/*! Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one or more contributor license agreements.
 * Licensed under the Elastic License 2.0; you may not use this file except in compliance with the Elastic License 2.0. */
(window.securitySolution_bundle_jsonpfunction=window.securitySolution_bundle_jsonpfunction||[]).push([[28],{1035:function(e,t,a){"use strict";let n;a.d(t,"a",(function(){return n})),function(e){e.endpoints="endpoints",e.policies="policy",e.trustedApps="trusted_apps",e.eventFilters="event_filters",e.hostIsolationExceptions="host_isolation_exceptions",e.blocklist="blocklist",e.responseActionsHistory="response_actions_history"}(n||(n={}))},1055:function(e,t,a){"use strict";a.d(t,"a",(function(){return BlocklistsApiClient}));var n=a(163),i=a(1128),o=a(733),s=a(1381);function l(e){return{...e,entries:Object(i.b)(e.entries)}}function r(e){return{...e,entries:Object(i.a)(e.entries)}}class BlocklistsApiClient extends o.a{constructor(e){super(e,n.c,s.a,l,r)}static getInstance(e){return super.getInstance(e,n.c,s.a,l,r)}}},108:function(e,t,a){"use strict";a.d(t,"a",(function(){return r}));var n=a(2),i=a(42),o=a(109),s=a(13),l=a(102);const r=()=>{const e=Object(l.n)(),t=Object(n.useRef)(e.addError.bind(e)).current,a=Object(n.useRef)(e.addSuccess.bind(e)).current,i=Object(n.useRef)(e.addWarning.bind(e)).current,o=Object(n.useRef)(e.remove.bind(e)).current,s=Object(n.useCallback)(((e,a)=>{const n=c(e);return t(n,a)}),[t]);return Object(n.useMemo)((()=>({api:e,addError:s,addSuccess:a,addWarning:i,remove:o})),[s,a,i,o,e])},c=e=>null!=e&&Object(s.isEsError)(e)?d(e):Object(o.s)(e)?u(e):e instanceof Error?p(e):m(e),d=e=>{var t,a,n,i,o;const s=null!=e.err?e.err:e,l=null!=(null===(t=e.err)||void 0===t?void 0:t.statusCode)?`(${e.err.statusCode})`:null!=e.statusCode?`(${e.statusCode})`:"",r=f(s),c=new Error(`${null!==(a=null===(n=e.attributes)||void 0===n?void 0:n.reason)&&void 0!==a?a:e.message} ${l}`);return c.name=null!==(i=null===(o=e.attributes)||void 0===o?void 0:o.reason)&&void 0!==i?i:e.message,null!=r&&(c.stack=r),c},u=e=>{const t=Object(o.t)(e)?`(${e.body.statusCode})`:Object(o.v)(e)?`(${e.body.status_code})`:"",a=f(e),n=new Error(`${""!==String(e.body.message).trim()?e.body.message:e.message} ${t}`);return n.name=null!=e.name?e.name:"",null!=a&&(n.stack=a),n},p=e=>{const t=f(e),a=new Error(e.message);return a.name=e.name,null!=t&&(a.stack=t),a},m=e=>{const t=f(e),a=Object(i.isString)(e)?e:e instanceof Object&&null!=t?t:String(e),n=new Error(a);return n.name=a,null!=t&&(n.stack=t),n},f=e=>{try{return JSON.stringify(e,((e,t)=>{const a=y(t);return g(a)?void 0:a}),2)}catch(e){return}},y=e=>e instanceof Error?{...e,name:e.name,message:e.message,stack:e.stack}:e,g=e=>{if(!(e instanceof Object))return!1;try{return"{}"===JSON.stringify(e)}catch(e){return!1}}},1118:function(e,t,a){"use strict";a.d(t,"a",(function(){return TrustedAppsApiClient}));var n=a(163),i=a(1128),o=a(733),s=a(1119);function l(e){return{...e,entries:Object(i.b)(e.entries)}}function r(e){return{...e,entries:Object(i.a)(e.entries,!0)}}class TrustedAppsApiClient extends o.a{constructor(e){super(e,n.n,s.b,l,r)}static getInstance(e){return super.getInstance(e,n.n,s.b,l,r)}}},1119:function(e,t,a){"use strict";a.d(t,"a",(function(){return o})),a.d(t,"b",(function(){return s}));var n=a(120),i=a(163);const o=["name","description","item_id","entries.value","entries.entries.value"],s={name:i.o,namespace_type:"agnostic",description:i.m,list_id:i.n,type:n.b.ENDPOINT_TRUSTED_APPS}},1120:function(e,t,a){"use strict";a.d(t,"a",(function(){return HostIsolationExceptionsApiClient}));var n=a(163),i=a(733),o=a(937);class HostIsolationExceptionsApiClient extends i.a{constructor(e){super(e,n.i,o.a)}static getInstance(e){return super.getInstance(e,n.i,o.a)}}},1128:function(e,t,a){"use strict";a.d(t,"a",(function(){return r})),a.d(t,"b",(function(){return u}));var n=a(174);const i="included",o=e=>{switch(e.length){case 32:return"md5";case 40:return"sha1";case 64:return"sha256"}},s=(e,t)=>({field:e,value:t,type:"match",operator:i}),l=(e,t)=>({field:e,value:t,type:"match_any",operator:i}),r=(e,t=!1)=>{const a=[];return e.forEach((e=>{if(e.field.includes(n.b.HASH))(function(e,t){const a=[];if(!Array.isArray(t.value)){const i=s(`${e}${n.b.HASH}${o(t.value)}`,t.value.toLowerCase());return a.push(i),a}const i=t.value.reduce(((e,t)=>{const a=o(t);return a?{...e,[a]:[...e[a],t]}:e}),{md5:[],sha1:[],sha256:[]});return Object.entries(i).forEach((([t,i])=>{if(!i.length)return;const o=l(`${e}${n.b.HASH}${t}`,i.map((e=>e.toLowerCase())));a.push(o)})),a})(e.field.split(".")[0],e).forEach((e=>a.push(e)));else if(e.field.includes(n.b.SIGNER)){const n=function(e,t,a=!1){const n=Array.isArray(t)?l("subject_name",t):s("subject_name",t),i=[];return a&&i.push(s("trusted","true")),i.push(n),((e,t)=>({field:e,entries:t,type:"nested"}))(e,i)}(e.field,e.value,t);a.push(n)}else if((e.field.includes(n.b.EXECUTABLE)||e.field.includes(n.b.PATH))&&"wildcard"===e.type){const t=(r=e.field,c=e.value,Array.isArray(c)?l(r,c):((e,t)=>({field:e,value:t,type:"wildcard",operator:i}))(r,c));a.push(t)}else{const t=function(e,t){return Array.isArray(t)?l(e,t):s(e,t)}(e.field,e.value);a.push(t)}var r,c})),a},c=(e,t,a)=>({field:e,value:a,type:t,operator:i});function d(e){return`${e.split(".")[0]}${n.b.HASH}*`}const u=e=>{const t=(e=>e.reduce(((e,t)=>{const a=t.field;if(a.includes(n.b.HASH)&&"match"===t.type){const n=d(a);return{...e,[n]:c(n,t.type,t.value)}}if(a.includes(n.b.HASH)&&"match_any"===t.type){var i,o;const n=d(a),s=null!==(i=null===(o=e[n])||void 0===o?void 0:o.value)&&void 0!==i?i:[];return{...e,[n]:c(n,t.type,[...s,...t.value])}}if((a.includes(n.b.EXECUTABLE)||a.includes(n.b.PATH))&&("match"===t.type||"match_any"===t.type||"wildcard"===t.type))return{...e,[a]:c(a,t.type,t.value)};if(a.includes(n.b.SIGNER)&&"nested"===t.type){const n=t.entries.find((e=>"subject_name"===e.field&&("match"===e.type||"match_any"===e.type)));if(n)return{...e,[a]:c(a,n.type,n.value)}}return e}),{}))(e);return Object.values(t).reduce(((e,t)=>t?[...e,t]:e),[])}},117:function(e,t,a){"use strict";a.d(t,"e",(function(){return d})),a.d(t,"b",(function(){return u})),a.d(t,"d",(function(){return p})),a.d(t,"c",(function(){return m})),a.d(t,"a",(function(){return f})),a.d(t,"f",(function(){return y}));var n=a(42),i=a(2),o=a.n(i),s=a(41),l=a.n(s);const r=a(5).i18n.translate("xpack.securitySolution.emptyString.emptyStringDescription",{defaultMessage:"Empty string"}),c=l.a.span.withConfig({displayName:"EmptyWrapper",componentId:"sc-1h9raim-0"})(["color:",";"],(e=>e.theme.eui.euiColorMediumShade));c.displayName="EmptyWrapper";const d=()=>"—",u=()=>`(${r})`,p=()=>o.a.createElement(c,null,d()),m=()=>o.a.createElement(c,null,u()),f=e=>null==e?p():Object(n.isString)(e)&&""===e?m():o.a.createElement(o.a.Fragment,null,e),y=e=>null==e?p():""===e?m():o.a.createElement(o.a.Fragment,null,e)},1381:function(e,t,a){"use strict";a.d(t,"a",(function(){return s})),a.d(t,"b",(function(){return l}));var n=a(120),i=a(163);const o=n.b.ENDPOINT_BLOCKLISTS,s={name:i.d,namespace_type:"agnostic",description:i.b,list_id:i.c,type:o},l=["name","description","item_id","entries.value","entries.entries.value","comments.comment"]},1392:function(e,t,a){"use strict";var n=a(1055);a.d(t,"a",(function(){return n.a}))},1485:function(e,t,a){"use strict";var n=a(1118);a.d(t,"a",(function(){return n.a}))},1487:function(e,t,a){"use strict";a.d(t,"a",(function(){return o}));var n=a(2),i=a(126);const o=()=>{const{canReadBlocklist:e,canReadEventFilters:t,canReadTrustedApplications:a,canReadHostIsolationExceptions:o}=Object(i.a)().endpointPrivileges;return Object(n.useMemo)((()=>e||t||a||o),[e,t,a,o])}},1488:function(e,t,a){"use strict";a.d(t,"a",(function(){return m}));var n=a(2),i=a.n(n),o=a(40),s=a(41),l=a.n(s),r=a(5);const c=["windows","macos","linux","total"],d={windows:r.i18n.translate("xpack.securitySolution.endpoint.fleetCustomExtension.exceptionItemsSummary.windows",{defaultMessage:"Windows"}),linux:r.i18n.translate("xpack.securitySolution.endpoint.fleetCustomExtension.exceptionItemsSummary.linux",{defaultMessage:"Linux"}),macos:r.i18n.translate("xpack.securitySolution.endpoint.fleetCustomExtension.exceptionItemsSummary.macos",{defaultMessage:"Mac"}),total:r.i18n.translate("xpack.securitySolution.endpoint.fleetCustomExtension.exceptionItemsSummary.total",{defaultMessage:"Total"})},u=l()(o.EuiFlexGroup).withConfig({displayName:"StyledEuiFlexGroup",componentId:"sc-y73df1-0"})(["font-size:",";font-weight:",";"],(({isSmall:e,theme:t})=>e?t.eui.euiFontSizeXS:"inherit"),(({isSmall:e})=>e?"1px":"inherit")),p={fontWeight:"bold"},m=Object(n.memo)((({stats:e,isSmall:t=!1})=>{const a=Object(n.useCallback)((a=>{var n;return"total"!==a&&t?null:i.a.createElement(o.EuiFlexItem,{key:a},i.a.createElement(f,{value:null!==(n=null==e?void 0:e[a])&&void 0!==n?n:0,color:"total"!==a||t?"default":"primary",key:a,isSmall:t},d[a]))}),[e,t]);return i.a.createElement(o.EuiFlexGroup,{alignItems:"center",justifyContent:t?"flexStart":"spaceAround",gutterSize:t?"s":"l"},c.map((e=>a(e))))}));m.displayName="ExceptionItemsSummary";const f=Object(n.memo)((({children:e,value:t,color:a,isSmall:n=!1,...s})=>i.a.createElement(o.EuiText,{className:"eui-displayInlineBlock",size:n?"xs":"s"},i.a.createElement(u,{justifyContent:n?"flexStart":"center",direction:n?"rowReverse":"row",alignItems:"center",gutterSize:n?"xs":"l",isSmall:n},n?null:i.a.createElement(o.EuiFlexItem,{grow:!1,style:"primary"===a?p:void 0},e),i.a.createElement(o.EuiFlexItem,{grow:!1},i.a.createElement(o.EuiBadge,{color:a},t))))));f.displayName="SummaryState"},1489:function(e,t,a){"use strict";a.d(t,"a",(function(){return d}));var n=a(41),i=a.n(n),o=a(2),s=a.n(o),l=a(40),r=a(1046);const c=i.a.span.withConfig({displayName:"LinkLabel",componentId:"sc-p54il1-0"})(["display:inline-block;padding-right:",";font-size:",";"],(e=>e.theme.eui.euiSizeS),(({size:e,theme:t})=>"m"===e?t.eui.euiFontSizeXS:"innherit")),d=Object(o.memo)((({children:e,size:t="l",...a})=>s.a.createElement(r.a,a,s.a.createElement(c,{size:t},e),s.a.createElement(l.EuiIcon,{type:"m"===t?"arrowRight":"popout"}))));d.displayName="LinkWithIcon"},1490:function(e,t,a){"use strict";a.d(t,"a",(function(){return s})),a.d(t,"b",(function(){return l})),a.d(t,"c",(function(){return r}));var n=a(41),i=a.n(n),o=a(40);const s=i()(o.EuiFlexGroup).withConfig({displayName:"StyledEuiFlexGridGroup",componentId:"sc-1i8l9we-0"})(["display:grid;grid-template-columns:33% 45% 22%;grid-template-areas:'title summary link';"]),l=i()(o.EuiFlexItem).withConfig({displayName:"StyledEuiFlexGridItem",componentId:"sc-1i8l9we-1"})(["grid-area:",";align-items:",";margin:0px;padding:12px;"],(({gridarea:e})=>e),(({alignitems:e})=>null!=e?e:"center")),r=i()(o.EuiFlexItem).withConfig({displayName:"StyledEuiFlexItem",componentId:"sc-1i8l9we-2"})(["flex-direction:row-reverse;"])},1492:function(e,t,a){"use strict";a.d(t,"a",(function(){return Ae}));var n=a(104),i=a.n(n),o=a(2),s=a.n(o),l=a(40),r=a(5),c=a(490),d=a(174),u=a(8),p=a(107),m=a(44),f=a(41),y=a.n(f),g=a(347);const v={type:r.i18n.translate("xpack.securitySolution.endpoint.policyDetailType",{defaultMessage:"Type"}),os:r.i18n.translate("xpack.securitySolution.endpoint.policyDetailOS",{defaultMessage:"Operating system"})},b=Object(o.memo)((({children:e,"data-test-subj":t})=>s.a.createElement(l.EuiTitle,{size:"xxs","data-test-subj":t},s.a.createElement("h5",null,e))));b.displayName="SettingCardHeader";const k=Object(o.memo)((({type:e,supportedOss:t,osRestriction:a,dataTestSubj:n,rightCorner:i,children:r})=>{const c=Object(o.useContext)(f.ThemeContext).eui.euiPanelPaddingModifiers.paddingMedium,d=Object(p.a)(n);return s.a.createElement(l.EuiPanel,{"data-test-subj":d(),hasBorder:!0,hasShadow:!1,paddingSize:"none"},s.a.createElement(l.EuiFlexGroup,{direction:"row",gutterSize:"none",alignItems:"center",style:{padding:`${c} ${c} 0 ${c}`}},s.a.createElement(l.EuiFlexItem,{grow:1},s.a.createElement(b,null,v.type),s.a.createElement(l.EuiText,{size:"s","data-test-subj":d("type")},e)),s.a.createElement(l.EuiFlexItem,{grow:2},s.a.createElement(b,null,v.os),s.a.createElement(l.EuiFlexGroup,{direction:"row",gutterSize:"s",alignItems:"center","data-test-subj":d("osValueContainer")},s.a.createElement(l.EuiFlexItem,{grow:!1},s.a.createElement(l.EuiText,{size:"s","data-test-subj":d("osValues")},t.map((e=>g.a[e])).join(", ")," ")),a&&s.a.createElement(l.EuiFlexItem,{grow:!1,"data-test-subj":d("osRestriction")},s.a.createElement(l.EuiFlexGroup,{direction:"row",gutterSize:"xs"},s.a.createElement(l.EuiFlexItem,{grow:!1},s.a.createElement(l.EuiTextColor,{color:"subdued"},s.a.createElement(m.FormattedMessage,{id:"xpack.securitySolution.endpoint.policy.details.antivirusRegistration.osRestriction",defaultMessage:"Restrictions"}))),s.a.createElement(l.EuiFlexItem,{grow:!1},s.a.createElement(l.EuiIconTip,{type:"warning",color:"warning",content:a,anchorProps:{"data-test-subj":d("osRestrictionTooltipIcon")}})))))),s.a.createElement(l.EuiShowFor,{sizes:["m","l","xl"]},s.a.createElement(l.EuiFlexItem,{grow:3},s.a.createElement(l.EuiFlexGroup,{direction:"row",gutterSize:"none",justifyContent:"flexEnd"},s.a.createElement(l.EuiFlexItem,{grow:!1,"data-test-subj":d("rightCornerContainer")},i)))),s.a.createElement(l.EuiShowFor,{sizes:i?["s","xs"]:[]},s.a.createElement(l.EuiFlexItem,{"data-test-subj":d("rightCornerContainer")},i))),s.a.createElement(l.EuiHorizontalRule,{margin:"m"}),s.a.createElement("div",{style:{padding:`0 ${c} ${c} ${c}`}},r))}));k.displayName="SettingCard";const w=r.i18n.translate("xpack.securitySolution.endpoint.policy.details.antivirusRegistration.type",{defaultMessage:"Register as antivirus"}),h=r.i18n.translate("xpack.securitySolution.endpoint.policy.details.antivirusRegistration.explanation",{defaultMessage:"Toggle on to register Elastic as an official Antivirus solution for Windows OS. This will also disable Windows Defender."}),_=r.i18n.translate("xpack.securitySolution.endpoint.policy.details.antivirusRegistration.type",{defaultMessage:"Register as antivirus"}),E=r.i18n.translate("xpack.securitySolution.endpoint.policy.details.antivirusRegistration.notRegisteredLabel",{defaultMessage:"Do not register as antivirus"}),x=Object(o.memo)((({policy:e,onChange:t,mode:a,"data-test-subj":n})=>{const i=Object(p.a)(n),m=!Object(c.a)(),f=e.windows.antivirus_registration.enabled,y="edit"===a,g=f?_:E,v=Object(o.useCallback)((a=>{const n=Object(u.cloneDeep)(e);n.windows.antivirus_registration.enabled=a.target.checked,t({isValid:!0,updatedPolicy:n})}),[t,e]);return m?s.a.createElement(k,{type:w,supportedOss:[d.c.WINDOWS],dataTestSubj:i(),osRestriction:r.i18n.translate("xpack.securitySolution.endpoint.policy.details.av.windowsServerNotSupported",{defaultMessage:"Windows Server operating systems unsupported because Antivirus registration requires Windows Security Center, which is not included in Windows Server operating systems."})},y&&s.a.createElement(l.EuiText,{size:"s"},h),s.a.createElement(l.EuiSpacer,{size:"s"}),y?s.a.createElement(l.EuiSwitch,{label:g,checked:f,onChange:v,"data-test-subj":i("switch")}):s.a.createElement("div",{"data-test-subj":i("value")},g)):null}));x.displayName="AntivirusRegistrationCard";var S=a(117),M=a(185);const j={[d.c.WINDOWS]:M.e.windows,[d.c.LINUX]:M.e.linux,[d.c.MAC]:M.e.mac},C=Object(o.memo)((({policy:e,onChange:t,mode:a,os:n,options:i,selection:c,supplementalOptions:d,"data-test-subj":m})=>{const y=Object(p.a)(m),g="edit"===a,v=Object(o.useContext)(f.ThemeContext),w=i.length,h=j[n],_=Object(o.useMemo)((()=>{const e=d?d.map((e=>e.protectionField)):[];return Object.entries(c).filter((([t,a])=>!e.includes(t)&&a)).length}),[c,d]);return s.a.createElement(k,{type:r.i18n.translate("xpack.securitySolution.endpoint.policy.details.eventCollection",{defaultMessage:"Event collection"}),supportedOss:[n],rightCorner:s.a.createElement(l.EuiText,{size:"s",color:"subdued","data-test-subj":y("selectedCount")},r.i18n.translate("xpack.securitySolution.endpoint.policy.details.eventCollectionsEnabled",{defaultMessage:"{selected} / {total} event collections enabled",values:{selected:_,total:w}})),dataTestSubj:y()},s.a.createElement(b,null,r.i18n.translate("xpack.securitySolution.endpoint.policyDetailsConfig.eventingEvents",{defaultMessage:"Events"})),s.a.createElement(l.EuiSpacer,{size:"s"}),s.a.createElement("div",{"data-test-subj":y("options")},i.map((({name:n,protectionField:i})=>{const o=`${h}.events.${String(i)}`;return s.a.createElement(O,{label:n,key:o,keyPath:o,policy:e,onChange:t,mode:a,"data-test-subj":y(i)})})),0===_&&!g&&s.a.createElement("div",null,Object(S.e)())),d&&d.map((({title:n,description:i,name:o,uncheckedName:r,protectionField:c,tooltipText:d,beta:p,indented:m,isDisabled:f})=>{const k=`${h}.events.${String(c)}`,w=Object(u.get)(e,k),_=c;return g||w?s.a.createElement("div",{key:String(c),style:m?{paddingLeft:v.eui.euiSizeL}:{},"data-test-subj":y(`${_}Container`)},n&&s.a.createElement(s.a.Fragment,null,s.a.createElement(l.EuiSpacer,{size:"m"}),s.a.createElement(b,{"data-test-subj":y(`${_}Title`)},n)),i&&s.a.createElement(s.a.Fragment,null,s.a.createElement(l.EuiSpacer,{size:"s"}),s.a.createElement(l.EuiText,{size:"xs",color:"subdued","data-test-subj":y(`${_}Description`)},i)),s.a.createElement(l.EuiFlexGroup,{direction:"row",gutterSize:"xs",alignItems:"center"},s.a.createElement(l.EuiFlexItem,{grow:!1},s.a.createElement(l.EuiSpacer,{size:"s"}),s.a.createElement(O,{label:o,unCheckedLabel:r,key:k,keyPath:k,policy:e,onChange:t,mode:a,disabled:!!f&&f(e),"data-test-subj":y(_)})),d&&s.a.createElement(l.EuiFlexItem,{grow:!1},s.a.createElement(l.EuiIconTip,{position:"right",content:d,anchorProps:{"data-test-subj":y(`${_}TooltipIcon`)}})),p&&s.a.createElement(l.EuiFlexItem,{grow:!1},s.a.createElement(l.EuiBetaBadge,{label:"beta",size:"s","data-test-subj":y(`${_}Badge`)})))):null})))}));C.displayName="EventCollectionCard";const O=Object(o.memo)((({policy:e,onChange:t,label:a,unCheckedLabel:n,mode:i,keyPath:r,disabled:c,"data-test-subj":d})=>{const p=Object(u.get)(e,r),m="edit"===i,f=p?a:n||a,y=Object(o.useCallback)((a=>{const n=Object(u.cloneDeep)(e);Object(u.set)(n,r,a.target.checked),t({isValid:!0,updatedPolicy:n})}),[r,t,e]);return m?s.a.createElement(l.EuiCheckbox,{key:r,id:r,label:f,"data-test-subj":d,checked:p,onChange:y,disabled:c}):p?s.a.createElement("div",{"data-test-subj":d},f):null}));O.displayName="EventCheckbox";const D=[{name:r.i18n.translate("xpack.securitySolution.endpoint.policyDetailsConfig.linux.events.file",{defaultMessage:"File"}),protectionField:"file"},{name:r.i18n.translate("xpack.securitySolution.endpoint.policyDetailsConfig.linux.events.network",{defaultMessage:"Network"}),protectionField:"network"},{name:r.i18n.translate("xpack.securitySolution.endpoint.policyDetailsConfig.linux.events.process",{defaultMessage:"Process"}),protectionField:"process"}],I=[{id:"sessionDataSection",title:r.i18n.translate("xpack.securitySolution.endpoint.policyDetailsConfig.linux.events.session_data.title",{defaultMessage:"Session data"}),description:r.i18n.translate("xpack.securitySolution.endpoint.policyDetailsConfig.linux.events.session_data.description",{defaultMessage:"Turn this on to capture the extended process data required for Session View. Session View provides you a visual representation of session and process execution data. Session View data is organized according to the Linux process model to help you investigate process, user, and service activity on your Linux infrastructure."}),name:r.i18n.translate("xpack.securitySolution.endpoint.policyDetailsConfig.linux.events.session_dataChecked",{defaultMessage:"Collect session data"}),uncheckedName:r.i18n.translate("xpack.securitySolution.endpoint.policyDetailsConfig.linux.events.session_dataUnChecked",{defaultMessage:"Do not collect session data"}),protectionField:"session_data",isDisabled:e=>!e.linux.events.process},{name:r.i18n.translate("xpack.securitySolution.endpoint.policyDetailsConfig.linux.events.tty_ioChecked",{defaultMessage:"Capture terminal output"}),uncheckedName:r.i18n.translate("xpack.securitySolution.endpoint.policyDetailsConfig.linux.events.tty_ioUnChecked",{defaultMessage:"Do not capture terminal output"}),protectionField:"tty_io",tooltipText:r.i18n.translate("xpack.securitySolution.endpoint.policyDetailsConfig.linux.events.tty_io.tooltip",{defaultMessage:"Turn this on to collect terminal (tty) output. Terminal output appears in Session View, and you can view it separately to see what commands were executed and how they were typed, provided the terminal is in echo mode. Only works on hosts that support ebpf."}),indented:!0,isDisabled:e=>!e.linux.events.session_data}],P=Object(o.memo)((e=>{const t=Object(o.useMemo)((()=>"edit"===e.mode?I:I.map((e=>"sessionDataSection"===e.id?{...e,description:void 0}:e))),[e.mode]);return s.a.createElement(C,i()({},e,{os:d.c.LINUX,selection:e.policy.linux.events,supplementalOptions:t,options:D}))}));P.displayName="LinuxEventCollectionCard";const F=[{name:r.i18n.translate("xpack.securitySolution.endpoint.policyDetailsConfig.mac.events.file",{defaultMessage:"File"}),protectionField:"file"},{name:r.i18n.translate("xpack.securitySolution.endpoint.policyDetailsConfig.mac.events.process",{defaultMessage:"Process"}),protectionField:"process"},{name:r.i18n.translate("xpack.securitySolution.endpoint.policyDetailsConfig.mac.events.network",{defaultMessage:"Network"}),protectionField:"network"}],A=Object(o.memo)((e=>s.a.createElement(C,i()({},e,{os:d.c.MAC,selection:e.policy.mac.events,options:F}))));A.displayName="MacEventCollectionCard";const T=[{name:r.i18n.translate("xpack.securitySolution.endpoint.policyDetailsConfig.windows.events.credentialAccess",{defaultMessage:"Credential Access"}),protectionField:"credential_access"},{name:r.i18n.translate("xpack.securitySolution.endpoint.policyDetailsConfig.windows.events.dllDriverLoad",{defaultMessage:"DLL and Driver Load"}),protectionField:"dll_and_driver_load"},{name:r.i18n.translate("xpack.securitySolution.endpoint.policyDetailsConfig.windows.events.dns",{defaultMessage:"DNS"}),protectionField:"dns"},{name:r.i18n.translate("xpack.securitySolution.endpoint.policyDetailsConfig.windows.events.file",{defaultMessage:"File"}),protectionField:"file"},{name:r.i18n.translate("xpack.securitySolution.endpoint.policyDetailsConfig.windows.events.network",{defaultMessage:"Network"}),protectionField:"network"},{name:r.i18n.translate("xpack.securitySolution.endpoint.policyDetailsConfig.windows.events.process",{defaultMessage:"Process"}),protectionField:"process"},{name:r.i18n.translate("xpack.securitySolution.endpoint.policyDetailsConfig.windows.events.registry",{defaultMessage:"Registry"}),protectionField:"registry"},{name:r.i18n.translate("xpack.securitySolution.endpoint.policyDetailsConfig.windows.events.security",{defaultMessage:"Security"}),protectionField:"security"}],N=Object(o.memo)((e=>s.a.createElement(C,i()({},e,{os:d.c.WINDOWS,selection:e.policy.windows.events,options:T}))));N.displayName="WindowsEventCollectionCard";var L=a(17);const z=y.a.div.withConfig({displayName:"LockedPolicyDiv",componentId:"sc-sl8jse-0"})([".euiCard__betaBadgeWrapper{.euiCard__betaBadge{width:auto;}}.lockedCardDescription{padding:0 33.3%;}"]),R=Object(o.memo)((({title:e,"data-test-subj":t})=>{const a=Object(p.a)(t);return s.a.createElement(z,null,s.a.createElement(l.EuiCard,{"data-test-subj":a(),betaBadgeProps:{"data-test-subj":a("badge"),label:r.i18n.translate("xpack.securitySolution.endpoint.policy.details.platinum",{defaultMessage:"Platinum"})},isDisabled:!0,icon:s.a.createElement(l.EuiIcon,{size:"xl",type:"lock"}),title:s.a.createElement("h3",{"data-test-subj":a("title")},s.a.createElement("strong",null,e)),description:!1},s.a.createElement(l.EuiFlexGroup,{className:"lockedCardDescription",direction:"column",gutterSize:"none"},s.a.createElement(l.EuiText,null,s.a.createElement(l.EuiFlexItem,null,s.a.createElement("h4",null,s.a.createElement(l.EuiTextColor,{color:"subdued"},s.a.createElement(m.FormattedMessage,{id:"xpack.securitySolution.endpoint.policy.details.upgradeToPlatinum",defaultMessage:"Upgrade to Elastic Platinum"})))),s.a.createElement(l.EuiFlexItem,null,s.a.createElement("p",null,s.a.createElement(m.FormattedMessage,{id:"xpack.securitySolution.endpoint.policy.details.lockedCardUpgradeMessage",defaultMessage:"To turn on this protection, you must upgrade your license to Platinum, start a free 30-day trial, or spin up a {cloudDeploymentLink} on AWS, GCP, or Azure.",values:{cloudDeploymentLink:s.a.createElement(l.EuiLink,{href:"https://www.elastic.co/cloud/",target:"_blank","data-test-subj":a("cloudLink")},s.a.createElement(m.FormattedMessage,{id:"xpack.securitySolution.endpoint.policy.details.cloudDeploymentLInk",defaultMessage:"cloud deployment"}))}})))))))}));R.displayName="SettingLockedCard";const $=[d.c.WINDOWS],W=r.i18n.translate("xpack.securitySolution.endpoint.policy.details.attack_surface_reduction",{defaultMessage:"Attack Surface Reduction"}),U=r.i18n.translate("xpack.securitySolution.endpoint.policy.details.attackSurfaceReduction.type",{defaultMessage:"Attack surface reduction"}),B=r.i18n.translate("xpack.securitySolution.endpoint.policy.details.credentialHardening.toggleEnabled",{defaultMessage:"Credential hardening enabled"}),H=r.i18n.translate("xpack.securitySolution.endpoint.policy.details.credentialHardening.toggleDisabled",{defaultMessage:"Credential hardening disabled"}),G=Object(o.memo)((({policy:e,onChange:t,mode:a,"data-test-subj":n})=>{const i=Object(L.b)().isPlatinumPlus(),r=Object(p.a)(n),d=!Object(c.a)(),m=e.windows.attack_surface_reduction.credential_hardening.enabled,f="edit"===a,y=m?B:H,g=Object(o.useCallback)((a=>{const n=Object(u.cloneDeep)(e);n.windows.attack_surface_reduction.credential_hardening.enabled=a.target.checked,t({isValid:!0,updatedPolicy:n})}),[t,e]);return d?i?s.a.createElement(k,{type:U,supportedOss:$,dataTestSubj:r()},f?s.a.createElement(l.EuiSwitch,{label:y,checked:m,onChange:g,"data-test-subj":r("enableDisableSwitch")}):s.a.createElement("span",{"data-test-subj":r("valueLabel")},y)):s.a.createElement(R,{title:W,"data-test-subj":r("locked")}):null}));G.displayName="AttackSurfaceReductionCard";var V=a(1046),q=a(36);const X=Object(o.memo)((({"data-test-subj":e})=>{const t=Object(p.a)(e);return s.a.createElement(l.EuiCallOut,{iconType:"iInCircle","data-test-subj":t()},s.a.createElement(m.FormattedMessage,{id:"xpack.securitySolution.endpoint.policy.details.detectionRulesMessage",defaultMessage:"View {detectionRulesLink}. Prebuilt rules are tagged “Elastic” on the Detection Rules page.",values:{detectionRulesLink:s.a.createElement(V.a,{appId:q.APP_UI_ID,deepLinkId:q.SecurityPageName.rules,"data-test-subj":t("link")},s.a.createElement(m.FormattedMessage,{id:"xpack.securitySolution.endpoint.policy.details.detectionRulesLink",defaultMessage:"related detection rules"}))}}))}));X.displayName="RelatedDetectionRulesCallout";var J=a(102);const K=r.i18n.translate("xpack.securitySolution.endpoint.policyDetail.useReputationService",{defaultMessage:"Use reputation service"}),Q=r.i18n.translate("xpack.securitySolution.endpoint.policyDetail.doNotUseReputationService",{defaultMessage:"Don't use reputation service"}),Y=s.a.memo((({policy:e,onChange:t,mode:a,protection:n,"data-test-subj":i})=>{var c;const d="edit"===a,{cloud:f}=Object(J.j)().services,y=null!==(c=null==f?void 0:f.isCloudEnabled)&&void 0!==c&&c,g=Object(p.a)(i),v=e.windows.behavior_protection.mode!==M.f.off,k=e.windows.behavior_protection.reputation_service&&v,w=Object(o.useCallback)((a=>{const n=Object(u.cloneDeep)(e);n.windows.behavior_protection.reputation_service=a.target.checked,n.mac.behavior_protection.reputation_service=a.target.checked,n.linux.behavior_protection.reputation_service=a.target.checked,t({isValid:!0,updatedPolicy:n})}),[e,t]),h=k?K:Q;return y?s.a.createElement("div",{"data-test-subj":g()},s.a.createElement(l.EuiSpacer,{size:"m"}),s.a.createElement(b,null,s.a.createElement(l.EuiFlexGroup,{gutterSize:"xs"},s.a.createElement(l.EuiFlexItem,{grow:!1,"data-test-subj":g("label")},s.a.createElement(l.EuiText,{size:"s"},s.a.createElement("h4",null,s.a.createElement(m.FormattedMessage,{id:"xpack.securitySolution.endpoint.policyDetailsConfig.reputationService",defaultMessage:"Reputation service"})))),s.a.createElement(l.EuiFlexItem,{grow:!1,"data-test-subj":g("tooltipIcon")},s.a.createElement(l.EuiIconTip,{position:"right","data-test-subj":g("tooltip"),content:s.a.createElement(m.FormattedMessage,{id:"xpack.securitySolution.endpoint.policyDetailsConfig.reputationServiceTooltip",defaultMessage:"This option enables/disables the Reputation Service feature in Endpoint. When the option is ON, Endpoint will reach out to a Cloud API for additional malware analysis. When it's OFF, Endpoint will not reach out to the Cloud API."})})))),s.a.createElement(l.EuiSpacer,{size:"s"}),d?s.a.createElement(l.EuiCheckbox,{"data-test-subj":g("checkbox"),id:`${n}ReputationServiceCheckbox}`,onChange:w,checked:k,disabled:!v,label:r.i18n.translate("xpack.securitySolution.endpoint.policyDetail.reputationService",{defaultMessage:"Reputation service"})}):s.a.createElement(s.a.Fragment,null,h)):null}));Y.displayName="ReputationService";const Z=Object.freeze({malware:"7.11+",ransomware:"7.12+",memory_protection:"7.15+",behavior_protection:"7.15+"}),ee=r.i18n.translate("xpack.securitySolution.endpoint.policyDetailsConfig.userNotification",{defaultMessage:"User notification"}),te=r.i18n.translate("xpack.securitySolution.endpoint.policyDetail.notifyUser",{defaultMessage:"Notify user"}),ae=r.i18n.translate("xpack.securitySolution.endpoint.policyDetailsConfig.notificationMessage",{defaultMessage:"Notification message"}),ne=r.i18n.translate("xpack.securitySolution.endpoint.policyDetailsConfig.customizeUserNotification",{defaultMessage:"Customize notification message"}),ie=s.a.memo((({policy:e,onChange:t,mode:a,protection:n,osList:i,"data-test-subj":c})=>{const d=Object(L.b)().isPlatinumPlus(),f=Object(p.a)(c),y="edit"===a,g=e.windows[n].mode,v=e.windows.popup[n].enabled,k=e.windows.popup[n].message,w=Object(o.useCallback)((a=>{const o=Object(u.cloneDeep)(e);for(const e of i)("windows"===e||"mac"===e||"linux"===e)&&(o[e].popup[n].enabled=a.target.checked);t({isValid:!0,updatedPolicy:o})}),[e,t,i,n]),h=Object(o.useCallback)((a=>{const o=Object(u.cloneDeep)(e);for(const e of i)("windows"===e||"mac"===e||"linux"===e)&&(o[e].popup[n].message=a.target.value);t({isValid:!0,updatedPolicy:o})}),[e,t,i,n]),_=Object(o.useCallback)((e=>"memory_protection"===e?r.i18n.translate("xpack.securitySolution.endpoint.policyDetail.memoryProtectionTooltip",{defaultMessage:"memory threat"}):"behavior_protection"===e?r.i18n.translate("xpack.securitySolution.endpoint.policyDetail.behaviorProtectionTooltip",{defaultMessage:"malicious behavior"}):e),[]),E=Object(o.useCallback)((e=>"memory_protection"===e||"behavior_protection"===n?r.i18n.translate("xpack.securitySolution.endpoint.policyDetail.rule",{defaultMessage:"rule"}):r.i18n.translate("xpack.securitySolution.endpoint.policyDetail.filename",{defaultMessage:"filename"})),[n]);return d?s.a.createElement("div",{"data-test-subj":f()},s.a.createElement(l.EuiSpacer,{size:"m"}),s.a.createElement(b,{"data-test-subj":f("title")},ee),s.a.createElement(oe,{protection:n,"data-test-subj":f("supportedVersion")}),s.a.createElement(l.EuiSpacer,{size:"s"}),y?s.a.createElement(l.EuiCheckbox,{"data-test-subj":f("checkbox"),id:`${n}UserNotificationCheckbox}`,onChange:w,checked:v,disabled:!y||g===M.f.off,label:te}):s.a.createElement(s.a.Fragment,null,te),v&&(y?s.a.createElement(s.a.Fragment,null,s.a.createElement(l.EuiSpacer,{size:"m"}),s.a.createElement(l.EuiFlexGroup,{gutterSize:"xs"},s.a.createElement(l.EuiFlexItem,{grow:!1},s.a.createElement(l.EuiText,{size:"s","data-test-subj":f("customMessageTitle")},s.a.createElement("h4",null,ne))),s.a.createElement(l.EuiFlexItem,{grow:!1},s.a.createElement(l.EuiIconTip,{position:"right","data-test-subj":f("tooltipInfo"),anchorProps:{"data-test-subj":f("tooltipIcon")},content:s.a.createElement(s.a.Fragment,null,s.a.createElement(m.FormattedMessage,{id:"xpack.securitySolution.endpoint.policyDetailsConfig.notifyUserTooltip.a",defaultMessage:"Selecting the user notification option will display a notification to the host user when { protectionName } is prevented or detected.",values:{protectionName:_(n)}}),s.a.createElement(l.EuiSpacer,{size:"m"}),s.a.createElement(m.FormattedMessage,{id:"xpack.securitySolution.endpoint.policyDetailsConfig.notifyUserTooltip.c",defaultMessage:" The user notification can be customized in the text box below. Bracketed tags can be used to dynamically populate the applicable action (such as prevented or detected) and the { bracketText }.",values:{bracketText:E(n)}}))}))),s.a.createElement(l.EuiSpacer,{size:"xs"}),s.a.createElement(l.EuiTextArea,{placeholder:r.i18n.translate("xpack.securitySolution.endpoint.policyDetails.userNotification.placeholder",{defaultMessage:"Input your custom notification message"}),value:k,onChange:h,fullWidth:!0,disabled:!y,"data-test-subj":f("customMessage")})):s.a.createElement(s.a.Fragment,null,s.a.createElement(l.EuiSpacer,{size:"m"}),s.a.createElement(l.EuiText,{size:"s"},s.a.createElement("h4",null,ae)),s.a.createElement(l.EuiSpacer,{size:"xs"}),s.a.createElement(s.a.Fragment,null,k||Object(S.e)())))):null}));ie.displayName="NotifyUserOption";const oe=s.a.memo((({protection:e,"data-test-subj":t})=>{const a=Object(o.useMemo)((()=>Z[e]),[e]);return a?s.a.createElement(l.EuiText,{color:"subdued",size:"xs","data-test-subj":t},s.a.createElement("i",null,s.a.createElement(m.FormattedMessage,{id:"xpack.securitySolution.endpoint.policyDetails.supportedVersion",defaultMessage:"Agent version {version}",values:{version:a}}))):null}));oe.displayName="SupportedVersionForProtectionNotice";const se=r.i18n.translate("xpack.securitySolution.endpoint.policy.details.detect",{defaultMessage:"Detect"}),le=r.i18n.translate("xpack.securitySolution.endpoint.policy.details.prevent",{defaultMessage:"Prevent"}),re=Object(o.memo)((({policy:e,protection:t,osList:a,mode:n,onChange:i,"data-test-subj":r})=>{const c="edit"===n,d=Object(p.a)(r),u=Object(o.useMemo)((()=>[{id:M.f.detect,label:se,flexGrow:1},{id:M.f.prevent,label:le,flexGrow:5}]),[]),f=Object(o.useMemo)((()=>{const a=u.find((a=>a.id===e.windows[t].mode));return a?a.label:le}),[e.windows,t,u]);return s.a.createElement("div",{"data-test-subj":d()},s.a.createElement(b,null,s.a.createElement(m.FormattedMessage,{id:"xpack.securitySolution.endpoint.policyDetailsConfig.protectionLevel",defaultMessage:"Protection level"})),s.a.createElement(l.EuiSpacer,{size:"xs"}),s.a.createElement(l.EuiFlexGroup,null,c?u.map((({label:o,id:r,flexGrow:c})=>s.a.createElement(l.EuiFlexItem,{grow:c,key:r},s.a.createElement(ce,{policy:e,onChange:i,mode:n,protection:t,protectionMode:r,osList:a,label:o,"data-test-subj":d(`${r}Radio`)})))):s.a.createElement(s.a.Fragment,null,f)))}));re.displayName="DetectPreventProtectionLevel";const ce=s.a.memo((({protection:e,protectionMode:t,osList:a,label:n,onChange:i,policy:r,mode:c,"data-test-subj":d})=>{const p=r.windows[e].mode,m=Object(L.b)().isPlatinumPlus(),f="edit"===c,y=Object(o.useMemo)((()=>`${a.join("-")}-${e}-${t}`),[a,e,t]),g=Object(o.useCallback)((()=>{const n=Object(u.cloneDeep)(r);for(const i of a)("windows"===i||"mac"===i||"linux"===i)&&(n[i][e].mode=t),m&&("windows"===i||"mac"===i||"linux"===i)&&(t===M.f.prevent?n[i].popup[e].enabled=!0:n[i].popup[e].enabled=!1);i({isValid:!0,updatedPolicy:n})}),[m,i,a,r,e,t]);return s.a.createElement(l.EuiRadio,{label:n,id:y,checked:p===t,onChange:g,disabled:!f||p===M.f.off,"data-test-subj":d})}));ce.displayName="ProtectionRadio";const de=s.a.memo((({protection:e,protectionLabel:t,osList:a,additionalOnSwitchChange:n,onChange:i,policy:c,mode:d,"data-test-subj":m})=>{const f=Object(p.a)(m),y=Object(L.b)().isPlatinumPlus(),g="edit"===d,v=(c&&c.windows[e].mode)!==M.f.off,b=Object(o.useMemo)((()=>r.i18n.translate("xpack.securitySolution.endpoint.policy.details.protectionsEnabled",{defaultMessage:"{protectionLabel} {mode, select, true {enabled} false {disabled}}",values:{protectionLabel:t,mode:v}})),[t,v]),k=Object(o.useCallback)((t=>{const o=Object(u.cloneDeep)(c);if(!1===t.target.checked)for(const n of a)("windows"===n||"mac"===n||"linux"===n)&&(o[n][e].mode=M.f.off),y&&(("windows"===n||"mac"===n||"linux"===n)&&(o[n].popup[e].enabled=t.target.checked),"behavior_protection"===e&&(o.windows.behavior_protection.reputation_service=!1,o.mac.behavior_protection.reputation_service=!1,o.linux.behavior_protection.reputation_service=!1));else for(const n of a)("windows"===n||"mac"===n||"linux"===n)&&(o[n][e].mode=M.f.prevent),y&&("behavior_protection"===e&&(o.windows.behavior_protection.reputation_service=!0,o.mac.behavior_protection.reputation_service=!0,o.linux.behavior_protection.reputation_service=!0),("windows"===n||"mac"===n||"linux"===n)&&(o[n].popup[e].enabled=t.target.checked));i({isValid:!0,updatedPolicy:n?n({value:t.target.checked,policyConfigData:o,protectionOsList:a}):o})}),[c,i,n,a,y,e]);return g?s.a.createElement(l.EuiSwitch,{label:b,labelProps:{"data-test-subj":f("label")},checked:v,onChange:k,"data-test-subj":f()}):s.a.createElement("span",{"data-test-subj":f()},b)}));de.displayName="ProtectionSettingCardSwitch";const ue=r.i18n.translate("xpack.securitySolution.endpoint.policy.details.behavior",{defaultMessage:"Malicious Behavior"}),pe=[M.e.windows,M.e.mac,M.e.linux],me=Object(o.memo)((({policy:e,onChange:t,mode:a,"data-test-subj":n})=>{const i=Object(L.b)().isPlatinumPlus(),o=Object(p.a)(n),u=!Object(c.a)(),m="behavior_protection",f=r.i18n.translate("xpack.securitySolution.endpoint.policy.protections.behavior",{defaultMessage:"Malicious behavior protections"});return u?i?s.a.createElement(k,{type:r.i18n.translate("xpack.securitySolution.endpoint.policy.details.behavior_protection",{defaultMessage:"Malicious behavior"}),supportedOss:[d.c.WINDOWS,d.c.MAC,d.c.LINUX],dataTestSubj:o(),rightCorner:s.a.createElement(de,{policy:e,onChange:t,mode:a,protection:m,protectionLabel:f,osList:pe,"data-test-subj":o("enableDisableSwitch")})},s.a.createElement(re,{policy:e,onChange:t,mode:a,protection:m,osList:pe,"data-test-subj":o("protectionLevel")}),s.a.createElement(Y,{policy:e,onChange:t,mode:a,protection:m,"data-test-subj":o("reputationService")}),s.a.createElement(ie,{policy:e,onChange:t,mode:a,protection:m,osList:pe,"data-test-subj":o("notifyUser")}),s.a.createElement(l.EuiSpacer,{size:"m"}),s.a.createElement(X,{"data-test-subj":o("rulesCallout")})):s.a.createElement(R,{title:ue,"data-test-subj":o("locked")}):null}));me.displayName="BehaviourProtectionCard";const fe=r.i18n.translate("xpack.securitySolution.endpoint.policy.details.memory",{defaultMessage:"Memory Threat"}),ye=[M.e.windows,M.e.mac,M.e.linux],ge=Object(o.memo)((({policy:e,onChange:t,mode:a,"data-test-subj":n})=>{const i=Object(L.b)().isPlatinumPlus(),o=Object(p.a)(n),u=!Object(c.a)(),m="memory_protection",f=r.i18n.translate("xpack.securitySolution.endpoint.policy.protections.memory",{defaultMessage:"Memory threat protections"});return u?i?s.a.createElement(k,{type:r.i18n.translate("xpack.securitySolution.endpoint.policy.details.memory_protection",{defaultMessage:"Memory threat"}),supportedOss:[d.c.WINDOWS,d.c.MAC,d.c.LINUX],dataTestSubj:o(),rightCorner:s.a.createElement(de,{policy:e,onChange:t,mode:a,protection:m,protectionLabel:f,osList:ye,"data-test-subj":o("enableDisableSwitch")})},s.a.createElement(re,{policy:e,onChange:t,mode:a,protection:m,osList:ye,"data-test-subj":o("protectionLevel")}),s.a.createElement(ie,{policy:e,onChange:t,mode:a,protection:m,osList:ye,"data-test-subj":o("notifyUser")}),s.a.createElement(l.EuiSpacer,{size:"m"}),s.a.createElement(X,{"data-test-subj":o("rulesCallout")})):s.a.createElement(R,{title:fe,"data-test-subj":o("locked")}):null}));ge.displayName="MemoryProtectionCard";const ve=[M.e.windows],be=r.i18n.translate("xpack.securitySolution.endpoint.policy.details.ransomware",{defaultMessage:"Ransomware"}),ke=s.a.memo((({policy:e,onChange:t,mode:a,"data-test-subj":n})=>{const i=Object(L.b)().isPlatinumPlus(),o=!Object(c.a)(),u=Object(p.a)(n),m="ransomware",f=r.i18n.translate("xpack.securitySolution.endpoint.policy.protections.ransomware",{defaultMessage:"Ransomware protections"});return o?i?s.a.createElement(k,{type:r.i18n.translate("xpack.securitySolution.endpoint.policy.details.ransomware",{defaultMessage:"Ransomware"}),supportedOss:[d.c.WINDOWS],dataTestSubj:u(),rightCorner:s.a.createElement(de,{policy:e,onChange:t,mode:a,protection:m,protectionLabel:f,osList:ve,"data-test-subj":u("enableDisableSwitch")})},s.a.createElement(re,{protection:m,osList:ve,onChange:t,policy:e,mode:a,"data-test-subj":u("protectionLevel")}),s.a.createElement(ie,{policy:e,onChange:t,mode:a,protection:m,osList:ve,"data-test-subj":u("notifyUser")}),s.a.createElement(l.EuiSpacer,{size:"m"}),s.a.createElement(X,{"data-test-subj":u("rulesCallout")})):s.a.createElement(R,{title:be,"data-test-subj":u("locked")}):null}));ke.displayName="RansomwareProtectionCard";const we=r.i18n.translate("xpack.securitySolution.endpoint.policy.protections.blocklistEnabled",{defaultMessage:"Blocklist enabled"}),he=r.i18n.translate("xpack.securitySolution.endpoint.policy.protections.blocklistDisabled",{defaultMessage:"Blocklist disabled"}),_e=({value:e,policyConfigData:t,protectionOsList:a})=>{for(const n of a)t[n].malware.blocklist=e;return t},Ee=[M.e.windows,M.e.mac,M.e.linux],xe=s.a.memo((({policy:e,onChange:t,mode:a="edit","data-test-subj":n})=>{const i=Object(p.a)(n),o=!Object(c.a)(),u="malware",m=r.i18n.translate("xpack.securitySolution.endpoint.policy.protections.malware",{defaultMessage:"Malware protections"});return o?s.a.createElement(k,{type:r.i18n.translate("xpack.securitySolution.endpoint.policy.details.malware",{defaultMessage:"Malware"}),supportedOss:[d.c.WINDOWS,d.c.MAC,d.c.LINUX],dataTestSubj:i(),rightCorner:s.a.createElement(de,{protection:u,protectionLabel:m,osList:Ee,additionalOnSwitchChange:_e,policy:e,onChange:t,mode:a,"data-test-subj":i("enableDisableSwitch")})},s.a.createElement(re,{policy:e,onChange:t,mode:a,protection:u,osList:Ee,"data-test-subj":i("protectionLevel")}),s.a.createElement(l.EuiSpacer,{size:"m"}),s.a.createElement(Se,{policy:e,onChange:t,mode:a,"data-test-subj":i("blocklist")}),s.a.createElement(ie,{policy:e,onChange:t,mode:a,protection:u,osList:Ee,"data-test-subj":i("notifyUser")}),s.a.createElement(l.EuiSpacer,{size:"m"}),s.a.createElement(X,{"data-test-subj":i("rulesCallout")})):null}));xe.displayName="MalwareProtectionsCard";const Se=Object(o.memo)((({policy:e,onChange:t,mode:a,"data-test-subj":n})=>{const i=Object(p.a)(n),r=e.windows.malware.blocklist,c="off"===e.windows.malware.mode,d="edit"===a,f=r?we:he,y=Object(o.useCallback)((a=>{const n=a.target.checked,i=Object(u.cloneDeep)(e);_e({value:n,policyConfigData:i,protectionOsList:Ee}),t({isValid:!0,updatedPolicy:i})}),[t,e]);return s.a.createElement(l.EuiFlexGroup,{gutterSize:"xs","data-test-subj":i()},s.a.createElement(l.EuiFlexItem,{grow:!1},d?s.a.createElement(l.EuiSwitch,{label:f,checked:r,onChange:y,disabled:c,"data-test-subj":i("enableDisableSwitch")}):s.a.createElement(s.a.Fragment,null,f)),s.a.createElement(l.EuiFlexItem,{grow:!1},s.a.createElement(l.EuiIconTip,{position:"right",content:s.a.createElement(s.a.Fragment,null,s.a.createElement(m.FormattedMessage,{id:"xpack.securitySolution.endpoint.policyDetailsConfig.blocklistTooltip",defaultMessage:"Enables or disables the blocklist associated with this policy. The blocklist is a collection hashes, paths, or signers which extends the list of processes the endpoint considers malicious. See the blocklist tab for entry details."}))})))}));Se.displayName="EnableDisableBlocklist";const Me=[{key:"linux.advanced.agent.connection_delay",first_supported_version:"7.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.linux.advanced.agent.connection_delay",{defaultMessage:"How long to wait for agent connectivity before sending first policy reply, in seconds. Default: 60."})},{key:"linux.advanced.artifacts.global.base_url",first_supported_version:"7.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.linux.advanced.artifacts.global.base_url",{defaultMessage:"Base URL from which to download global artifact manifests. Default: https://artifacts.security.elastic.co."})},{key:"linux.advanced.artifacts.global.manifest_relative_url",first_supported_version:"7.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.linux.advanced.artifacts.global.manifest_relative_url",{defaultMessage:"Relative URL from which to download global artifact manifests. Default: /downloads/endpoint/manifest/artifacts-<version>.zip."})},{key:"linux.advanced.artifacts.global.public_key",first_supported_version:"7.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.linux.advanced.artifacts.global.public_key",{defaultMessage:"PEM-encoded public key used to verify the global artifact manifest signature."})},{key:"linux.advanced.artifacts.global.interval",first_supported_version:"7.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.linux.advanced.artifacts.global.interval",{defaultMessage:"Interval between global artifact manifest download attempts, in seconds. Default: 3600."})},{key:"linux.advanced.artifacts.user.public_key",first_supported_version:"7.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.linux.advanced.artifacts.user.public_key",{defaultMessage:"PEM-encoded public key used to verify the user artifact manifest signature."})},{key:"linux.advanced.elasticsearch.delay",first_supported_version:"7.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.linux.advanced.elasticsearch.delay",{defaultMessage:"Delay for sending events to Elasticsearch, in seconds. Default: 120."})},{key:"linux.advanced.elasticsearch.tls.verify_peer",first_supported_version:"7.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.linux.advanced.elasticsearch.tls.verify_peer",{defaultMessage:"Whether to verify the certificates presented by the peer. Default: true."})},{key:"linux.advanced.elasticsearch.tls.verify_hostname",first_supported_version:"7.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.linux.advanced.elasticsearch.tls.verify_hostname",{defaultMessage:"Whether to verify the hostname of the peer is what's in the certificate. Default: true."})},{key:"linux.advanced.elasticsearch.tls.ca_cert",first_supported_version:"7.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.linux.advanced.elasticsearch.tls.ca_cert",{defaultMessage:"PEM-encoded certificate for Elasticsearch certificate authority."})},{key:"linux.advanced.logging.file",first_supported_version:"7.11",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.linux.advanced.logging.file",{defaultMessage:"A supplied value will override the log level configured for logs that are saved to disk and streamed to Elasticsearch. It is recommended Fleet be used to change this logging in most circumstances. Allowed values are error, warning, info, debug, and trace."})},{key:"linux.advanced.logging.syslog",first_supported_version:"7.11",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.linux.advanced.logging.syslog",{defaultMessage:"A supplied value will configure logging to syslog. Allowed values are error, warning, info, debug, and trace."})},{key:"linux.advanced.tty_io.max_kilobytes_per_process",first_supported_version:"8.5",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.linux.advanced.tty_io.max_kilobytes_per_process",{defaultMessage:"The maximum kilobytes of terminal output to record for a single process. Default: 512"})},{key:"linux.advanced.tty_io.max_kilobytes_per_event",first_supported_version:"8.5",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.linux.advanced.tty_io.max_kilobytes_per_event",{defaultMessage:"The maximum kilobytes of terminal output to record in a single event. Default: 512"})},{key:"linux.advanced.capture_env_vars",first_supported_version:"8.6",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.linux.advanced.capture_env_vars",{defaultMessage:"The list of environment variables to capture (up to five), separated by commas."})},{key:"linux.advanced.tty_io.max_event_interval_seconds",first_supported_version:"8.5",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.linux.advanced.tty_io.max_event_interval_seconds",{defaultMessage:"The maximum amount of time (seconds) to batch terminal output in a single event. Default: 30"})},{key:"mac.advanced.agent.connection_delay",first_supported_version:"7.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.mac.advanced.agent.connection_delay",{defaultMessage:"How long to wait for agent connectivity before sending first policy reply, in seconds. Default: 60."})},{key:"mac.advanced.artifacts.global.base_url",first_supported_version:"7.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.mac.advanced.artifacts.global.base_url",{defaultMessage:"URL from which to download global artifact manifests."})},{key:"mac.advanced.artifacts.global.manifest_relative_url",first_supported_version:"7.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.mac.advanced.artifacts.global.manifest_relative_url",{defaultMessage:"Relative URL from which to download global artifact manifests. Default: /downloads/endpoint/manifest/artifacts-<version>.zip."})},{key:"mac.advanced.artifacts.global.public_key",first_supported_version:"7.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.mac.advanced.artifacts.global.public_key",{defaultMessage:"PEM-encoded public key used to verify the global artifact manifest signature."})},{key:"mac.advanced.artifacts.global.interval",first_supported_version:"7.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.mac.advanced.artifacts.global.interval",{defaultMessage:"Interval between global artifact manifest download attempts, in seconds. Default: 3600."})},{key:"mac.advanced.artifacts.user.public_key",first_supported_version:"7.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.mac.advanced.artifacts.user.public_key",{defaultMessage:"PEM-encoded public key used to verify the user artifact manifest signature."})},{key:"mac.advanced.elasticsearch.delay",first_supported_version:"7.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.mac.advanced.elasticsearch.delay",{defaultMessage:"Delay for sending events to Elasticsearch, in seconds. Default: 120."})},{key:"mac.advanced.elasticsearch.tls.verify_peer",first_supported_version:"7.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.mac.advanced.elasticsearch.tls.verify_peer",{defaultMessage:"Whether to verify the certificates presented by the peer. Default: true."})},{key:"mac.advanced.elasticsearch.tls.verify_hostname",first_supported_version:"7.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.mac.advanced.elasticsearch.tls.verify_hostname",{defaultMessage:"Whether to verify the hostname of the peer is what's in the certificate. Default: true."})},{key:"mac.advanced.elasticsearch.tls.ca_cert",first_supported_version:"7.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.mac.advanced.elasticsearch.tls.ca_cert",{defaultMessage:"PEM-encoded certificate for Elasticsearch certificate authority."})},{key:"mac.advanced.logging.file",first_supported_version:"7.11",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.mac.advanced.logging.file",{defaultMessage:"A supplied value will override the log level configured for logs that are saved to disk and streamed to Elasticsearch. It is recommended Fleet be used to change this logging in most circumstances. Allowed values are error, warning, info, debug, and trace."})},{key:"mac.advanced.logging.syslog",first_supported_version:"7.11",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.mac.advanced.logging.syslog",{defaultMessage:"A supplied value will configure logging to syslog. Allowed values are error, warning, info, debug, and trace."})},{key:"mac.advanced.malware.quarantine",first_supported_version:"7.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.mac.advanced.malware.quarantine",{defaultMessage:"Whether quarantine should be enabled when malware prevention is enabled. Default: true."})},{key:"mac.advanced.malware.threshold",first_supported_version:"7.11",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.mac.advanced.malware.threshold",{defaultMessage:"The threshold that should be used for evaluating malware. Allowed values are normal, conservative, and aggressive. Default: normal."})},{key:"mac.advanced.kernel.connect",first_supported_version:"7.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.mac.advanced.kernel.connect",{defaultMessage:"Whether to connect to the kernel driver. Default: true."})},{key:"mac.advanced.kernel.process",first_supported_version:"7.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.mac.advanced.kernel.process",{defaultMessage:"A value of 'false' overrides other config settings that would enable kernel process events. Default: true."})},{key:"mac.advanced.kernel.filewrite",first_supported_version:"7.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.mac.advanced.kernel.filewrite",{defaultMessage:"A value of 'false' overrides other config settings that would enable kernel file write events. Default: true."})},{key:"mac.advanced.kernel.network",first_supported_version:"7.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.mac.advanced.kernel.network",{defaultMessage:"A value of 'false' overrides other config settings that would enable kernel network events. Default: true."})},{key:"mac.advanced.harden.self_protect",first_supported_version:"7.11",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.mac.advanced.harden.self_protect",{defaultMessage:"Enables self-protection on macOS. Default: true."})},{key:"windows.advanced.agent.connection_delay",first_supported_version:"7.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.agent.connection_delay",{defaultMessage:"How long to wait for agent connectivity before sending first policy reply, in seconds. Default: 60."})},{key:"windows.advanced.artifacts.global.base_url",first_supported_version:"7.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.artifacts.global.base_url",{defaultMessage:"URL from which to download global artifact manifests."})},{key:"windows.advanced.artifacts.global.manifest_relative_url",first_supported_version:"7.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.artifacts.global.manifest_relative_url",{defaultMessage:"Relative URL from which to download global artifact manifests. Default: /downloads/endpoint/manifest/artifacts-<version>.zip."})},{key:"windows.advanced.artifacts.global.public_key",first_supported_version:"7.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.artifacts.global.public_key",{defaultMessage:"PEM-encoded public key used to verify the global artifact manifest signature."})},{key:"windows.advanced.artifacts.global.interval",first_supported_version:"7.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.artifacts.global.interval",{defaultMessage:"Interval between global artifact manifest download attempts, in seconds. Default: 3600."})},{key:"windows.advanced.artifacts.user.public_key",first_supported_version:"7.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.artifacts.user.public_key",{defaultMessage:"PEM-encoded public key used to verify the user artifact manifest signature."})},{key:"windows.advanced.elasticsearch.delay",first_supported_version:"7.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.elasticsearch.delay",{defaultMessage:"Delay for sending events to Elasticsearch, in seconds. Default: 120."})},{key:"windows.advanced.elasticsearch.tls.verify_peer",first_supported_version:"7.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.elasticsearch.tls.verify_peer",{defaultMessage:"Whether to verify the certificates presented by the peer. Default: true."})},{key:"windows.advanced.elasticsearch.tls.verify_hostname",first_supported_version:"7.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.elasticsearch.tls.verify_hostname",{defaultMessage:"Whether to verify the hostname of the peer is what's in the certificate. Default: true."})},{key:"windows.advanced.elasticsearch.tls.ca_cert",first_supported_version:"7.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.elasticsearch.tls.ca_cert",{defaultMessage:"PEM-encoded certificate for Elasticsearch certificate authority."})},{key:"windows.advanced.logging.file",first_supported_version:"7.11",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.logging.file",{defaultMessage:"A supplied value will override the log level configured for logs that are saved to disk and streamed to Elasticsearch. It is recommended Fleet be used to change this logging in most circumstances. Allowed values are error, warning, info, debug, and trace."})},{key:"windows.advanced.logging.debugview",first_supported_version:"7.11",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.logging.debugview",{defaultMessage:"A supplied value will configure logging to Debugview (a Sysinternals tool). Allowed values are error, warning, info, debug, and trace."})},{key:"windows.advanced.malware.quarantine",first_supported_version:"7.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.malware.quarantine",{defaultMessage:"Whether quarantine should be enabled when malware prevention is enabled. Default: true."})},{key:"windows.advanced.malware.threshold",first_supported_version:"7.11",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.malware.threshold",{defaultMessage:"The threshold that should be used for evaluating malware. Allowed values are normal, conservative, and aggressive. Default: normal."})},{key:"windows.advanced.kernel.connect",first_supported_version:"7.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.kernel.connect",{defaultMessage:"Whether to connect to the kernel driver. Default: true."})},{key:"windows.advanced.kernel.process",first_supported_version:"7.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.kernel.process",{defaultMessage:"A value of 'false' overrides other config settings that would enable kernel process events. Default: true."})},{key:"windows.advanced.kernel.filewrite",first_supported_version:"7.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.kernel.filewrite",{defaultMessage:"A value of 'false' overrides other config settings that would enable kernel file write events. Default: true."})},{key:"windows.advanced.kernel.network",first_supported_version:"7.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.kernel.network",{defaultMessage:"A value of 'false' overrides other config settings that would enable kernel network events. Default: true."})},{key:"windows.advanced.kernel.fileopen",first_supported_version:"7.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.kernel.fileopen",{defaultMessage:"A value of 'false' overrides other config settings that would enable kernel file open events. Default: true."})},{key:"windows.advanced.kernel.asyncimageload",first_supported_version:"7.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.kernel.asyncimageload",{defaultMessage:"A value of 'false' overrides other config settings that would enable kernel async image load events. Default: true."})},{key:"windows.advanced.kernel.syncimageload",first_supported_version:"7.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.kernel.syncimageload",{defaultMessage:"A value of 'false' overrides other config settings that would enable kernel sync image load events. Default: true."})},{key:"windows.advanced.kernel.registry",first_supported_version:"7.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.kernel.registry",{defaultMessage:"A value of 'false' overrides other config settings that would enable kernel registry events. Default: true."})},{key:"windows.advanced.kernel.fileaccess",first_supported_version:"7.15",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.kernel.fileaccess",{defaultMessage:"Report limited file access (read) events. Paths are not user-configurable. Default value is true."})},{key:"windows.advanced.kernel.registryaccess",first_supported_version:"7.15",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.kernel.registryaccess",{defaultMessage:"Report limited registry access (queryvalue, savekey) events. Paths are not user-configurable. Default value is true."})},{key:"windows.advanced.diagnostic.enabled",first_supported_version:"7.11",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.diagnostic.enabled",{defaultMessage:"A value of 'false' disables running diagnostic features on Endpoint. Default: true."})},{key:"linux.advanced.diagnostic.enabled",first_supported_version:"7.12",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.linux.advanced.diagnostic.enabled",{defaultMessage:"A value of 'false' disables running diagnostic features on Endpoint. Default: true."})},{key:"mac.advanced.diagnostic.enabled",first_supported_version:"7.12",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.mac.advanced.diagnostic.enabled",{defaultMessage:"A value of 'false' disables running diagnostic features on Endpoint. Default: true."})},{key:"windows.advanced.alerts.cloud_lookup",first_supported_version:"7.12",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.alerts.cloud_lookup",{defaultMessage:"A value of 'false' disables cloud lookup for Windows alerts. Default: true."})},{key:"mac.advanced.alerts.cloud_lookup",first_supported_version:"7.12",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.mac.advanced.alerts.cloud_lookup",{defaultMessage:"A value of 'false' disables cloud lookup for Mac alerts. Default: true."})},{key:"windows.advanced.ransomware.mbr",first_supported_version:"7.12",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.ransomware.mbr",{defaultMessage:"A value of 'false' disables Ransomware MBR protection. Default: true."})},{key:"windows.advanced.ransomware.canary",first_supported_version:"7.14",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.ransomware.canary",{defaultMessage:"A value of 'false' disables Ransomware canary protection. Default: true."})},{key:"windows.advanced.memory_protection.shellcode",first_supported_version:"7.15",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.memory_protection.shellcode",{defaultMessage:"Enable shellcode injection detection as a part of memory protection. Default: true."})},{key:"windows.advanced.memory_protection.memory_scan",first_supported_version:"7.15",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.memory_protection.memory_scan",{defaultMessage:"Enable scanning for malicious memory regions as a part of memory protection. Default: true."})},{key:"linux.advanced.malware.quarantine",first_supported_version:"7.14",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.linux.advanced.malware.quarantine",{defaultMessage:"Whether quarantine should be enabled when malware prevention is enabled. Default: true."})},{key:"windows.advanced.memory_protection.shellcode_collect_sample",first_supported_version:"7.15",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.memory_protection.shellcode_collect_sample",{defaultMessage:"Collect 4MB of memory surrounding detected shellcode regions. Default: false. Enabling this value may significantly increase the amount of data stored in Elasticsearch."})},{key:"windows.advanced.memory_protection.memory_scan_collect_sample",first_supported_version:"7.15",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.memory_protection.memory_scan_collect_sample",{defaultMessage:"Collect 4MB of memory surrounding detected malicious memory regions. Default: false. Enabling this value may significantly increase the amount of data stored in Elasticsearch."})},{key:"windows.advanced.memory_protection.shellcode_enhanced_pe_parsing",first_supported_version:"7.15",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.memory_protection.shellcode_enhanced_pe_parsing",{defaultMessage:"Attempt to identify and extract PE metadata from injected shellcode, including Authenticode signatures and version resource information. Default: true."})},{key:"mac.advanced.memory_protection.memory_scan_collect_sample",first_supported_version:"7.16",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.mac.advanced.memory_protection.memory_scan_collect_sample",{defaultMessage:"Collect 4MB of memory surrounding detected malicious memory regions. Default: false. Enabling this value may significantly increase the amount of data stored in Elasticsearch."})},{key:"mac.advanced.memory_protection.memory_scan",first_supported_version:"7.16",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.mac.advanced.memory_protection.memory_scan",{defaultMessage:"Enable scanning for malicious memory regions as a part of memory protection. Default: true."})},{key:"linux.advanced.memory_protection.memory_scan_collect_sample",first_supported_version:"7.16",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.linux.advanced.memory_protection.memory_scan_collect_sample",{defaultMessage:"Collect 4MB of memory surrounding detected malicious memory regions. Default: false. Enabling this value may significantly increase the amount of data stored in Elasticsearch."})},{key:"linux.advanced.memory_protection.memory_scan",first_supported_version:"7.16",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.linux.advanced.memory_protection.memory_scan",{defaultMessage:"Enable scanning for malicious memory regions as a part of memory protection. Default: true."})},{key:"linux.advanced.artifacts.user.ca_cert",first_supported_version:"7.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.linux.advanced.artifacts.user.ca_cert",{defaultMessage:"PEM-encoded certificate for Fleet Server certificate authority."})},{key:"windows.advanced.artifacts.user.ca_cert",first_supported_version:"7.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.artifacts.user.ca_cert",{defaultMessage:"PEM-encoded certificate for Fleet Server certificate authority."})},{key:"mac.advanced.artifacts.user.ca_cert",first_supported_version:"7.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.mac.advanced.artifacts.user.ca_cert",{defaultMessage:"PEM-encoded certificate for Fleet Server certificate authority."})},{key:"windows.advanced.events.etw",first_supported_version:"8.1",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.events.etw",{defaultMessage:"Enable collection of ETW events. Default: true"})},{key:"windows.advanced.diagnostic.rollback_telemetry_enabled",first_supported_version:"8.1",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.diagnostic.rollback_telemetry_enabled",{defaultMessage:"Enable diagnostic rollback telemetry. Default: true"})},{key:"mac.advanced.kernel.network_extension.enable_content_filtering",first_supported_version:"8.1",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.mac.advanced.kernel.network_extension.enable_content_filtering",{defaultMessage:"Enable or disable the network content filter, this will enable/disable network eventing. Host isolation will fail if this option is disabled. Default: true"})},{key:"mac.advanced.kernel.network_extension.enable_packet_filtering",first_supported_version:"8.1",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.mac.advanced.kernel.network_extension.enable_packet_filtering",{defaultMessage:"Enable or disable the network packet filter. Host isolation will fail if this option is disabled. Default: true"})},{key:"windows.advanced.memory_protection.shellcode_trampoline_detection",first_supported_version:"8.1",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.memory_protection.shellcode_trampoline_detection",{defaultMessage:"Enable trampoline-based shellcode injection detection as a part of memory protection. Default: true"})},{key:"linux.advanced.kernel.capture_mode",first_supported_version:"8.2",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.linux.advanced.kernel.capture_mode",{defaultMessage:"Allows users to control whether kprobes or ebpf are used to gather data. Options are kprobe, ebpf, or auto. Auto uses ebpf if possible, otherwise uses kprobe. Default: auto"})},{key:"linux.advanced.event_filter.default",first_supported_version:"8.3",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.linux.advanced.event_filter.default",{defaultMessage:"Download default event filter rules from Elastic.  Default: true"})},{key:"mac.advanced.event_filter.default",first_supported_version:"8.3",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.mac.advanced.event_filter.default",{defaultMessage:"Download default event filter rules from Elastic.  Default: true"})},{key:"windows.advanced.event_filter.default",first_supported_version:"8.3",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.event_filter.default",{defaultMessage:"Download default event filter rules from Elastic.  Default: true"})},{key:"windows.advanced.utilization_limits.cpu",first_supported_version:"8.3",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.utilization_limits.cpu",{defaultMessage:"The percentage of the aggregate system CPU to restrict Endpoint to. The range is 20-100%. Anything under 20 gets ignored and causes a policy warning.  Default: 100"})},{key:"linux.advanced.utilization_limits.cpu",first_supported_version:"8.3",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.linux.advanced.utilization_limits.cpu",{defaultMessage:"The percentage of the aggregate system CPU to restrict Endpoint to. The range is 20-100%. Anything under 20 gets ignored and causes a policy warning.  Default: 50"})},{key:"windows.advanced.alerts.rollback.self_healing.enabled",first_supported_version:"8.4",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.alerts.rollback.self_healing.enabled",{defaultMessage:"Self-healing erases attack artifacts when prevention alerts are triggered. Warning: data loss can occur. Default: false"}),license:"platinum"},{key:"linux.advanced.fanotify.ignore_unknown_filesystems",first_supported_version:"8.4",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.linux.advanced.fanotify.ignore_unknown_filesystems",{defaultMessage:'Whether fanotify should ignore unknown filesystems. When true, only CI tested filesystems will be marked by default; additional filesystems can be added or removed with "monitored_filesystems" and "ignored_filesystems", respectively. When false, only an internally curated list of filesystems will be ignored, all others will be marked; additional filesystems can be ignored via "ignored_filesystems". "monitored_filesystems" is ignored when "ignore_unknown_filesystems" is false. Default: true'})},{key:"linux.advanced.fanotify.monitored_filesystems",first_supported_version:"8.4",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.linux.advanced.fanotify.monitored_filesystems",{defaultMessage:'Additional filesystems for fanotify to monitor. The format is a comma separated list of filesystem names as they appear in "/proc/filesystems", e.g. "jfs,ufs,ramfs". It is recommended to avoid network-backed filesystems. When "ignore_unknown_filesystems" is false, this option is ignored. When "ignore_unknown_filesystems" is true, parsed entries of this option are monitored by fanotify unless overridden by entries in "ignored_filesystems" or internally known bad filesystems.'})},{key:"linux.advanced.fanotify.ignored_filesystems",first_supported_version:"8.4",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.linux.advanced.fanotify.ignored_filesystems",{defaultMessage:'Additional filesystems for fanotify to ignore. The format is a comma separated list of filesystem names as they appear in "/proc/filesystems", e.g. "ext4,tmpfs". When "ignore_unknown_filesystems" is false, parsed entries of this option supplement internally known bad filesystems to be ignored. When "ignore_unknown_filesystems" is true, parsed entries of this option override entries in "monitored_filesystems" and internally CI tested filesystems.'})},{key:"windows.advanced.memory_protection.context_manipulation_detection",first_supported_version:"8.4",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.memory_protection.context_manipulation_detection",{defaultMessage:"Detect injection based on thread context manipulation (e.g. `SetThreadContext`) as a part of memory protection. Default: true"})},{key:"windows.advanced.kernel.image_and_process_file_timestamp",first_supported_version:"8.4",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.kernel.image_and_process_file_timestamp",{defaultMessage:"Collect executable/dll timestamps for process and async image load events. Default: true"})},{key:"linux.advanced.host_isolation.allowed",first_supported_version:"8.6.1",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.linux.advanced.host_isolation.allowed",{defaultMessage:"A value of false disallows host isolation activity on Linux endpoints, regardless of whether host isolation is supported. Note that if a host is currently not isolated, it will refuse to isolate, and likewise, a host will refuse to release if it is currently isolated. A value of true will allow Linux endpoints to isolate if supported. Default: true"})},{key:"mac.advanced.capture_env_vars",first_supported_version:"8.7",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.mac.advanced.capture_env_vars",{defaultMessage:"The list of environment variables to capture (up to five), separated by commas."})},{key:"linux.advanced.events.disable_fd_kprobes",first_supported_version:"8.8",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.linux.advanced.events.disable_fd_kprobes",{defaultMessage:"When only process events are being collected, this option will disable file descriptor tracking probes. This can be used to reduce Endpoint processing at the expense of missing fchdir based working directory changes. This only applies if the capture_mode is kprobe or if auto resolves tracefs (kprobe) probes. ebpf based event collection ignores this setting. Default is false."})},{key:"windows.advanced.events.callstacks.emit_in_events",first_supported_version:"8.8",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.events.callstacks.emit_in_events",{defaultMessage:"If set, callstacks will be included in regular events where they are collected. Otherwise, they are only included in events that trigger behavioral protection rules. Note that setting this may significantly increase data volumes. Default: false"})},{key:"windows.advanced.events.callstacks.process",first_supported_version:"8.8",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.events.callstacks.process",{defaultMessage:"Collect callstacks during process events?  Default: true"})},{key:"windows.advanced.events.callstacks.image_load",first_supported_version:"8.8",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.events.callstacks.image_load",{defaultMessage:"Collect callstacks during image/library load events?  Default: true"})},{key:"windows.advanced.events.callstacks.file",first_supported_version:"8.8",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.events.callstacks.file",{defaultMessage:"Collect callstacks during file events?  Default: true"})},{key:"windows.advanced.events.callstacks.registry",first_supported_version:"8.8",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.events.callstacks.registry",{defaultMessage:"Collect callstacks during registry events?  Default: true"})},{key:"windows.advanced.artifacts.global.proxy_url",first_supported_version:"8.8",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.artifacts.global.proxy_url",{defaultMessage:"Proxy server to use when downloading global artifact manifests. Default: none"})},{key:"windows.advanced.artifacts.global.proxy_disable",first_supported_version:"8.8",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.artifacts.global.proxy_disable",{defaultMessage:"If the proxy setting should be used when downloading global artifact manifests. Default: false"})},{key:"windows.advanced.artifacts.user.proxy_url",first_supported_version:"8.8",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.artifacts.user.proxy_url",{defaultMessage:"Proxy server to use when downloading user artifact manifests. Default: none"})},{key:"windows.advanced.artifacts.user.proxy_disable",first_supported_version:"8.8",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.artifacts.user.proxy_disable",{defaultMessage:"If the proxy setting should be used when downloading user artifact manifests. Default: false"})},{key:"mac.advanced.artifacts.global.proxy_url",first_supported_version:"8.8",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.mac.advanced.artifacts.global.proxy_url",{defaultMessage:"Proxy server to use when downloading global artifact manifests. Default: none"})},{key:"mac.advanced.artifacts.global.proxy_disable",first_supported_version:"8.8",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.mac.advanced.artifacts.global.proxy_disable",{defaultMessage:"If the proxy setting should be used when downloading global artifact manifests. Default: false"})},{key:"mac.advanced.artifacts.user.proxy_url",first_supported_version:"8.8",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.mac.advanced.artifacts.user.proxy_url",{defaultMessage:"Proxy server to use when downloading user artifact manifests. Default: none"})},{key:"mac.advanced.artifacts.user.proxy_disable",first_supported_version:"8.8",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.mac.advanced.artifacts.user.proxy_disable",{defaultMessage:"If the proxy setting should be used when downloading user artifact manifests. Default: false"})},{key:"linux.advanced.artifacts.global.proxy_url",first_supported_version:"8.8",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.linux.advanced.artifacts.global.proxy_url",{defaultMessage:"Proxy server to use when downloading global artifact manifests. Default: none"})},{key:"linux.advanced.artifacts.global.proxy_disable",first_supported_version:"8.8",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.linux.advanced.artifacts.global.proxy_disable",{defaultMessage:"If the proxy setting should be used when downloading global artifact manifests. Default: false"})},{key:"linux.advanced.artifacts.user.proxy_url",first_supported_version:"8.8",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.linux.advanced.artifacts.user.proxy_url",{defaultMessage:"Proxy server to use when downloading user artifact manifests. Default: none"})},{key:"linux.advanced.artifacts.user.proxy_disable",first_supported_version:"8.8",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.linux.advanced.artifacts.user.proxy_disable",{defaultMessage:"If the proxy setting should be used when downloading user artifact manifests. Default: false"})},{key:"windows.advanced.events.api",first_supported_version:"8.8",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.events.api",{defaultMessage:"Controls whether API events are enabled. Set to false to disable API event collection. Default: true"})},{key:"windows.advanced.alerts.rollback.self_healing.registry_enabled",first_supported_version:"8.8",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.alerts.rollback.self_healing.registry_enabled",{defaultMessage:"Enables self-healing of registry based malware artifacts. Requires rollback.self_healing.enabled to also be enabled. Default: true"})},{key:"windows.advanced.events.callstacks.include_network_images",first_supported_version:"8.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.events.callstacks.include_network_images",{defaultMessage:"Should executables and DLLs on network shares be parsed for call stack symbols?  This may cause Endpoint to hang on some networks. Default: true"})},{key:"windows.advanced.kernel.ppl.harden_images",first_supported_version:"8.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.kernel.ppl.harden_images",{defaultMessage:"Mitigate attacks like PPLFault by preventing Protected Process Light (PPL) processes from loading DLLs over the network. Default: true"})},{key:"windows.advanced.kernel.ppl.harden_am_images",first_supported_version:"8.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.kernel.ppl.harden_am_images",{defaultMessage:'Apply the windows.advanced.kernel.ppl.harden_images mitigation to Anti-Malware PPL as well. Disable this if third-party Anti-Malware is blocked from loading DLLs over the network. If this happens, there will be Event ID 8 events in the "Microsoft-Windows-Security-Mitigations/Kernel Mode" event log. Default: true'})},{key:"windows.advanced.malware.networkshare",first_supported_version:"8.9",documentation:r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.windows.advanced.malware.networkshare",{defaultMessage:"Controls whether malware protection is applied to network drives. Default: true"})}],je=r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.calloutTitle",{defaultMessage:"Proceed with caution!"}),Ce=r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.warningMessage",{defaultMessage:"This section contains policy values that support advanced use cases. If not configured\n    properly, these values can cause unpredictable behavior. Please consult documentation\n    carefully or contact support before editing these values."}),Oe=r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.hide",{defaultMessage:"Hide"}),De=r.i18n.translate("xpack.securitySolution.endpoint.policy.advanced.show",{defaultMessage:"Show"}),Ie=Object(o.memo)((({policy:e,mode:t,onChange:a,"data-test-subj":n})=>{const i=Object(p.a)(n),[r,c]=Object(o.useState)(!1),d=Object(L.b)().isPlatinumPlus(),f="edit"===t,y=Object(o.useCallback)((()=>{c((e=>!e))}),[]),g=Object(o.useCallback)((t=>{const n=Object(u.cloneDeep)(e);!function(e,t,a){let n=e;for(let e=0;e<a.length-1;e++)n[a[e]]||(n[a[e]]={}),n=n[a[e]];if(n[a[a.length-1]]=t,""===t||void 0===t){n=e;for(let t=a.length;t>=0;t--){const i=a.slice(0,t);for(let e=0;e<i.length-1;e++)n=n[i[e]];if(void 0!==n[i[i.length-1]]&&""!==n[i[i.length-1]]&&0!==Object.keys(n[i[i.length-1]]).length)break;"advanced"===i[i.length-1]?n[i[i.length-1]]=void 0:delete n[i[i.length-1]],n=e}}}(n,t.target.value,t.target.name.split(".")),a({isValid:!0,updatedPolicy:n})}),[a,e]);return s.a.createElement("div",{"data-test-subj":i()},s.a.createElement(l.EuiButtonEmpty,{"data-test-subj":i("showButton"),onClick:y},s.a.createElement(m.FormattedMessage,{id:"xpack.securitySolution.endpoint.policy.advanced.showHideButtonLabel",defaultMessage:"{action} advanced settings",values:{action:r?Oe:De}})),s.a.createElement(l.EuiSpacer,{size:"l"}),r&&s.a.createElement("div",null,f&&s.a.createElement(s.a.Fragment,null,s.a.createElement(l.EuiCallOut,{title:je,color:"warning",iconType:"warning","data-test-subj":i("warning")},s.a.createElement("p",null,Ce)),s.a.createElement(l.EuiSpacer,null)),s.a.createElement(l.EuiText,{size:"xs",color:"subdued"},s.a.createElement("h4",null,s.a.createElement(m.FormattedMessage,{id:"xpack.securitySolution.endpoint.policy.advanced",defaultMessage:"Advanced settings"}))),s.a.createElement(l.EuiPanel,{"data-test-subj":i("settings"),paddingSize:"s"},Me.map((({key:t,documentation:a,first_supported_version:n,last_supported_version:o,license:r},c)=>{if(!d&&"platinum"===r)return s.a.createElement(s.a.Fragment,{key:t});const u=t.split("."),p=function(e,t){let a=e;for(let e=0;e<t.length-1;e++){if(!a[t[e]])return"";a=a[t[e]]}return a[t[t.length-1]]}(e,u);return s.a.createElement(l.EuiFormRow,{key:t,fullWidth:!0,"data-test-subj":i(`${t}-container`),label:s.a.createElement(l.EuiFlexGroup,{responsive:!1},s.a.createElement(l.EuiFlexItem,{grow:!0,"data-test-subj":i(`${t}-label`)},t),a&&s.a.createElement(l.EuiFlexItem,{grow:!1},s.a.createElement(l.EuiIconTip,{content:a,position:"right",anchorProps:{"data-test-subj":i(`${t}-tooltipIcon`)}}))),labelAppend:s.a.createElement(l.EuiText,{size:"xs","data-test-subj":i(`${t}-versionInfo`)},o?`${n}-${o}`:`${n}+`)},f?s.a.createElement(l.EuiFieldText,{"data-test-subj":t,fullWidth:!0,name:t,value:p,onChange:g}):s.a.createElement(l.EuiText,{size:"xs","data-test-subj":i(`${t}-viewValue`)},p||Object(S.e)()))})))))}));Ie.displayName="AdvancedSection";const Pe=r.i18n.translate("xpack.securitySolution.endpoint.policy.details.protections",{defaultMessage:"Protections"}),Fe=r.i18n.translate("xpack.securitySolution.endpoint.policy.details.settings",{defaultMessage:"Settings"}),Ae=Object(o.memo)((e=>{const t=Object(p.a)(e["data-test-subj"]),a=Object(c.a)();return s.a.createElement("div",{"data-test-subj":t()},s.a.createElement(Te,null,Pe),s.a.createElement(l.EuiSpacer,{size:"s"}),a&&s.a.createElement(s.a.Fragment,null,s.a.createElement(l.EuiSpacer,{size:"m"}),s.a.createElement(a,null),s.a.createElement(l.EuiSpacer,{size:"l"})),!a&&s.a.createElement(s.a.Fragment,null,s.a.createElement(xe,i()({},e,{"data-test-subj":t("malware")})),s.a.createElement(l.EuiSpacer,{size:"l"}),s.a.createElement(ke,i()({},e,{"data-test-subj":t("ransomware")})),s.a.createElement(l.EuiSpacer,{size:"l"}),s.a.createElement(ge,i()({},e,{"data-test-subj":t("memory")})),s.a.createElement(l.EuiSpacer,{size:"l"}),s.a.createElement(me,i()({},e,{"data-test-subj":t("behaviour")})),s.a.createElement(l.EuiSpacer,{size:"l"}),s.a.createElement(G,i()({},e,{"data-test-subj":t("attackSurface")})),s.a.createElement(l.EuiSpacer,{size:"l"})),s.a.createElement(Te,null,Fe),s.a.createElement(l.EuiSpacer,{size:"s"}),s.a.createElement(N,i()({},e,{"data-test-subj":t("windowsEvents")})),s.a.createElement(l.EuiSpacer,{size:"l"}),s.a.createElement(A,i()({},e,{"data-test-subj":t("macEvents")})),s.a.createElement(l.EuiSpacer,{size:"l"}),s.a.createElement(P,i()({},e,{"data-test-subj":t("linuxEvents")})),s.a.createElement(l.EuiSpacer,{size:"l"}),s.a.createElement(x,i()({},e,{"data-test-subj":t("antivirusRegistration")})),s.a.createElement(l.EuiSpacer,{size:"m"}),s.a.createElement(Ie,i()({},e,{"data-test-subj":t("advancedSection")})))}));Ae.displayName="PolicySettingsForm";const Te=Object(o.memo)((({children:e})=>s.a.createElement(l.EuiText,{size:"xs",color:"subdued"},s.a.createElement("h4",null,e))));Te.displayName="FormSectionTitle"},1668:function(e,t,a){"use strict";a.r(t),a.d(t,"EndpointPolicyEditExtension",(function(){return $}));var n=a(2),i=a.n(n),o=a(40),s=a(44),l=a(8),r=a(126),c=a(5);const d={artifactsSummaryApiError:e=>c.i18n.translate("xpack.securitySolution.endpoint.fleetIntegrationCard.blocklistsSummary.error",{defaultMessage:'There was an error trying to fetch blocklist stats: "{error}"',values:{error:e}}),cardTitle:i.a.createElement(s.FormattedMessage,{id:"xpack.securitySolution.endpoint.blocklist.fleetIntegration.title",defaultMessage:"Blocklist"}),linkLabel:i.a.createElement(s.FormattedMessage,{id:"xpack.securitySolution.endpoint.fleetIntegrationCard.blocklistsManageLabel",defaultMessage:"Manage blocklist"})},u={artifactsSummaryApiError:e=>c.i18n.translate("xpack.securitySolution.endpoint.fleetIntegrationCard.hostIsolationExceptionsSummary.error",{defaultMessage:'There was an error trying to fetch host isolation exceptions stats: "{error}"',values:{error:e}}),cardTitle:i.a.createElement(s.FormattedMessage,{id:"xpack.securitySolution.endpoint.hostIsolationExceptions.fleetIntegration.title",defaultMessage:"Host isolation exceptions"}),linkLabel:i.a.createElement(s.FormattedMessage,{id:"xpack.securitySolution.endpoint.fleetIntegrationCard.hostIsolationExceptionsManageLabel",defaultMessage:"Manage host isolation exceptions"})},p={artifactsSummaryApiError:e=>c.i18n.translate("xpack.securitySolution.endpoint.fleetIntegrationCard.eventFiltersSummary.error",{defaultMessage:'There was an error trying to fetch event filters stats: "{error}"',values:{error:e}}),cardTitle:i.a.createElement(s.FormattedMessage,{id:"xpack.securitySolution.endpoint.eventFilters.fleetIntegration.title",defaultMessage:"Event filters"}),linkLabel:i.a.createElement(s.FormattedMessage,{id:"xpack.securitySolution.endpoint.fleetIntegrationCard.eventFiltersManageLabel",defaultMessage:"Manage event filters"})},m={artifactsSummaryApiError:e=>c.i18n.translate("xpack.securitySolution.endpoint.fleetIntegrationCard.trustedAppsSummary.error",{defaultMessage:'There was an error trying to fetch trusted apps stats: "{error}"',values:{error:e}}),cardTitle:i.a.createElement(s.FormattedMessage,{id:"xpack.securitySolution.endpoint.trustedApps.fleetIntegration.title",defaultMessage:"Trusted applications"}),linkLabel:i.a.createElement(s.FormattedMessage,{id:"xpack.securitySolution.endpoint.fleetIntegrationCard.trustedAppsManageLabel",defaultMessage:"Manage trusted applications"})};var f=a(1487),y=a(1392),g=a(1120),v=a(574),b=a(1485),k=a(245),w=a(1119),h=a(65),_=a(81),E=a(102),x=a(1488),S=a(1489),M=a(1490),j=a(381),C=a(107);const O={artifactsSummaryApiError:e=>c.i18n.translate("xpack.securitySolution.endpoint.fleetIntegrationCard.artifactsSummary.error",{defaultMessage:'There was an error trying to fetch artifacts stats: "{error}"',values:{error:e}}),cardTitle:i.a.createElement(s.FormattedMessage,{id:"xpack.securitySolution.endpoint.fleetIntegrationCard.title",defaultMessage:"Artifacts"}),linkLabel:i.a.createElement(s.FormattedMessage,{id:"xpack.securitySolution.endpoint.fleetIntegrationCard.artifactsManageLabel",defaultMessage:"Manage artifacts"})},D=Object(n.memo)((({policyId:e,artifactApiClientInstance:t,getArtifactsPath:a,searchableFields:s,labels:l=O,privileges:r=!0,"data-test-subj":d})=>{const u=Object(E.n)(),{getAppUrl:p}=Object(E.c)(),m=a(e),f=Object(C.a)(d),{data:y}=Object(j.f)(t,{policies:[e,"all"]},s,{onError:e=>{u.addDanger(l.artifactsSummaryApiError(e.message))}}),g=Object(n.useMemo)((()=>{const t=`#${_.pagePathGetters.integration_policy_edit({packagePolicyId:e})[1]}`;return{backLink:{label:c.i18n.translate("xpack.securitySolution.endpoint.fleetIntegrationCard.artifacts.backButtonLabel",{defaultMessage:"Back to Fleet integration policy"}),navigateTo:[h.INTEGRATIONS_PLUGIN_ID,{path:t}],href:p({appId:h.INTEGRATIONS_PLUGIN_ID,path:t})}}}),[p,e]),v=Object(n.useMemo)((()=>i.a.createElement(S.a,{href:p({path:m}),appPath:m,appState:g,"data-test-subj":f("link-to-exceptions"),size:"m"},l.linkLabel)),[p,f,l.linkLabel,m,g]);return void 0===y&&!r||0===(null==y?void 0:y.total)&&!r?null:i.a.createElement(o.EuiPanel,{hasShadow:!1,paddingSize:"l",hasBorder:!0,"data-test-subj":f("fleet-integration-card")},i.a.createElement(o.EuiFlexGroup,{alignItems:"baseline",justifyContent:"flexStart",gutterSize:"s",direction:"row",responsive:!1},i.a.createElement(o.EuiFlexItem,{grow:!1},i.a.createElement(o.EuiText,null,i.a.createElement("h5",null,l.cardTitle))),i.a.createElement(o.EuiFlexItem,{grow:!1},i.a.createElement(x.a,{stats:y,isSmall:!0})),i.a.createElement(M.c,{grow:1},v)))}));D.displayName="FleetIntegrationArtifactsCard";var I=a(575),P=a(937),F=a(1381);const A=Object(n.memo)((({policyId:e})=>{const t=Object(E.i)(),a=Object(n.useMemo)((()=>b.a.getInstance(t)),[t]),{canReadPolicyManagement:o}=Object(r.a)().endpointPrivileges,s=Object(n.useCallback)((()=>o?Object(k.n)(e):Object(k.o)({includedPolicies:`${e},global`})),[o,e]);return i.a.createElement(D,{policyId:e,artifactApiClientInstance:a,getArtifactsPath:s,searchableFields:w.a,labels:m,"data-test-subj":"trustedApps"})}));A.displayName="TrustedAppsPolicyCard";const T=Object(n.memo)((({policyId:e})=>{const t=Object(E.i)(),a=Object(n.useMemo)((()=>v.a.getInstance(t)),[t]),{canReadPolicyManagement:o}=Object(r.a)().endpointPrivileges,s=Object(n.useCallback)((()=>o?Object(k.l)(e):Object(k.f)({includedPolicies:`${e},global`})),[o,e]);return i.a.createElement(D,{policyId:e,artifactApiClientInstance:a,getArtifactsPath:s,searchableFields:I.d,labels:p,"data-test-subj":"eventFilters"})}));T.displayName="EventFiltersPolicyCard";const N=Object(n.memo)((({policyId:e})=>{const t=Object(E.i)(),a=Object(n.useMemo)((()=>g.a.getInstance(t)),[t]),{canReadPolicyManagement:o}=Object(r.a)().endpointPrivileges,s=Object(n.useCallback)((()=>o?Object(k.m)(e):Object(k.g)({includedPolicies:`${e},global`})),[o,e]);return i.a.createElement(D,{policyId:e,artifactApiClientInstance:a,getArtifactsPath:s,searchableFields:P.b,labels:u,"data-test-subj":"hostIsolationExceptions"})}));N.displayName="HostIsolationExceptionsPolicyCard";const L=Object(n.memo)((({policyId:e})=>{const t=Object(E.i)(),a=Object(n.useMemo)((()=>y.a.getInstance(t)),[t]),{canReadPolicyManagement:o}=Object(r.a)().endpointPrivileges,s=Object(n.useCallback)((()=>o?Object(k.i)(e):Object(k.c)({includedPolicies:`${e},global`})),[o,e]);return i.a.createElement(D,{policyId:e,artifactApiClientInstance:a,getArtifactsPath:s,searchableFields:F.b,labels:d,"data-test-subj":"blocklists"})}));L.displayName="BlocklistPolicyCard";const z=Object(n.memo)((({policyId:e})=>{const{loading:t,canReadBlocklist:a,canReadEventFilters:n,canReadTrustedApplications:l,canReadHostIsolationExceptions:c}=Object(r.a)().endpointPrivileges,d=Object(f.a)();return t?i.a.createElement(o.EuiSkeletonText,{lines:4}):d?i.a.createElement(i.a.Fragment,null,i.a.createElement("div",null,i.a.createElement(o.EuiText,null,i.a.createElement("h5",null,i.a.createElement(s.FormattedMessage,{id:"xpack.securitySolution.endpoint.policyDetails.artifacts.title",defaultMessage:"Artifacts"}))),i.a.createElement(o.EuiSpacer,{size:"s"}),l&&i.a.createElement(i.a.Fragment,null,i.a.createElement(A,{policyId:e}),i.a.createElement(o.EuiSpacer,{size:"s"})),n&&i.a.createElement(i.a.Fragment,null,i.a.createElement(T,{policyId:e}),i.a.createElement(o.EuiSpacer,{size:"s"})),c&&i.a.createElement(i.a.Fragment,null,i.a.createElement(N,{policyId:e}),i.a.createElement(o.EuiSpacer,{size:"s"})),a&&i.a.createElement(L,{policyId:e})),i.a.createElement(o.EuiSpacer,{size:"l"})):null}));z.displayName="EndpointPolicyArtifactCards";var R=a(1492);const $=Object(n.memo)((({policy:e,onChange:t,newPolicy:a})=>{const c=a,d=c.inputs[0].config.policy.value,{canAccessFleet:u}=Object(r.a)().endpointPrivileges,p=Object(n.useCallback)((({isValid:e,updatedPolicy:a})=>{const n=Object(l.cloneDeep)(c.inputs);n[0].config.policy.value=a,t({isValid:e,updatedPolicy:{inputs:n}})}),[t,c.inputs]);return i.a.createElement(i.a.Fragment,null,i.a.createElement(o.EuiSpacer,{size:"m"}),i.a.createElement("div",{"data-test-subj":"endpointIntegrationPolicyForm"},i.a.createElement(z,{policyId:e.id}),i.a.createElement("div",null,i.a.createElement(o.EuiText,null,i.a.createElement("h5",null,i.a.createElement(s.FormattedMessage,{id:"xpack.securitySolution.endpoint.policyDetails.settings.title",defaultMessage:"Policy settings"}))),i.a.createElement(o.EuiSpacer,{size:"s"}),i.a.createElement(R.a,{policy:d,onChange:p,mode:u?"edit":"view","data-test-subj":"endpointPolicyForm"}))))}));$.displayName="EndpointPolicyEditExtension"},173:function(e,t,a){"use strict";a.d(t,"h",(function(){return o})),a.d(t,"k",(function(){return s})),a.d(t,"n",(function(){return l})),a.d(t,"q",(function(){return r})),a.d(t,"m",(function(){return c})),a.d(t,"o",(function(){return d})),a.d(t,"l",(function(){return u})),a.d(t,"p",(function(){return p})),a.d(t,"s",(function(){return m})),a.d(t,"i",(function(){return f})),a.d(t,"j",(function(){return y})),a.d(t,"g",(function(){return g})),a.d(t,"r",(function(){return v})),a.d(t,"u",(function(){return b})),a.d(t,"v",(function(){return k})),a.d(t,"t",(function(){return w})),a.d(t,"f",(function(){return h})),a.d(t,"b",(function(){return _})),a.d(t,"c",(function(){return E})),a.d(t,"e",(function(){return x})),a.d(t,"d",(function(){return S})),a.d(t,"a",(function(){return M}));var n=a(4),i=a(1035);const o=`${n.Ib}/:tabName(${i.a.endpoints})`,s=`${n.Ib}/:tabName(${i.a.policies})`,l=`${n.Ib}/:tabName(${i.a.policies})/:policyId/settings`,r=`${n.Ib}/:tabName(${i.a.policies})/:policyId/trustedApps`,c=`${n.Ib}/:tabName(${i.a.policies})/:policyId/eventFilters`,d=`${n.Ib}/:tabName(${i.a.policies})/:policyId/hostIsolationExceptions`,u=`${n.Ib}/:tabName(${i.a.policies})/:policyId/blocklists`,p=`${n.Ib}/:tabName(${i.a.policies})/:policyId`,m=`${n.Ib}/:tabName(${i.a.trustedApps})`,f=`${n.Ib}/:tabName(${i.a.eventFilters})`,y=`${n.Ib}/:tabName(${i.a.hostIsolationExceptions})`,g=`${n.Ib}/:tabName(${i.a.blocklist})`,v=`${n.Ib}/:tabName(${i.a.responseActionsHistory})`,b="management",k="policyDetails",w="endpoints",h=[10,20,50],_=0,E=10,x="desc",S="created_at",M=1e4},290:function(e,t,a){"use strict";a.d(t,"a",(function(){return s}));var n=a(2),i=a(478),o=a(45);function s(){const{search:e}=Object(o.useLocation)();return Object(n.useMemo)((()=>{const t=Object(i.parse)(e);return{urlParams:t,toUrlParams:(e=t)=>Object(i.stringify)(e)}}),[e])}},347:function(e,t,a){"use strict";a.d(t,"a",(function(){return o})),a.d(t,"b",(function(){return s}));var n=a(5),i=a(174);n.i18n.translate("xpack.securitySolution.endpointsTab",{defaultMessage:"Endpoints"}),n.i18n.translate("xpack.securitySolution.policiesTab",{defaultMessage:"Policies"}),n.i18n.translate("xpack.securitySolution.trustedAppsTab",{defaultMessage:"Trusted applications"}),n.i18n.translate("xpack.securitySolution.eventFiltersTab",{defaultMessage:"Event filters"});const o={[i.c.WINDOWS]:n.i18n.translate("xpack.securitySolution.administration.os.windows",{defaultMessage:"Windows"}),[i.c.MAC]:n.i18n.translate("xpack.securitySolution.administration.os.macos",{defaultMessage:"Mac"}),[i.c.LINUX]:n.i18n.translate("xpack.securitySolution.administration.os.linux",{defaultMessage:"Linux"})},s=e=>n.i18n.translate("xpack.securitySolution.exceptions.failedLoadPolicies",{defaultMessage:'There was an error loading policies: "{error}"',values:{error:e.message}})},453:function(e,t,a){"use strict";a.d(t,"a",(function(){return l})),a.d(t,"b",(function(){return r})),a.d(t,"c",(function(){return c}));var n=a(2),i=a(10),o=a.n(i),s=a(535);const l=e=>{const t=Object(s.b)(),a=o()(t.sections$,t.getSectionsValue());return Object(n.useMemo)((()=>{var t;return null!==(t=null==a?void 0:a.get(e))&&void 0!==t?t:null}),[e,a])},r=e=>{const t=Object(s.b)(),a=o()(t.messages$,t.getMessagesValue());return Object(n.useMemo)((()=>{var t;return null!==(t=null==a?void 0:a.get(e))&&void 0!==t?t:null}),[e,a])},c=e=>{const t=Object(s.b)(),a=Object(n.useMemo)((()=>t.getPageUpselling(e)),[e,t]);return null!=a?a:null}},490:function(e,t,a){"use strict";a.d(t,"a",(function(){return i}));var n=a(453);const i=()=>Object(n.a)("endpointPolicyProtections")},535:function(e,t,a){"use strict";a.d(t,"a",(function(){return s})),a.d(t,"b",(function(){return l}));var n=a(2),i=a.n(n);const o=i.a.createContext(null),s=Object(n.memo)((({upsellingService:e,children:t})=>i.a.createElement(o.Provider,{value:e},t)));s.displayName="UpsellingProvider";const l=()=>{const e=Object(n.useContext)(o);if(!e)throw new Error("UpsellingProviderContext not found");return e}},720:function(e,t,a){"use strict";a.d(t,"a",(function(){return l})),a.d(t,"b",(function(){return r}));var n=a(2),i=a(45),o=a(173),s=a(290);const l=e=>{var t,a,n;const i={pageSize:o.c,page:1};return i.page=Number(null!==(t=Array.isArray(e.page)?e.page[e.page.length-1]:e.page)&&void 0!==t?t:i.page),i.pageSize=null!==(a=Number(null!==(n=Array.isArray(e.pageSize)?e.pageSize[e.pageSize.length-1]:e.pageSize)&&void 0!==n?n:i.pageSize))&&void 0!==a?a:i.pageSize,(!Number.isFinite(i.page)||i.page<1)&&(i.page=1),o.f.includes(i.pageSize)||(i.pageSize=o.c),i},r=()=>{const e=Object(i.useLocation)(),t=Object(i.useHistory)(),{urlParams:a,toUrlParams:r}=Object(s.a)(),c=Object(n.useMemo)((()=>l(a)),[a]),[d,u]=Object(n.useState)(c),p=Object(n.useCallback)((({pageSize:n,page:i})=>{t.push({...e,search:r({...a,page:i,pageSize:n})})}),[t,e,r,a]);return Object(n.useEffect)((()=>{u((e=>({...e,...l(a)})))}),[u,a]),{pagination:d,setPagination:p,pageSizeOptions:[...o.f]}}},937:function(e,t,a){"use strict";a.d(t,"b",(function(){return o})),a.d(t,"a",(function(){return s}));var n=a(120),i=a(163);const o=["item_id","name","description","entries.value"],s={name:i.j,namespace_type:"agnostic",description:i.h,list_id:i.i,type:n.b.ENDPOINT_HOST_ISOLATION_EXCEPTIONS}}}]);