elastic · animehart · Dec 3, 2025 · Dec 3, 2025 · Dec 3, 2025 · Dec 3, 2025
@@ -36,6 +36,11 @@ export enum SecurityPageName {
   cloudSecurityPostureVulnerabilityDashboard = 'cloud_security_posture-vulnerability_dashboard',
   cloudSecurityPostureFindings = 'cloud_security_posture-findings',
   cloudSecurityPostureRules = 'cloud_security_posture-rules',
+  /*
+   * Warning: Computed values are not permitted in an enum with string valued members
+   * All cloud defend page names must match `CloudDefendPageId` in x-pack/solutions/security/plugins/cloud_defend/public/common/navigation/types.ts
+   */
+  cloudDefend = 'cloud_defend',
   cloudDefendPolicies = 'cloud_defend-policies',
   dashboards = 'dashboards',
   dataQuality = 'data_quality',

diff --git a/x-pack/platform/plugins/private/translations/translations/fr-FR.json b/x-pack/platform/plugins/private/translations/translations/fr-FR.json
@@ -33373,6 +33373,7 @@
     "xpack.securitySolution.appLinks.category.entityAnalytics": "Analyse des entités",
     "xpack.securitySolution.appLinks.category.investigations": "Investigations",
     "xpack.securitySolution.appLinks.category.management": "Gestion",
+    "xpack.securitySolution.appLinks.cloudDefendPoliciesDescription": "Sécurisez les charges de travail conteneurisées dans Kubernetes contre les attaques et les dérives grâce à des politiques d'exécution granulaires et flexibles.",
     "xpack.securitySolution.appLinks.cloudSecurityPostureBenchmarksDescription": "Voir les règles de benchmark pour la gestion du niveau de sécurité du cloud.",
     "xpack.securitySolution.appLinks.cloudSecurityPostureDashboardDescription": "Un aperçu des résultats de toutes les intégrations CSP.",
     "xpack.securitySolution.appLinks.coverageOverviewDashboard": "Couverture MITRE ATT&CK",

diff --git a/x-pack/platform/plugins/private/translations/translations/ja-JP.json b/x-pack/platform/plugins/private/translations/translations/ja-JP.json
@@ -33407,6 +33407,7 @@
     "xpack.securitySolution.appLinks.category.entityAnalytics": "エンティティ分析",
     "xpack.securitySolution.appLinks.category.investigations": "調査",
     "xpack.securitySolution.appLinks.category.management": "管理",
+    "xpack.securitySolution.appLinks.cloudDefendPoliciesDescription": "粒度の高い柔軟なランタイムポリシーによって、Kubernetesのコンテナーワークロードを攻撃とドリフトから保護します。",
     "xpack.securitySolution.appLinks.cloudSecurityPostureBenchmarksDescription": "Cloud Security Posture Managementのベンチマークルールを表示します。",
     "xpack.securitySolution.appLinks.cloudSecurityPostureDashboardDescription": "すべてのCSP統合の結果の概要。",
     "xpack.securitySolution.appLinks.coverageOverviewDashboard": "MITRE ATT&CKの範囲",

diff --git a/x-pack/platform/plugins/private/translations/translations/zh-CN.json b/x-pack/platform/plugins/private/translations/translations/zh-CN.json
@@ -33390,6 +33390,7 @@
     "xpack.securitySolution.appLinks.category.entityAnalytics": "实体分析",
     "xpack.securitySolution.appLinks.category.investigations": "调查",
     "xpack.securitySolution.appLinks.category.management": "管理",
+    "xpack.securitySolution.appLinks.cloudDefendPoliciesDescription": "通过细粒度、灵活的运行时策略保护 Kubernetes 中的容器工作负载，使其免于受到攻击和出现漂移。",
     "xpack.securitySolution.appLinks.cloudSecurityPostureBenchmarksDescription": "查看用于云安全态势管理的基准规则。",
     "xpack.securitySolution.appLinks.cloudSecurityPostureDashboardDescription": "所有 CSP 集成中的结果概述。",
     "xpack.securitySolution.appLinks.coverageOverviewDashboard": "MITRE ATT&CK 支持",

@@ -16,7 +16,7 @@ const NAV_ITEMS_NAMES = {
 };
 
 /** The base path for all cloud defend pages. */
-const CLOUD_DEFEND_BASE_PATH = '/cloud_defend';
+export const CLOUD_DEFEND_BASE_PATH = '/cloud_defend';
 
 export const cloudDefendPages: Record<CloudDefendPage, CloudDefendPageNavigationItem> = {
   policies: {

@@ -8,6 +8,7 @@ import { CloudDefendPlugin } from './plugin';
 
 export type { CloudDefendSecuritySolutionContext } from './types';
 export { getSecuritySolutionLink } from './common/navigation/security_solution_links';
+export { CLOUD_DEFEND_BASE_PATH } from './common/navigation/constants';
 export type { CloudDefendPageId } from './common/navigation/types';
 
 // This exports static code and TypeScript types,

@@ -126,6 +126,7 @@ export const NETWORK_PATH = '/network' as const;
 export const MANAGEMENT_PATH = '/administration' as const;
 export const COVERAGE_OVERVIEW_PATH = '/rules_coverage_overview' as const;
 export const THREAT_INTELLIGENCE_PATH = '/threat_intelligence' as const;
+export const CLOUD_DEFEND_PATH = '/cloud_defend' as const;
 export const ENDPOINTS_PATH = `${MANAGEMENT_PATH}/endpoints` as const;
 export const POLICIES_PATH = `${MANAGEMENT_PATH}/policy` as const;
 export const ENDPOINT_EXCEPTIONS_PATH = `${MANAGEMENT_PATH}/endpoint_exceptions` as const;

@@ -6,11 +6,12 @@
  */
 
 import type { SecuritySubPlugin } from '../app/types';
+import { routes } from './routes';
 
 export class CloudDefend {
   public setup() {}
 
   public start(): SecuritySubPlugin {
-    return { routes: [] };
+    return { routes };
   }
 }
@@ -0,0 +1,27 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { getSecuritySolutionLink } from '@kbn/cloud-defend-plugin/public';
+import { i18n } from '@kbn/i18n';
+import type { SecurityPageName } from '../../common/constants';
+import { SECURITY_FEATURE_ID } from '../../common/constants';
+import type { LinkItem } from '../common/links/types';
+import { IconCloudDefend } from '../common/icons/cloud_defend';
+
+const commonLinkProperties: Partial<LinkItem> = {
+  hideTimeline: true,
+  capabilities: [`${SECURITY_FEATURE_ID}.show`],
+};
+
+export const cloudDefendLink: LinkItem = {
+  ...getSecuritySolutionLink<SecurityPageName>('policies'),
+  description: i18n.translate('xpack.securitySolution.appLinks.cloudDefendPoliciesDescription', {
+    defaultMessage:
+      'Secure container workloads in Kubernetes from attacks and drift through granular and flexible runtime policies.',
+  }),
+  landingIcon: IconCloudDefend,
+  ...commonLinkProperties,
+};
@@ -0,0 +1,94 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import type {
+  CloudDefendPageId,
+  CloudDefendSecuritySolutionContext,
+} from '@kbn/cloud-defend-plugin/public';
+import { css } from '@emotion/react';
+import { CLOUD_DEFEND_BASE_PATH } from '@kbn/cloud-defend-plugin/public';
+import { FormattedMessage } from '@kbn/i18n-react';
+import { EuiEmptyPrompt, EuiFlexGroup } from '@elastic/eui';
+import type { SecurityPageName, SecuritySubPluginRoutes } from '../app/types';
+import { useKibana } from '../common/lib/kibana';
+import { SecuritySolutionPageWrapper } from '../common/components/page_wrapper';
+import { SpyRoute } from '../common/utils/route/spy_routes';
+import { FiltersGlobal } from '../common/components/filters_global';
+import { PluginTemplateWrapper } from '../common/components/plugin_template_wrapper';
+
+// This exists only for the type signature cast
+const CloudDefendSpyRoute = ({ pageName, ...rest }: { pageName?: CloudDefendPageId }) => (
+  <SpyRoute pageName={pageName as SecurityPageName | undefined} {...rest} />
+);
+
+const cloudDefendSecuritySolutionContext: CloudDefendSecuritySolutionContext = {
+  getFiltersGlobalComponent: () => FiltersGlobal,
+  getSpyRouteComponent: () => CloudDefendSpyRoute,
+};
+
+const CloudDefend = () => {
+  const { cloudDefend, cloud } = useKibana().services;
+  const CloudDefendRouter = cloudDefend.getCloudDefendRouter();
+  const isServerless: boolean = cloud?.isServerlessEnabled ?? false;
+
+  // Remove this once Cloud Defend Billing works
+  if (isServerless) {
+    return (
+      <PluginTemplateWrapper>
+        <SecuritySolutionPageWrapper noPadding noTimeline>
+          <EuiFlexGroup
+            css={css`
+              // 250px is roughly the Kibana chrome with a page title and tabs
+              min-height: calc(100vh - 250px);
+            `}
+            justifyContent="center"
+            alignItems="center"
+            direction="column"
+          >
+            <EuiEmptyPrompt
+              color="plain"
+              title={
+                <h2>
+                  <FormattedMessage
+                    id="xpack.securitySolution.cloudDefend.serverlessNotOfferedTitle"
+                    defaultMessage="Page Unavailable"
+                  />
+                </h2>
+              }
+              body={
+                <p>
+                  <FormattedMessage
+                    id="xpack.securitySolution.cloudDefend.serverlessNotOfferedBodyMessage"
+                    defaultMessage="Defend for containers integration is not enabled in serverless"
+                  />
+                </p>
+              }
+            />
+          </EuiFlexGroup>
+        </SecuritySolutionPageWrapper>
+      </PluginTemplateWrapper>
+    );
+  }
+
+  return (
+    <PluginTemplateWrapper>
+      <SecuritySolutionPageWrapper noPadding noTimeline>
+        <CloudDefendRouter securitySolutionContext={cloudDefendSecuritySolutionContext} />
+      </SecuritySolutionPageWrapper>
+    </PluginTemplateWrapper>
+  );
+};
+
+CloudDefend.displayName = 'CloudDefend';
+
+export const routes: SecuritySubPluginRoutes = [
+  {
+    path: CLOUD_DEFEND_BASE_PATH,
+    component: CloudDefend,
+  },
+];
@@ -0,0 +1,50 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import type { SVGProps } from 'react';
+import React from 'react';
+export const IconCloudDefend: React.FC<SVGProps<SVGSVGElement>> = ({ ...props }) => (
+  <svg
+    width="32"
+    height="32"
+    viewBox="0 0 32 32"
+    fill="none"
+    xmlns="http://www.w3.org/2000/svg"
+    {...props}
+  >
+    <g clipPath="url(#clip0_327_292367)">
+      <path
+        fillRule="evenodd"
+        clipRule="evenodd"
+        d="M4 22.3234L12.7273 26.7447V16.0586L4 11.6373V22.3234ZM2 22.9378C2 23.3147 2.21188 23.6595 2.54807 23.8299L13.2753 29.2644C13.9405 29.6014 14.7273 29.118 14.7273 28.3723V15.4442C14.7273 15.0673 14.5154 14.7225 14.1792 14.5521L3.45192 9.11761C2.78673 8.78062 2 9.26398 2 10.0097V22.9378Z"
+        fill="#535766"
+      />
+      <path
+        fillRule="evenodd"
+        clipRule="evenodd"
+        d="M16 10.349L7.99871 6.29552L16 2.24201L24.0013 6.29552L16 10.349ZM15.5481 12.3621C15.8322 12.506 16.1678 12.506 16.4519 12.3621L26.666 7.18758C27.3967 6.81737 27.3967 5.77368 26.666 5.40347L16.4519 0.228946C16.1678 0.0850214 15.8322 0.0850209 15.5481 0.228945L5.33402 5.40347C4.60325 5.77368 4.60325 6.81737 5.33402 7.18758L15.5481 12.3621Z"
+        fill="#535766"
+      />
+      <path
+        fillRule="evenodd"
+        clipRule="evenodd"
+        d="M19.2727 16.0586L28 11.6373V17.0039H30V10.0097C30 9.26398 29.2133 8.78062 28.5481 9.11761L17.8208 14.5521C17.4846 14.7225 17.2727 15.0673 17.2727 15.4442V28.3723C17.2727 29.118 18.0595 29.6014 18.7247 29.2644L19.2645 28.9909V17.0039H19.2727V16.0586Z"
+        fill="#535766"
+      />
+      <path
+        fillRule="evenodd"
+        clipRule="evenodd"
+        d="M30 20.2857H22.5714V26.3067C22.5714 27.0092 22.94 27.6602 23.5424 28.0216L26.2857 29.6676L29.029 28.0216C29.6314 27.6602 30 27.0092 30 26.3067V20.2857ZM26.2857 32L22.5134 29.7366C21.3086 29.0137 20.5714 27.7117 20.5714 26.3067V18.2857H32V26.3067C32 27.7117 31.2628 29.0137 30.058 29.7366L26.2857 32Z"
+        fill="#00BFB3"
+      />
+    </g>
+    <defs>
+      <clipPath id="clip0_327_292367">
+        <rect width="32" height="32" fill="white" />
+      </clipPath>
+    </defs>
+  </svg>
+);
@@ -48,6 +48,7 @@ import {
 import { licenseService } from '../common/hooks/use_license';
 import type { LinkItem } from '../common/links/types';
 import type { StartPlugins } from '../types';
+import { cloudDefendLink } from '../cloud_defend/links';
 import { links as notesLink } from '../notes/links';
 import { IconConsole } from '../common/icons/console';
 import { IconShield } from '../common/icons/shield';
@@ -266,6 +267,7 @@ export const links: LinkItem = {
       experimentalKey: 'responseActionsScriptLibraryManagement',
       licenseType: 'enterprise',
     },
+    cloudDefendLink,
     notesLink,
   ],
 };