[8.12] New Defend Advanced Policy Options for 8.12.1 (elastic#175486) (…

…elastic#175821)

# Backport

This will backport the following commits from `main` to `8.12`:
- [New Defend Advanced Policy Options for 8.12.1
(elastic#175486)](elastic#175486)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Gabriel
Landau","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-01-29T16:26:58Z","message":"New
Defend Advanced Policy Options for 8.12.1 (elastic#175486)\n\n##
Summary\r\n\r\nStarting in v8.12.1, Defend includes new \"Image Load
Suppression\" and\r\n\"Registry Write Suppression\" optimizations that
enable it to drop\r\nknown-uninteresting image load and registry events
earlier, at the\r\nkernel level, avoiding unnecessary processing and
enrichment. These new\r\nfeatures improve application launch times,
improve system\r\nresponsiveness, and reduce Defend's CPU usage. These
features drop\r\nevents that were already dropped in prior versions of
Defend, so they\r\nhave no effect on the quality, quantity, or fidelity
of telemetry\r\ncollected by Defend.\r\n\r\nThis PR adds advanced policy
options to disable these features if\r\nnecessary for troubleshooting
and debugging purposes.\r\n\r\n### Checklist\r\n\r\nDelete any items
that are not applicable to this PR.\r\n\r\n- [ ] Any text added follows
[EUI's
writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\r\nsentence case text and includes
[i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n\r\n###
For maintainers\r\n\r\n- [ ] This was checked for breaking API changes
and was
[labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\nCo-authored-by:
Kibana Machine
<[email protected]>","sha":"597cfebb34e9c00660d793a8ee73a4df8a49a29a","branchLabelMapping":{"^v8.13.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:enhancement","Team:Defend
Workflows","v8.12.1","v8.13.0"],"title":"New Defend Advanced Policy
Options for
8.12.1","number":175486,"url":"https://github.com/elastic/kibana/pull/175486","mergeCommit":{"message":"New
Defend Advanced Policy Options for 8.12.1 (elastic#175486)\n\n##
Summary\r\n\r\nStarting in v8.12.1, Defend includes new \"Image Load
Suppression\" and\r\n\"Registry Write Suppression\" optimizations that
enable it to drop\r\nknown-uninteresting image load and registry events
earlier, at the\r\nkernel level, avoiding unnecessary processing and
enrichment. These new\r\nfeatures improve application launch times,
improve system\r\nresponsiveness, and reduce Defend's CPU usage. These
features drop\r\nevents that were already dropped in prior versions of
Defend, so they\r\nhave no effect on the quality, quantity, or fidelity
of telemetry\r\ncollected by Defend.\r\n\r\nThis PR adds advanced policy
options to disable these features if\r\nnecessary for troubleshooting
and debugging purposes.\r\n\r\n### Checklist\r\n\r\nDelete any items
that are not applicable to this PR.\r\n\r\n- [ ] Any text added follows
[EUI's
writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\r\nsentence case text and includes
[i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n\r\n###
For maintainers\r\n\r\n- [ ] This was checked for breaking API changes
and was
[labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\nCo-authored-by:
Kibana Machine
<[email protected]>","sha":"597cfebb34e9c00660d793a8ee73a4df8a49a29a"}},"sourceBranch":"main","suggestedTargetBranches":["8.12"],"targetPullRequestStates":[{"branch":"8.12","label":"v8.12.1","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.13.0","branchLabelMappingKey":"^v8.13.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/175486","number":175486,"mergeCommit":{"message":"New
Defend Advanced Policy Options for 8.12.1 (elastic#175486)\n\n##
Summary\r\n\r\nStarting in v8.12.1, Defend includes new \"Image Load
Suppression\" and\r\n\"Registry Write Suppression\" optimizations that
enable it to drop\r\nknown-uninteresting image load and registry events
earlier, at the\r\nkernel level, avoiding unnecessary processing and
enrichment. These new\r\nfeatures improve application launch times,
improve system\r\nresponsiveness, and reduce Defend's CPU usage. These
features drop\r\nevents that were already dropped in prior versions of
Defend, so they\r\nhave no effect on the quality, quantity, or fidelity
of telemetry\r\ncollected by Defend.\r\n\r\nThis PR adds advanced policy
options to disable these features if\r\nnecessary for troubleshooting
and debugging purposes.\r\n\r\n### Checklist\r\n\r\nDelete any items
that are not applicable to this PR.\r\n\r\n- [ ] Any text added follows
[EUI's
writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\r\nsentence case text and includes
[i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n\r\n###
For maintainers\r\n\r\n- [ ] This was checked for breaking API changes
and was
[labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\nCo-authored-by:
Kibana Machine
<[email protected]>","sha":"597cfebb34e9c00660d793a8ee73a4df8a49a29a"}}]}]
BACKPORT-->

Co-authored-by: Gabriel Landau <[email protected]>

x-pack/plugins/security_solution/public/management/pages/policy/models/advanced_policy_schema.ts

@@ -1523,4 +1523,26 @@ export const AdvancedPolicySchema: AdvancedPolicySchemaType[] = [
       }
     ),
   },
+  {
+    key: 'windows.advanced.events.disable_image_load_suppression_cache',
+    first_supported_version: '8.12.1',
+    documentation: i18n.translate(
+      'xpack.securitySolution.endpoint.policy.advanced.windows.advanced.events.disable_image_load_suppression_cache',
+      {
+        defaultMessage:
+          'The image load suppression cache improves system performance by enabling Endpoint to tell its kernel driver about DLLs which are un-interesting and will never be evented upon. This feature improves system reponsiveness and reduces Endpoint CPU usage.  Use this setting only for troubleshooting if image load events are not being generated as expected. Default: false',
+      }
+    ),
+  },
+  {
+    key: 'windows.advanced.events.disable_registry_write_suppression',
+    first_supported_version: '8.12.1',
+    documentation: i18n.translate(
+      'xpack.securitySolution.endpoint.policy.advanced.windows.advanced.events.disable_registry_write_suppression',
+      {
+        defaultMessage:
+          'Registry write suppression improves system performance by enabling Endpoint to tell its driver that certain types of registry operations are uninteresting. Once deemed uninteresting, the driver can quickly drop these events, improving system responsiveness and reducing Endpoint CPU usage. Use this setting only for troubleshooting if registry events are not functioning as expected. Default: false',
+      }
+    ),
+  },
 ];