[BUG][EDR Workflows] Defend windows.advanced.events.registry.enforce_registry_filters advanced option name is wrong
#212526
Assignees
Labels
bug
Fixes for quality problems that affect the customer experience
OLM Sprint
Team:Defend Workflows
“EDR Workflows” sub-team of Security Solution
v8.18.1
Comments
ferullo
added
the
bug
ferullo
added
Team:Defend Workflows
|
Pinging @elastic/security-defend-workflows (Team:Defend Workflows) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Kibana version:
8.15.0+
Describe the bug:
The Defend advanced option
windows.advanced.events.registry.enforce_registry_filtersis named wrong. The actual option in Endpoint iswindows.advanced.events.enforce_registry_filters.To fix this let's just delete the existing advanced option and add the new correct one, backporting to all supported versions and making sure to add a release note.
We considered changing Endpoint to align with the Kibana option or adding a Kibana migration when the advanced option is renamed. However, both of those approaches would actually change Endpoint's behavior on upgrade for any users that have set the wrongly named option, which would be counter to our typical upgrade approach.
AC
Remove legacy policy advanced option (
windows.advanced.events.registry.enforce_registry_filters) and add the new one:windows.advanced.events.enforce_registry_filtersCheck if existing legacy field would be removed after policy update including the new field. If not, evaluate if we want to implement a policy migration to remove the legacy one.
The text was updated successfully, but these errors were encountered: