[8.17] [Elastic Defend] Add windows.ransomware.dump_process for end…

…point advanced policy setting (elastic#212439) (elastic#213009)

# Backport

This will backport the following commits from `main` to `8.17`:
- [[Elastic Defend] Add `windows.ransomware.dump_process` for endpoint
advanced policy setting
(elastic#212439)](elastic#212439)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Christophe
Alladoum","email":"85187342+calladoum-elastic@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-03-04T00:57:20Z","message":"[Elastic
Defend] Add `windows.ransomware.dump_process` for endpoint advanced
policy setting (elastic#212439)\n\n## Summary\n\nThis PR exposes
`windows.ransomware.dump_process` as an advanced policy\noption for
Elastic Defend.\nIf enabled, this option will make the endpoint generate
a memory dump of\nthe ransomware process before killing it, assisting
the ransomware\ninvestigation process.\n\n\n### Checklist\n\nCheck the
PR satisfies following conditions. \n\nReviewers should verify this PR
satisfies this list as well.\n\n- [x] Any text added follows [EUI's
writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\nsentence case text and includes
[i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n\n---------\n\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"e9813b8c72d4479c8f023a3dccc94842fdac29f0","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Defend
Workflows","backport:version","v8.18.0","v8.15.6","v9.1.0","v8.19.0","v8.17.3","v8.16.5"],"title":"[Elastic
Defend] Add `windows.ransomware.dump_process` for endpoint advanced
policy
setting","number":212439,"url":"https://github.com/elastic/kibana/pull/212439","mergeCommit":{"message":"[Elastic
Defend] Add `windows.ransomware.dump_process` for endpoint advanced
policy setting (elastic#212439)\n\n## Summary\n\nThis PR exposes
`windows.ransomware.dump_process` as an advanced policy\noption for
Elastic Defend.\nIf enabled, this option will make the endpoint generate
a memory dump of\nthe ransomware process before killing it, assisting
the ransomware\ninvestigation process.\n\n\n### Checklist\n\nCheck the
PR satisfies following conditions. \n\nReviewers should verify this PR
satisfies this list as well.\n\n- [x] Any text added follows [EUI's
writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\nsentence case text and includes
[i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n\n---------\n\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"e9813b8c72d4479c8f023a3dccc94842fdac29f0"}},"sourceBranch":"main","suggestedTargetBranches":["8.18","8.15","8.x","8.17","8.16"],"targetPullRequestStates":[{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.15","label":"v8.15.6","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/212439","number":212439,"mergeCommit":{"message":"[Elastic
Defend] Add `windows.ransomware.dump_process` for endpoint advanced
policy setting (elastic#212439)\n\n## Summary\n\nThis PR exposes
`windows.ransomware.dump_process` as an advanced policy\noption for
Elastic Defend.\nIf enabled, this option will make the endpoint generate
a memory dump of\nthe ransomware process before killing it, assisting
the ransomware\ninvestigation process.\n\n\n### Checklist\n\nCheck the
PR satisfies following conditions. \n\nReviewers should verify this PR
satisfies this list as well.\n\n- [x] Any text added follows [EUI's
writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\nsentence case text and includes
[i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n\n---------\n\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"e9813b8c72d4479c8f023a3dccc94842fdac29f0"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.17","label":"v8.17.3","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.16","label":"v8.16.5","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Christophe Alladoum <85187342+calladoum-elastic@users.noreply.github.com>

x-pack/plugins/security_solution/public/management/pages/policy/models/advanced_policy_schema.ts

@@ -845,6 +845,17 @@ export const AdvancedPolicySchema: AdvancedPolicySchemaType[] = [
       }
     ),
   },
+  {
+    key: 'windows.advanced.ransomware.dump_process',
+    first_supported_version: '8.11',
+    documentation: i18n.translate(
+      'xpack.securitySolution.endpoint.policy.advanced.windows.advanced.ransomware.dump_process',
+      {
+        defaultMessage:
+          "A value of 'false' disables the generation of a memory dump of the Ransomware process. This is ignored if the canary protection is off. Default: true.",
+      }
+    ),
+  },
   {
     key: 'windows.advanced.memory_protection.shellcode',
     first_supported_version: '7.15',