[Cloud Security] add securty capability to Cloud Defend package so it only shows up in Security projects in serverless

[maxcold]

Proposed commit message

Add security capability so that the cloud_defend package shows up in Security projects on serverless after Oct 17th so that cloud_defend is only available in Security projects (you cannot use it from Observability projects). More context in https://github.com/elastic/security-team/issues/7624

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

• [ ]

How to test this PR locally

• Install elastic-package and run elastic-package check inside cloud_defend package to validate
• Follow the steps in https://docs.google.com/document/d/1VbPZp_JgLuMpKixSGrQrZejARAJYje5zjoS3vmENF-s/edit#heading=h.7ymomq669pb4 to run stack and test the package

Related issues

• Relates https://github.com/elastic/security-team/issues/7624

Screenshots

[maxcold]

I ran an elastic-package check to validate the package but haven't tested it manually as I haven't dealt with the cloud_defend plugin before and don't think the change requires extensive testing anyway as it only adds the capability to the manifest. But if anyone has the bandwidth to test the package, I'd appreciate it.

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2023-10-16T10:04:01.374+0000

• Duration: 14 min 21 sec

Test stats 🧪

Test	Results
Failed	0
Passed	8
Skipped	0
Total	8

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

[elasticmachine]

🌐 Coverage report

Name	Metrics % (covered/total)	Diff
Packages	100.0% (0/0)	💚
Files	100.0% (0/0)	💚 13.043
Classes	100.0% (0/0)	💚 13.043
Methods	27.778% (5/18)	👎 -56.722
Lines	100.0% (0/0)	💚 13.542
Conditionals	100.0% (0/0)	💚

[eyalkraft]

LGTM, let's wait for @elastic/sec-linux-platform to test it.

[norrietaylor]

LGTM

[elasticmachine]

Package cloud_defend - 1.2.2 containing this change is available at https://epr.elastic.co/search?package=cloud_defend

[andrewkroh]

so that the cloud_defend package shows up in Security projects on serverless

Did something change to require the security capability before cloud_defend would be advertised within "Serverless" to users? AFAIK cloud_defend doesn't require any special capabilities beyond your normal Fleet. Why was this change necessary? Is there something capability that only exists in security projects that it requires?

If this capability is required for a package to show up in security projects, then there are about 150 more packages that need changed.

[eyalkraft]

Hi @andrewkroh! While an agent with cloud_defend installed might work on o11y projects, from a UI perspective (I'm pretty sure) all the relevant screens like session view or security k8s dashboard won't be available so the value is questionable.

Maybe we're wrong here to limit this integration on serverless only to security type projects - I guess that's mainly a product question.

@snehsach19 @nick-alayil do you think we should revert this change?

If this capability is required for a package to show up in security projects, then there are about 150 more packages that need changed.

I believe they will show up if they've been upgraded to spec v3. (doc) the capabilities part will just limit them to security serverless project only.

[andrewkroh]

the capabilities part will just limit them to security serverless project only.

Yes, that was my understanding. The PR description used here is misleading, this change actually excludes cloud_defend from project types other than Security.

And I agree, this is a product management question on whether we want the cloud_defend integration to be exclusively available in Security projects.