[Internal]: Moving 'Endpoint Exceptions' to the Management/Assets section and make it per-policy #3883
Description
Description
We're implementing multiple changes on Endpoint exceptions:
- moving to a new location
- the new location is the Security / Management (or Assets) section, next to other endpoint related artifacts like Trusted apps, Event filters etc.
- similarly to other artifacts, they are available on the Policy details page as a tab
- they are removed from the 'Shared exception lists' page,
- they are read-only on the Endpoint Security rule page / Endpoint exception tab
- per-policy assignment1: similarly to other artifacts, Endpoint exceptions can be assigned globally or per-policy.
- this also means that Endpoint exceptions become space aware. (note, here we state it's global only)
- import-export: as before, they can be imported/exported, but this is still under design
Planned release
We're developing this continuously behind a feature flag.
- serverless: As soon as the feature is ready, we're planning to enable the feature flag and release it to serverless. Probably not much earlier as
9.3feature freeze. - ESS: We're targeting
9.3on ESS.
Resources
Here's the collection issue containing all implementation issues:
Here's a related doc issue, that change will be released together with the changes in this issue:
Which documentation set does this change impact?
Elastic On-Prem and Cloud (all)
Feature differences
identical everywhere
What release is this request related to?
9.3
Serverless release
Around 9.3 release, maybe a bit earlier.
Collaboration model
The documentation team
Point of contact.
Main contact: @gergoabraham
Stakeholders: @dasansol92 @roxana-gheorghe
Footnotes
-
A pre-requisite for this is that Endpoint exceptions are not duplicated to the Elastic Defend rule as rule exceptions. The documentation issue for that is already created by the detections team: https://github.com/elastic/docs-content/issues/2737 ↩