux-specific policy configuration that is supported via the UI
-   */
-  linux: {
-    events: {
-      file: boolean;
-      process: boolean;
-      network: boolean;
-    };
-  };
-};
+/**
+ * Mac-specific policy configuration that is supported via the UI
+ */
+type MacPolicyConfig = Pick<PolicyConfig['mac'], 'malware' | 'events'>;
+
+/**
+ * Linux-specific policy configuration that is supported via the UI
+ */
+type LinuxPolicyConfig = Pick<PolicyConfig['linux'], 'events'>;
+
+/**
+ * The set of Policy configuration settings that are show/edited via the UI
+ */
+export interface UIPolicyConfig {
+  windows: WindowsPolicyConfig;
+  mac: MacPolicyConfig;
+  linux: LinuxPolicyConfig;
+}
 
 /** OS used in Policy */
 export enum OS {
@@ -196,13 +211,6 @@ export enum OS {
   linux = 'linux',
 }
 
-/** Used in Policy */
-export enum EventingFields {
-  process = 'process',
-  network = 'network',
-  file = 'file',
-}
-
 /**
  * Returns the keys of an object whose values meet a criteria.
  *  Ex) interface largeNestedObject = {

x-pack/plugins/endpoint/public/applications/endpoint/view/policy/policy_details.tsx

@@ -34,7 +34,7 @@ import { AppAction } from '../../types';
 import { useKibana } from '../../../../../../../../src/plugins/kibana_react/public';
 import { AgentsSummary } from './agents_summary';
 import { VerticalDivider } from './vertical_divider';
-import { WindowsEvents, MacEvents } from './policy_forms/events';
+import { WindowsEvents, MacEvents, LinuxEvents } from './policy_forms/events';
 import { MalwareProtections } from './policy_forms/protections/malware';
 
 export const PolicyDetails = React.memo(() => {
@@ -209,6 +209,8 @@ export const PolicyDetails = React.memo(() => {
         <WindowsEvents />
         <EuiSpacer size="l" />
         <MacEvents />
+        <EuiSpacer size="l" />
+        <LinuxEvents />
       </PageView>
     </>
   );

x-pack/plugins/endpoint/public/applications/endpoint/view/policy/policy_forms/events/index.tsx

@@ -6,3 +6,4 @@
 
 export { WindowsEvents } from './windows';
 export { MacEvents } from './mac';
+export { LinuxEvents } from './linux';

x-pack/plugins/endpoint/public/applications/endpoint/view/policy/policy_forms/events/linux.tsx

@@ -0,0 +1,106 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import React, { useMemo } from 'react';
+import { i18n } from '@kbn/i18n';
+import { FormattedMessage } from '@kbn/i18n/react';
+import { EuiTitle, EuiText, EuiSpacer } from '@elastic/eui';
+import { EventsCheckbox } from './checkbox';
+import { OS, UIPolicyConfig } from '../../../../types';
+import { usePolicyDetailsSelector } from '../../policy_hooks';
+import { selectedLinuxEvents, totalLinuxEvents } from '../../../../store/policy_details/selectors';
+import { ConfigForm } from '../config_form';
+import { getIn, setIn } from '../../../../models/policy_details_config';
+
+export const LinuxEvents = React.memo(() => {
+  const selected = usePolicyDetailsSelector(selectedLinuxEvents);
+  const total = usePolicyDetailsSelector(totalLinuxEvents);
+
+  const checkboxes: Array<{
+    name: string;
+    os: 'linux';
+    protectionField: keyof UIPolicyConfig['linux']['events'];
+  }> = useMemo(
+    () => [
+      {
+        name: i18n.translate('xpack.endpoint.policyDetailsConfig.linux.events.file', {
+          defaultMessage: 'File',
+        }),
+        os: OS.linux,
+        protectionField: 'file',
+      },
+      {
+        name: i18n.translate('xpack.endpoint.policyDetailsConfig.linux.events.process', {
+          defaultMessage: 'Process',
+        }),
+        os: OS.linux,
+        protectionField: 'process',
+      },
+      {
+        name: i18n.translate('xpack.endpoint.policyDetailsConfig.linux.events.network', {
+          defaultMessage: 'Network',
+        }),
+        os: OS.linux,
+        protectionField: 'network',
+      },
+    ],
+    []
+  );
+
+  const renderCheckboxes = () => {
+    return (
+      <>
+        <EuiTitle size="xxs">
+          <h5>
+            <FormattedMessage
+              id="xpack.endpoint.policyDetailsConfig.eventingEvents"
+              defaultMessage="Events"
+            />
+          </h5>
+        </EuiTitle>
+        <EuiSpacer size="s" />
+        {checkboxes.map((item, index) => {
+          return (
+            <EventsCheckbox
+              name={item.name}
+              key={index}
+              setter={(config, checked) =>
+                setIn(config)(item.os)('events')(item.protectionField)(checked)
+              }
+              getter={config => getIn(config)(item.os)('events')(item.protectionField)}
+            />
+          );
+        })}
+      </>
+    );
+  };
+
+  const collectionsEnabled = () => {
+    return (
+      <EuiText size="s" color="subdued">
+        <FormattedMessage
+          id="xpack.endpoint.policy.details.eventCollectionsEnabled"
+          defaultMessage="{selected} / {total} event collections enabled"
+          values={{ selected, total }}
+        />
+      </EuiText>
+    );
+  };
+
+  return (
+    <ConfigForm
+      type={i18n.translate('xpack.endpoint.policy.details.eventCollection', {
+        defaultMessage: 'Event Collection',
+      })}
+      supportedOss={[
+        i18n.translate('xpack.endpoint.policy.details.linux', { defaultMessage: 'Linux' }),
+      ]}
+      id="linuxEventingForm"
+      rightCorner={collectionsEnabled()}
+      children={renderCheckboxes()}
+    />
+  );
+});