elastic
diff --git a/‎x-pack/plugins/security_solution/public/management/cypress/e2e/endpoint/isolate.cy.ts‎
Lines changed: 1 addition & 1 deletion b/‎x-pack/plugins/security_solution/public/management/cypress/e2e/endpoint/isolate.cy.ts‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎x-pack/plugins/security_solution/public/management/cypress/e2e/mocked_data/artifact_tabs_in_policy_details.cy.ts‎
Lines changed: 1 addition & 7 deletions b/‎x-pack/plugins/security_solution/public/management/cypress/e2e/mocked_data/artifact_tabs_in_policy_details.cy.ts‎
Lines changed: 1 addition & 7 deletions
diff --git a/‎x-pack/plugins/security_solution/public/management/cypress/e2e/mocked_data/endpoint_role_rbac.cy.ts‎
Lines changed: 1 addition & 1 deletion b/‎x-pack/plugins/security_solution/public/management/cypress/e2e/mocked_data/endpoint_role_rbac.cy.ts‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎x-pack/plugins/security_solution/public/management/cypress/e2e/mocked_data/isolate.cy.ts‎
Lines changed: 1 addition & 1 deletion b/‎x-pack/plugins/security_solution/public/management/cypress/e2e/mocked_data/isolate.cy.ts‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎x-pack/plugins/security_solution/public/management/cypress/e2e/mocked_data/policy_details.cy.ts‎
Lines changed: 199 additions & 0 deletions b/‎x-pack/plugins/security_solution/public/management/cypress/e2e/mocked_data/policy_details.cy.ts‎
Lines changed: 199 additions & 0 deletions
diff --git a/‎x-pack/plugins/security_solution/public/management/cypress/e2e/mocked_data/responder.cy.ts‎
Lines changed: 1 addition & 1 deletion b/‎x-pack/plugins/security_solution/public/management/cypress/e2e/mocked_data/responder.cy.ts‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎x-pack/plugins/security_solution/public/management/cypress/screens/policy_details.ts‎
Lines changed: 88 additions & 0 deletions b/‎x-pack/plugins/security_solution/public/management/cypress/screens/policy_details.ts‎
Lines changed: 88 additions & 0 deletions
diff --git a/‎x-pack/plugins/security_solution/public/management/cypress/tasks/response_console.ts‎
Lines changed: 1 addition & 1 deletion b/‎x-pack/plugins/security_solution/public/management/cypress/tasks/response_console.ts‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎…gement/cypress/tasks/close_all_toasts.ts‎ ‎…ublic/management/cypress/tasks/toasts.ts‎x-pack/plugins/security_solution/public/management/cypress/tasks/close_all_toasts.ts renamed to x-pack/plugins/security_solution/public/management/cypress/tasks/toasts.ts
Lines changed: 6 additions & 0 deletions b/‎…gement/cypress/tasks/close_all_toasts.ts‎ ‎…ublic/management/cypress/tasks/toasts.ts‎x-pack/plugins/security_solution/public/management/cypress/tasks/close_all_toasts.ts renamed to x-pack/plugins/security_solution/public/management/cypress/tasks/toasts.ts
Lines changed: 6 additions & 0 deletions
diff --git a/‎x-pack/plugins/security_solution/public/management/pages/policy/view/components/antivirus_registration_form/index.tsx‎
Lines changed: 1 addition & 0 deletions b/‎x-pack/plugins/security_solution/public/management/pages/policy/view/components/antivirus_registration_form/index.tsx‎
Lines changed: 1 addition & 0 deletions
@@ -7,7 +7,7 @@
 
 import type { Agent } from '@kbn/fleet-plugin/common';
 import { APP_CASES_PATH, APP_ENDPOINTS_PATH } from '../../../../../common/constants';
-import { closeAllToasts } from '../../tasks/close_all_toasts';
+import { closeAllToasts } from '../../tasks/toasts';
 import {
   checkEndpointListForOnlyIsolatedHosts,
   checkEndpointListForOnlyUnIsolatedHosts,
 
@@ -7,6 +7,7 @@
 
 import { getEndpointSecurityPolicyManager } from '../../../../../scripts/endpoint/common/roles_users/endpoint_security_policy_manager';
 import { getArtifactsListTestsData } from '../../fixtures/artifacts_page';
+import { visitPolicyDetailsPage } from '../../screens/policy_details';
 import {
   createPerPolicyArtifact,
   createArtifactList,
@@ -62,13 +63,6 @@ const visitArtifactTab = (tabId: string) => {
   cy.get(`#${tabId}`).click();
 };
 
-const visitPolicyDetailsPage = () => {
-  cy.visit('/app/security/administration/policy');
-  cy.getByTestSubj('policyNameCellLink').eq(0).click({ force: true });
-  cy.getByTestSubj('policyDetailsPage').should('exist');
-  cy.get('#settings').should('exist'); // waiting for Policy Settings tab
-};
-
 describe('Artifact tabs in Policy Details page', () => {
   before(() => {
     login();
 
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import { closeAllToasts } from '../../tasks/close_all_toasts';
+import { closeAllToasts } from '../../tasks/toasts';
 import { login } from '../../tasks/login';
 
 describe('When defining a kibana role for Endpoint security access', () => {
 
@@ -19,7 +19,7 @@ import {
   waitForReleaseOption,
 } from '../../tasks/isolate';
 import type { ActionDetails } from '../../../../../common/endpoint/types';
-import { closeAllToasts } from '../../tasks/close_all_toasts';
+import { closeAllToasts } from '../../tasks/toasts';
 import type { ReturnTypeFromChainable } from '../../types';
 import { addAlertsToCase } from '../../tasks/add_alerts_to_case';
 import { APP_ALERTS_PATH, APP_CASES_PATH, APP_PATH } from '../../../../../common/constants';
 
@@ -0,0 +1,199 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { ProtectionModes } from '../../../../../common/endpoint/types';
+import {
+  PackagePolicyBackupHelper,
+  savePolicyForm,
+  visitPolicyDetailsPage,
+  yieldPolicyConfig,
+} from '../../screens/policy_details';
+import type { CyIndexEndpointHosts } from '../../tasks/index_endpoint_hosts';
+import { indexEndpointHosts } from '../../tasks/index_endpoint_hosts';
+import { login } from '../../tasks/login';
+
+describe('Policy Details', () => {
+  const packagePolicyBackupHelper = new PackagePolicyBackupHelper();
+  let indexedHostsData: CyIndexEndpointHosts;
+
+  before(() => {
+    login();
+    indexEndpointHosts().then((results) => {
+      indexedHostsData = results;
+    });
+    packagePolicyBackupHelper.backup();
+  });
+
+  beforeEach(() => {
+    login();
+    visitPolicyDetailsPage();
+  });
+
+  afterEach(() => {
+    packagePolicyBackupHelper.restore();
+  });
+
+  after(() => {
+    indexedHostsData.cleanup();
+  });
+
+  describe('Malware Protection card', () => {
+    it('user should be able to see related rules', () => {
+      cy.getByTestSubj('malwareProtectionsForm').contains('related detection rules').click();
+
+      cy.url().should('contain', 'app/security/rules/management');
+    });
+
+    it('changing protection level should enable or disable user notification', () => {
+      cy.getByTestSubj('malwareProtectionSwitch').click();
+      cy.getByTestSubj('malwareProtectionSwitch').should('have.attr', 'aria-checked', 'true');
+
+      // Default: Prevent + Notify user enabled
+      cy.getByTestSubj('malwareProtectionMode_prevent').find('input').should('be.checked');
+      cy.getByTestSubj('malwareUserNotificationCheckbox').should('be.checked');
+
+      // Changing to Detect -> Notify user disabled
+      cy.getByTestSubj('malwareProtectionMode_detect').find('label').click();
+      cy.getByTestSubj('malwareUserNotificationCheckbox').should('not.be.checked');
+
+      // Changing back to Prevent -> Notify user enabled
+      cy.getByTestSubj('malwareProtectionMode_prevent').find('label').click();
+      cy.getByTestSubj('malwareUserNotificationCheckbox').should('be.checked');
+    });
+
+    it('disabling protection should disable notification in yaml for every OS', () => {
+      // Enable malware protection and user notification
+      cy.getByTestSubj('malwareProtectionSwitch').click();
+      cy.getByTestSubj('malwareProtectionSwitch').should('have.attr', 'aria-checked', 'true');
+      savePolicyForm();
+
+      yieldPolicyConfig().then((policyConfig) => {
+        expect(policyConfig.mac.popup.malware.enabled).to.equal(true);
+        expect(policyConfig.windows.popup.malware.enabled).to.equal(true);
+        expect(policyConfig.linux.popup.malware.enabled).to.equal(true);
+      });
+
+      // disable malware protection
+      cy.getByTestSubj('malwareProtectionSwitch').click();
+      cy.getByTestSubj('malwareProtectionSwitch').should('have.attr', 'aria-checked', 'false');
+      savePolicyForm();
+
+      yieldPolicyConfig().then((policyConfig) => {
+        expect(policyConfig.mac.popup.malware.enabled).to.equal(false);
+        expect(policyConfig.windows.popup.malware.enabled).to.equal(false);
+        expect(policyConfig.linux.popup.malware.enabled).to.equal(false);
+      });
+    });
+
+    it('user should be able to enable Malware protection for every OS in yaml', () => {
+      yieldPolicyConfig().then((policyConfig) => {
+        expect(policyConfig.linux.malware.mode).to.equal(ProtectionModes.off);
+        expect(policyConfig.mac.malware.mode).to.equal(ProtectionModes.off);
+        expect(policyConfig.windows.malware.mode).to.equal(ProtectionModes.off);
+      });
+
+      cy.getByTestSubj('malwareProtectionsForm').should('contain.text', 'Linux');
+      cy.getByTestSubj('malwareProtectionsForm').should('contain.text', 'Windows');
+      cy.getByTestSubj('malwareProtectionsForm').should('contain.text', 'Mac');
+
+      cy.getByTestSubj('malwareProtectionSwitch').click();
+      savePolicyForm();
+
+      yieldPolicyConfig().then((policyConfig) => {
+        expect(policyConfig.linux.malware.mode).to.equal(ProtectionModes.prevent);
+        expect(policyConfig.mac.malware.mode).to.equal(ProtectionModes.prevent);
+        expect(policyConfig.windows.malware.mode).to.equal(ProtectionModes.prevent);
+      });
+    });
+  });
+
+  describe('Ransomware Protection card', () => {
+    it('user should be able to see related rules', () => {
+      cy.getByTestSubj('ransomwareProtectionsForm').contains('related detection rules').click();
+
+      cy.url().should('contain', 'app/security/rules/management');
+    });
+
+    it('changing protection level should enable or disable user notification', () => {
+      cy.getByTestSubj('ransomwareProtectionSwitch').click();
+      cy.getByTestSubj('ransomwareProtectionSwitch').should('have.attr', 'aria-checked', 'true');
+
+      // Default: Prevent + Notify user enabled
+      cy.getByTestSubj('ransomwareProtectionMode_prevent').find('input').should('be.checked');
+      cy.getByTestSubj('ransomwareUserNotificationCheckbox').should('be.checked');
+
+      // Changing to Detect -> Notify user disabled
+      cy.getByTestSubj('ransomwareProtectionMode_detect').find('label').click();
+      cy.getByTestSubj('ransomwareUserNotificationCheckbox').should('not.be.checked');
+
+      // Changing back to Prevent -> Notify user enabled
+      cy.getByTestSubj('ransomwareProtectionMode_prevent').find('label').click();
+      cy.getByTestSubj('ransomwareUserNotificationCheckbox').should('be.checked');
+    });
+  });
+
+  describe('Advanced settings', () => {
+    it('should show empty text inputs except for some settings', () => {
+      const settingsWithDefaultValues = [
+        'mac.advanced.capture_env_vars',
+        'linux.advanced.capture_env_vars',
+      ];
+
+      cy.getByTestSubj('advancedPolicyButton').click();
+
+      cy.getByTestSubj('advancedPolicyPanel')
+        .children()
+        .each(($child) => {
+          const settingName = $child.find('label').text();
+
+          if (settingsWithDefaultValues.includes(settingName)) {
+            cy.wrap($child).find('input').should('not.have.value', '');
+          } else {
+            cy.wrap($child).find('input').should('have.value', '');
+          }
+        });
+    });
+
+    it('should add advanced settings to policy yaml only when they are set', () => {
+      // Initially config should only contain the two default entries
+      yieldPolicyConfig().then((policyConfig) => {
+        expect(policyConfig.linux.advanced).to.have.keys(['capture_env_vars']);
+        expect(policyConfig.mac.advanced).to.have.keys(['capture_env_vars']);
+        expect(policyConfig.windows.advanced).to.equal(undefined);
+      });
+
+      // Set agent.connection_delay entry for every OS
+      cy.getByTestSubj('advancedPolicyButton').click();
+      cy.getByTestSubj('advancedPolicyPanel')
+        .children()
+        .each(($child) => {
+          const settingName = $child.find('label').text();
+
+          if (settingName.includes('.agent.connection_delay')) {
+            cy.wrap($child).find('input').type('66');
+          }
+        });
+      savePolicyForm();
+
+      // Validate yaml
+      yieldPolicyConfig().then((policyConfig) => {
+        expect(policyConfig.linux.advanced).to.have.keys(['capture_env_vars', 'agent']);
+        expect(policyConfig.linux.advanced).to.have.deep.property('agent', {
+          connection_delay: '66',
+        });
+        expect(policyConfig.mac.advanced).to.have.keys(['capture_env_vars', 'agent']);
+        expect(policyConfig.mac.advanced).to.have.deep.property('agent', {
+          connection_delay: '66',
+        });
+        expect(policyConfig.windows.advanced).to.have.keys(['agent']);
+        expect(policyConfig.windows.advanced).to.have.deep.property('agent', {
+          connection_delay: '66',
+        });
+      });
+    });
+  });
+});
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import { closeAllToasts } from '../../tasks/close_all_toasts';
+import { closeAllToasts } from '../../tasks/toasts';
 import type { ReturnTypeFromChainable } from '../../types';
 import { addAlertsToCase } from '../../tasks/add_alerts_to_case';
 import { APP_CASES_PATH } from '../../../../../common/constants';
 
@@ -0,0 +1,88 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type {
+  GetOnePackagePolicyResponse,
+  GetPackagePoliciesResponse,
+  PackagePolicy,
+  UpdatePackagePolicy,
+  UpdatePackagePolicyResponse,
+} from '@kbn/fleet-plugin/common';
+import { packagePolicyRouteService } from '@kbn/fleet-plugin/common';
+import { APP_POLICIES_PATH } from '../../../../common/constants';
+import type { PolicyConfig } from '../../../../common/endpoint/types';
+import { request } from '../tasks/common';
+import { expectAndCloseSuccessToast } from '../tasks/toasts';
+
+export const visitPolicyDetailsPage = () => {
+  cy.visit(APP_POLICIES_PATH);
+
+  cy.getByTestSubj('policyNameCellLink').eq(0).click({ force: true });
+  cy.getByTestSubj('policyDetailsPage').should('exist');
+  cy.get('#settings').should('exist'); // waiting for Policy Settings tab
+};
+
+export const savePolicyForm = () => {
+  cy.getByTestSubj('policyDetailsSaveButton').click();
+  cy.getByTestSubj('confirmModalConfirmButton').click();
+  expectAndCloseSuccessToast();
+};
+
+export const yieldPolicyConfig = (): Cypress.Chainable<PolicyConfig> => {
+  return cy
+    .url()
+    .then((url) => {
+      const policyId = url.match(/security\/administration\/policy\/([a-z0-9-]+)/)?.[1];
+      expect(policyId).to.not.equal(undefined);
+
+      return policyId;
+    })
+    .then((policyId: string) => {
+      return request<GetOnePackagePolicyResponse>({
+        url: `/api/fleet/package_policies/${policyId}`,
+      });
+    })
+    .then((res) => {
+      const firstPackagePolicyConfig = res.body.item.inputs[0].config;
+      expect(firstPackagePolicyConfig).to.not.equal(undefined);
+
+      const policyConfig: PolicyConfig = firstPackagePolicyConfig?.policy.value;
+
+      return policyConfig;
+    });
+};
+
+export class PackagePolicyBackupHelper {
+  originalPackagePolicy!: PackagePolicy;
+
+  backup() {
+    request<GetPackagePoliciesResponse>({
+      url: packagePolicyRouteService.getListPath(),
+      qs: {
+        kuery: 'ingest-package-policies.package.name: endpoint',
+      },
+    }).then((res) => {
+      this.originalPackagePolicy = res.body.items[0];
+    });
+  }
+
+  restore() {
+    const body: UpdatePackagePolicy = {
+      name: this.originalPackagePolicy.name,
+      namespace: this.originalPackagePolicy.namespace,
+      enabled: this.originalPackagePolicy.enabled,
+      inputs: this.originalPackagePolicy.inputs,
+      policy_id: this.originalPackagePolicy.policy_id,
+    };
+
+    request<UpdatePackagePolicyResponse>({
+      method: 'PUT',
+      url: packagePolicyRouteService.getUpdatePath(this.originalPackagePolicy.id),
+      body,
+    });
+  }
+}
@@ -6,7 +6,7 @@
  */
 
 import type { ConsoleResponseActionCommands } from '../../../../common/endpoint/service/response_actions/constants';
-import { closeAllToasts } from './close_all_toasts';
+import { closeAllToasts } from './toasts';
 import { APP_ENDPOINTS_PATH } from '../../../../common/constants';
 import Chainable = Cypress.Chainable;
 
 
@@ -40,3 +40,9 @@ export const closeAllToasts = (): Cypress.Chainable<JQuery<HTMLBodyElement>> =>
       });
   });
 };
+
+export const expectAndCloseSuccessToast = () => {
+  cy.contains('Success');
+  cy.getByTestSubj('toastCloseButton').click();
+  cy.contains('Success').should('not.exist');
+};
@@ -58,6 +58,7 @@ export const AntivirusRegistrationForm = memo(() => {
     <ConfigForm
       type={TRANSLATIONS.title}
       supportedOss={[OperatingSystem.WINDOWS]}
+      dataTestSubj="antivirusRegistrationForm"
       osRestriction={i18n.translate(
         'xpack.securitySolution.endpoint.policy.details.av.windowsServerNotSupported',
         {
Original file line number	Diff line number	Diff line change
`@@ -58,6 +58,7 @@ export const AntivirusRegistrationForm = memo(() => {`
`58`	`58`	`<ConfigForm`
`59`	`59`	`type={TRANSLATIONS.title}`
`60`	`60`	`supportedOss={[OperatingSystem.WINDOWS]}`
	`61`	`+ dataTestSubj="antivirusRegistrationForm"`
`61`	`62`	`osRestriction={i18n.translate(`
`62`	`63`	`'xpack.securitySolution.endpoint.policy.details.av.windowsServerNotSupported',`
`63`	`64`	`{`