From 5cb60aa23fc6319eae83c5d8724a5701e6b34865 Mon Sep 17 00:00:00 2001
From: Gabriel Landau <42078554+gabriellandau@users.noreply.github.com>
Date: Tue, 2 Jul 2024 14:28:32 -0400
Subject: [PATCH] Defend Advanced Policy Options for Registry Event Filtering
 Enforcement (#186564)

## Summary

Adds a Defend Advanced Policy option to allow 8.15.0 users to opt out of
Registry Event Filtering.

### Checklist

Delete any items that are not applicable to this PR.

- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)

### For maintainers

- [ ] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
---
 .../pages/policy/models/advanced_policy_schema.ts     | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/x-pack/plugins/security_solution/public/management/pages/policy/models/advanced_policy_schema.ts b/x-pack/plugins/security_solution/public/management/pages/policy/models/advanced_policy_schema.ts
index 05ea215f65c50..b6333f949c761 100644
--- a/x-pack/plugins/security_solution/public/management/pages/policy/models/advanced_policy_schema.ts
+++ b/x-pack/plugins/security_solution/public/management/pages/policy/models/advanced_policy_schema.ts
@@ -1908,4 +1908,15 @@ export const AdvancedPolicySchema: AdvancedPolicySchemaType[] = [
       }
     ),
   },
+  {
+    key: 'windows.advanced.events.registry.enforce_registry_filters',
+    first_supported_version: '8.15',
+    documentation: i18n.translate(
+      'xpack.securitySolution.endpoint.policy.advanced.windows.advanced.events.registry.enforce_registry_filters',
+      {
+        defaultMessage:
+          'Reduce data volume by filtering out registry events which are not relevant to behavioral protections.  Default: true',
+      }
+    ),
+  },
 ];