[8.12] [Security Solution] Defend advanced policy option to disable p…

…rocess and thread handle events (#173674) (#173698)

# Backport

This will backport the following commits from `main` to `8.12`:
- [[Security Solution] Defend advanced policy option to disable process
and thread handle events
(#173674)](#173674)

<!--- Backport version: 8.9.7 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Gabriel
Landau","email":"[email protected]"},"sourceCommit":{"committedDate":"2023-12-19T22:58:58Z","message":"[Security
Solution] Defend advanced policy option to disable process and thread
handle events (#173674)\n\n## Summary\r\n\r\nDefend Advanced Policy
option to allow users to disable collection and\r\nreporting of
process/thread handle events. This can be used to\r\ntroubleshoot
performance issues.\r\n\r\nThe feature has actually been in Defend since
8.1.0, but it was never\r\nexposed via Kibana. Should we backport it
past 8.12.0?\r\n\r\n### Checklist\r\n\r\nDelete any items that are not
applicable to this PR.\r\n\r\n- [x] Any text added follows [EUI's
writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\r\nsentence case text and includes
[i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n\r\n###
For maintainers\r\n\r\n- [ ] This was checked for breaking API changes
and was
[labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n\r\n<!--ONMERGE
{\"backportTargets\":[\"8.12\"]} ONMERGE-->\r\n\r\nCo-authored-by:
Kibana Machine
<[email protected]>","sha":"ea580e69f13275105c8714b26230e4b7acceeb3d","branchLabelMapping":{"^v8.13.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Defend
Workflows","v8.12.0","v8.13.0"],"number":173674,"url":"https://github.com/elastic/kibana/pull/173674","mergeCommit":{"message":"[Security
Solution] Defend advanced policy option to disable process and thread
handle events (#173674)\n\n## Summary\r\n\r\nDefend Advanced Policy
option to allow users to disable collection and\r\nreporting of
process/thread handle events. This can be used to\r\ntroubleshoot
performance issues.\r\n\r\nThe feature has actually been in Defend since
8.1.0, but it was never\r\nexposed via Kibana. Should we backport it
past 8.12.0?\r\n\r\n### Checklist\r\n\r\nDelete any items that are not
applicable to this PR.\r\n\r\n- [x] Any text added follows [EUI's
writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\r\nsentence case text and includes
[i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n\r\n###
For maintainers\r\n\r\n- [ ] This was checked for breaking API changes
and was
[labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n\r\n<!--ONMERGE
{\"backportTargets\":[\"8.12\"]} ONMERGE-->\r\n\r\nCo-authored-by:
Kibana Machine
<[email protected]>","sha":"ea580e69f13275105c8714b26230e4b7acceeb3d"}},"sourceBranch":"main","suggestedTargetBranches":["8.12"],"targetPullRequestStates":[{"branch":"8.12","label":"v8.12.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.13.0","labelRegex":"^v8.13.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/173674","number":173674,"mergeCommit":{"message":"[Security
Solution] Defend advanced policy option to disable process and thread
handle events (#173674)\n\n## Summary\r\n\r\nDefend Advanced Policy
option to allow users to disable collection and\r\nreporting of
process/thread handle events. This can be used to\r\ntroubleshoot
performance issues.\r\n\r\nThe feature has actually been in Defend since
8.1.0, but it was never\r\nexposed via Kibana. Should we backport it
past 8.12.0?\r\n\r\n### Checklist\r\n\r\nDelete any items that are not
applicable to this PR.\r\n\r\n- [x] Any text added follows [EUI's
writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\r\nsentence case text and includes
[i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n\r\n###
For maintainers\r\n\r\n- [ ] This was checked for breaking API changes
and was
[labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n\r\n<!--ONMERGE
{\"backportTargets\":[\"8.12\"]} ONMERGE-->\r\n\r\nCo-authored-by:
Kibana Machine
<[email protected]>","sha":"ea580e69f13275105c8714b26230e4b7acceeb3d"}}]}]
BACKPORT-->

Co-authored-by: Gabriel Landau <[email protected]>

x-pack/plugins/security_solution/public/management/pages/policy/models/advanced_policy_schema.ts

@@ -681,6 +681,16 @@ export const AdvancedPolicySchema: AdvancedPolicySchemaType[] = [
       }
     ),
   },
+  {
+    key: 'windows.advanced.kernel.process_handle',
+    first_supported_version: '8.1',
+    documentation: i18n.translate(
+      'xpack.securitySolution.endpoint.policy.advanced.windows.advanced.kernel.process_handle',
+      {
+        defaultMessage: 'Capture process and thread handle events. Default: true.',
+      }
+    ),
+  },
   {
     key: 'windows.advanced.diagnostic.enabled',
     first_supported_version: '7.11',