/*! Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one or more contributor license agreements.
 * Licensed under the Elastic License 2.0; you may not use this file except in compliance with the Elastic License 2.0. */
(window.securitySolution_bundle_jsonpfunction=window.securitySolution_bundle_jsonpfunction||[]).push([[35],{1666:function(e,t,n){"use strict";n.r(t),n.d(t,"EndpointPolicyCreateExtension",(function(){return D}));var a=n(2),i=n.n(a),o=n(40),l=n(44),c=n(74),r=n(5);const s=r.i18n.translate("xpack.securitySolution.createPackagePolicy.stepConfigure.endpointDropdownOptionNGAV",{defaultMessage:"Next-Generation Antivirus (NGAV)"}),u=r.i18n.translate("xpack.securitySolution.createPackagePolicy.stepConfigure.endpointDropdownOptionNGAVNote",{defaultMessage:"Note: advanced protections require a platinum license level."}),d=r.i18n.translate("xpack.securitySolution.createPackagePolicy.stepConfigure.endpointDropdownOptionEDREssential",{defaultMessage:"Essential EDR (Endpoint Detection & Response)"}),p=r.i18n.translate("xpack.securitySolution.createPackagePolicy.stepConfigure.endpointDropdownOptionEDRComplete",{defaultMessage:"Complete EDR (Endpoint Detection & Response)"}),m=r.i18n.translate("xpack.securitySolution.createPackagePolicy.stepConfigure.endpointDropdownOptionEDRNote",{defaultMessage:"Note: advanced protections require a platinum license, and full response capabilities require an enterprise license."}),E=r.i18n.translate("xpack.securitySolution.createPackagePolicy.stepConfigure.endpointDropdownOptionDataCollection",{defaultMessage:"Data Collection"}),g=r.i18n.translate("xpack.securitySolution.createPackagePolicy.stepConfigure.packagePolicyTypeEndpointDataCollection",{defaultMessage:"Augment your existing anti-virus solution with advanced data collection and detection"}),y=r.i18n.translate("xpack.securitySolution.createPackagePolicy.stepConfigure.endpointDropdownOption",{defaultMessage:"Traditional Endpoints (desktops, laptops, virtual machines)"}),f=r.i18n.translate("xpack.securitySolution.createPackagePolicy.stepConfigure.cloudDropdownOption",{defaultMessage:"Cloud Workloads (Linux servers or Kubernetes environments)"}),P=r.i18n.translate("xpack.securitySolution.createPackagePolicy.stepConfigure.cloudEventFiltersInteractiveOnly",{defaultMessage:"Interactive only"}),v=r.i18n.translate("xpack.securitySolution.createPackagePolicy.stepConfigure.cloudEventFiltersAllEvents",{defaultMessage:"All events"}),k="ENDPOINT_INTEGRATION_CONFIG",C=Object(c.deepFreeze)({NGAV:{label:s,note:u},EDREssential:{label:d,note:m},EDRComplete:{label:p,note:m},DataCollection:{label:E,note:null}});var b=n(41);const h=n.n(b).a.div.withConfig({displayName:"HelpTextWithPadding",componentId:"sc-1vi3m6q-0"})(["padding-left:",";"],(e=>e.theme.eui.euiSizeL));var x=n(490);const S=()=>{},M=Object(a.memo)((({onChange:e,newPolicy:t})=>{const n=Object(x.a)(),l="DataCollection",c=Object(a.useMemo)((()=>[{enabled:!0,streams:[],type:k,config:{_config:{value:{type:"endpoint",endpointConfig:{preset:l}}}}}]),[]);return Object(a.useEffect)((()=>{var n,a;const i=t.inputs;0!==i.length?(null===(n=i[0])||void 0===n||null===(a=n.config)||void 0===a?void 0:a._config.value.endpointConfig.preset)!==l&&e({isValid:!0,updatedPolicy:{...t,inputs:c}}):e({isValid:!1,updatedPolicy:{...t,name:"",inputs:c}})}),[t,e,c]),i.a.createElement("div",{"data-test-subj":"endpointDataCollectionOnlyPreset"},i.a.createElement(o.EuiSpacer,{size:"m"}),i.a.createElement(o.EuiFormRow,{fullWidth:!0,helpText:i.a.createElement(h,null,g)},i.a.createElement(o.EuiFlexGroup,{gutterSize:"s"},i.a.createElement(o.EuiFlexItem,{grow:!1},i.a.createElement(o.EuiRadio,{id:"endpoint_data_collection_only_preset",onChange:S,disabled:!0,checked:!0})),i.a.createElement(o.EuiFlexItem,null,E))),n&&i.a.createElement(i.a.Fragment,null,i.a.createElement(o.EuiSpacer,{size:"xl"}),i.a.createElement(n,null)))}));M.displayName="EndpointEventCollectionPreset";var O=n(17);const T="endpoint_policy_create_extension",R={INTERACTIVE_ONLY:P,ALL_EVENTS:v},w=[{value:"endpoint",text:y},{value:"cloud",text:f}],D=Object(a.memo)((({newPolicy:e,onChange:t})=>{const n=Object(O.b)().isPlatinumPlus(),c=Object(O.b)().isEnterprise(),r=Boolean(Object(x.a)()),[s,u]=Object(a.useState)("EDRComplete"),[d,p]=Object(a.useState)("INTERACTIVE_ONLY"),[m,E]=Object(a.useState)("endpoint"),y="NGAV"===s&&!n||["EDREssential","EDRComplete"].includes(s)&&!c;Object(a.useEffect)((()=>{(!r||r&&"cloud"===m)&&(0===e.inputs.length?t({isValid:!1,updatedPolicy:{...e,name:"",inputs:[{enabled:!0,streams:[],type:k,config:{_config:{value:{type:"endpoint",endpointConfig:{preset:"NGAV"}}}}}]}}):t({isValid:!0,updatedPolicy:{...e,inputs:[{...e.inputs[0],config:{_config:{value:{type:m,..."cloud"===m?{eventFilters:{nonInteractiveSession:"INTERACTIVE_ONLY"===d}}:{endpointConfig:{preset:s}}}}}}]}}))}),[m,d,s,t,e,r]);const f=Object(a.useCallback)((e=>{var t;E(null==e||null===(t=e.target)||void 0===t?void 0:t.value)}),[]),P=Object(a.useCallback)((e=>{p(e.target.value)}),[]),v=Object(a.useCallback)((e=>{u(e.target.value)}),[]),b=Object(a.useCallback)((e=>({id:`${T}_endpoint_preset_${e}`,label:C[e].label,value:e,checked:s===e,onChange:v})),[s,v]),S=Object(a.useCallback)((e=>({id:`${T}_cloud_event_${e}`,label:R[e],value:e,checked:d===e,onChange:P})),[d,P]);return i.a.createElement(o.EuiForm,{component:"form"},i.a.createElement(o.EuiTitle,{size:"s"},i.a.createElement("h3",null,i.a.createElement(l.FormattedMessage,{id:"xpack.securitySolution.createPackagePolicy.stepConfigure.enablePrevention",defaultMessage:"Select configuration settings"}))),i.a.createElement(o.EuiSpacer,{size:"m"}),i.a.createElement(o.EuiText,{size:"s"},i.a.createElement("p",null,i.a.createElement(l.FormattedMessage,{id:"xpack.securitySolution.createPackagePolicy.stepConfigure.quickSettingsTranslation",defaultMessage:"Use quick settings to configure the integration to {environments}. You can make configuration changes after you create the integration.",values:{environments:i.a.createElement("strong",null,i.a.createElement(l.FormattedMessage,{id:"xpack.securitySolution.endpoint.ingestManager.createPackagePolicy.environments",defaultMessage:"protect your traditional endpoints or dynamic cloud environments"}))}}))),i.a.createElement(o.EuiSpacer,{size:"m"}),i.a.createElement(o.EuiFormRow,{fullWidth:!0,label:i.a.createElement(l.FormattedMessage,{id:"xpack.securitySolution.createPackagePolicy.stepConfigure.selectEnvironmentTextTranslation",defaultMessage:"Select the type of environment you want to protect:"})},i.a.createElement(o.EuiSelect,{id:"selectIntegrationTypeId","data-test-subj":"selectIntegrationTypeId",options:w,value:m,onChange:f,fullWidth:!0})),"endpoint"===m?r?i.a.createElement(M,{onChange:t,newPolicy:e}):i.a.createElement(i.a.Fragment,null,i.a.createElement(o.EuiSpacer,{size:"m"}),i.a.createElement(o.EuiFormRow,{fullWidth:!0,helpText:i.a.createElement(h,null,g)},i.a.createElement(o.EuiRadio,b("DataCollection"))),i.a.createElement(o.EuiSpacer,{size:"s"}),i.a.createElement(o.EuiFormRow,{fullWidth:!0,helpText:i.a.createElement(h,null,i.a.createElement(l.FormattedMessage,{id:"xpack.securitySolution.createPackagePolicy.stepConfigure.packagePolicyTypeEndpointNGAV",defaultMessage:"Machine learning malware, ransomware, memory threat, malicious behavior, and credential theft preventions, plus process telemetry"}))},i.a.createElement(o.EuiRadio,b("NGAV"))),i.a.createElement(o.EuiSpacer,{size:"s"}),i.a.createElement(o.EuiFormRow,{fullWidth:!0,helpText:i.a.createElement(h,null,i.a.createElement(l.FormattedMessage,{id:"xpack.securitySolution.createPackagePolicy.stepConfigure.packagePolicyTypeEndpointEDREssential",defaultMessage:"Everything in NGAV, plus file and network telemetry"}))},i.a.createElement(o.EuiRadio,b("EDREssential"))),i.a.createElement(o.EuiSpacer,{size:"s"}),i.a.createElement(o.EuiFormRow,{fullWidth:!0,helpText:i.a.createElement(h,null,i.a.createElement(l.FormattedMessage,{id:"xpack.securitySolution.createPackagePolicy.stepConfigure.packagePolicyTypeEndpointEDRComplete",defaultMessage:"Everything in Essential EDR, plus full telemetry"}))},i.a.createElement(o.EuiRadio,b("EDRComplete"))),y&&i.a.createElement(i.a.Fragment,null,i.a.createElement(o.EuiSpacer,{size:"m"}),i.a.createElement(o.EuiCallOut,{iconType:"iInCircle"},i.a.createElement(o.EuiText,{size:"s","data-test-subj":"create-ensdpoint-policy-license-note"},i.a.createElement("p",null,C[s].note," ",i.a.createElement(l.FormattedMessage,{id:"xpack.securitySolution.createPackagePolicy.stepConfigure.seeDocumentation",defaultMessage:"See {documentation} for more information.",values:{documentation:i.a.createElement(o.EuiLink,{href:"https://www.elastic.co/guide/en/security/current/configure-endpoint-integration-policy.html",target:"_blank"},i.a.createElement(l.FormattedMessage,{id:"xpack.securitySolution.endpoint.ingestManager.createPackagePolicy.seeDocumentationLink",defaultMessage:"documentation"}))}})))))):i.a.createElement(i.a.Fragment,null,i.a.createElement(o.EuiSpacer,{size:"m"}),i.a.createElement(o.EuiText,{color:"subdued",size:"s"},i.a.createElement("p",null,i.a.createElement(l.FormattedMessage,{id:"xpack.securitySolution.createPackagePolicy.stepConfigure.interactiveSessionSuggestionTranslation",defaultMessage:"To reduce data ingestion volume, select Interactive only"}))),i.a.createElement(o.EuiSpacer,{size:"s"}),i.a.createElement(o.EuiFormRow,{fullWidth:!0,helpText:i.a.createElement(h,null,i.a.createElement(l.FormattedMessage,{id:"xpack.securitySolution.createPackagePolicy.stepConfigure.packagePolicyTypeAllEventsInfo",defaultMessage:"Monitors and collects data from all system executions, including those launched by daemon processes, such as {nginx}, {postgres} and {cron}. {recommendation}",values:{nginx:i.a.createElement(o.EuiCode,null,"nginx"),postgres:i.a.createElement(o.EuiCode,null,"postgres"),cron:i.a.createElement(o.EuiCode,null,"cron"),recommendation:i.a.createElement("em",null,i.a.createElement("strong",null,i.a.createElement(l.FormattedMessage,{id:"xpack.securitySolution.createPackagePolicy.stepConfigure.packagePolicyTypeAllEventsInfoRecommendation",defaultMessage:"Recommended for Cloud Workload Protection, auditing and forensics use cases."})))}}))},i.a.createElement(o.EuiRadio,S("ALL_EVENTS"))),i.a.createElement(o.EuiSpacer,{size:"s"}),i.a.createElement(o.EuiFormRow,{fullWidth:!0,helpText:i.a.createElement(h,null,i.a.createElement(l.FormattedMessage,{id:"xpack.securitySolution.createPackagePolicy.stepConfigure.packagePolicyTypeInteractiveOnlyInfo",defaultMessage:"Captures live system interactions initiated by users through programs like {ssh} or {telnet}. {recommendation}",values:{ssh:i.a.createElement(o.EuiCode,null,"ssh"),telnet:i.a.createElement(o.EuiCode,null,"telnet"),recommendation:i.a.createElement("em",null,i.a.createElement("strong",null,i.a.createElement(l.FormattedMessage,{id:"xpack.securitySolution.createPackagePolicy.stepConfigure.packagePolicyTypeInteractiveOnlyInfoRecommendation",defaultMessage:"Recommended for auditing and forensic use cases."})))}}))},i.a.createElement(o.EuiRadio,S("INTERACTIVE_ONLY")))),i.a.createElement(o.EuiSpacer,{size:"xl"}))}),((e,t)=>e.newPolicy.name===t.newPolicy.name));D.displayName="EndpointPolicyCreateExtension"},453:function(e,t,n){"use strict";n.d(t,"a",(function(){return c})),n.d(t,"b",(function(){return r})),n.d(t,"c",(function(){return s}));var a=n(2),i=n(10),o=n.n(i),l=n(535);const c=e=>{const t=Object(l.b)(),n=o()(t.sections$,t.getSectionsValue());return Object(a.useMemo)((()=>{var t;return null!==(t=null==n?void 0:n.get(e))&&void 0!==t?t:null}),[e,n])},r=e=>{const t=Object(l.b)(),n=o()(t.messages$,t.getMessagesValue());return Object(a.useMemo)((()=>{var t;return null!==(t=null==n?void 0:n.get(e))&&void 0!==t?t:null}),[e,n])},s=e=>{const t=Object(l.b)(),n=Object(a.useMemo)((()=>t.getPageUpselling(e)),[e,t]);return null!=n?n:null}},490:function(e,t,n){"use strict";n.d(t,"a",(function(){return i}));var a=n(453);const i=()=>Object(a.a)("endpointPolicyProtections")},535:function(e,t,n){"use strict";n.d(t,"a",(function(){return l})),n.d(t,"b",(function(){return c}));var a=n(2),i=n.n(a);const o=i.a.createContext(null),l=Object(a.memo)((({upsellingService:e,children:t})=>i.a.createElement(o.Provider,{value:e},t)));l.displayName="UpsellingProvider";const c=()=>{const e=Object(a.useContext)(o);if(!e)throw new Error("UpsellingProviderContext not found");return e}}}]);