[EDR Workflows] Add dns event collection for macOS for Elastic Defend (#223566)

## Summary

Adds `DNS` to Defend policy config:
<img width="952" alt="image"
src="https://github.com/user-attachments/assets/de5aabe2-544a-49ae-82c2-59f9ffbca8c4"
/>

There is no migration for existing policies.

For new policies, it is enabled by default for
- Complete EDR
- Data Collection

and disabled for other configs.


### Checklist

Check the PR satisfies following conditions. 

Reviewers should verify this PR satisfies this list as well.

- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios

---------

Co-authored-by: Elastic Machine <[email protected]>

Author: gergoabraham

x-pack/solutions/security/plugins/security_solution/common/endpoint/models/policy_config.ts

@@ -95,6 +95,7 @@ export const policyFactory = ({
     },
     mac: {
       events: {
+        dns: true,
         process: true,
         file: true,
         network: true,

x-pack/solutions/security/plugins/security_solution/common/endpoint/models/policy_config_helpers.test.ts

@@ -100,6 +100,7 @@ describe('Policy Config helpers', () => {
       };
 
       const macEvents: typeof defaultPolicy.mac.events = {
+        dns: false,
         file: false,
         process: false,
         network: false,
@@ -370,7 +371,7 @@ const eventsOnlyPolicy = (): PolicyConfig => ({
     attack_surface_reduction: { credential_hardening: { enabled: false } },
   },
   mac: {
-    events: { process: true, file: true, network: true, security: true },
+    events: { dns: true, process: true, file: true, network: true, security: true },
     malware: { mode: ProtectionModes.off, blocklist: false, on_write_scan: false },
     behavior_protection: { mode: ProtectionModes.off, supported: true, reputation_service: false },
     memory_protection: { mode: ProtectionModes.off, supported: true },

x-pack/solutions/security/plugins/security_solution/common/endpoint/types/index.ts

@@ -1033,6 +1033,7 @@ export interface PolicyConfig {
   mac: {
     advanced?: {};
     events: {
+      dns: boolean;
       file: boolean;
       process: boolean;
       network: boolean;

x-pack/solutions/security/plugins/security_solution/public/management/pages/policy/store/policy_details/index.test.ts

@@ -331,7 +331,7 @@ describe('policy details: ', () => {
                     },
                   },
                   mac: {
-                    events: { process: true, file: true, network: true, security: true },
+                    events: { dns: true, process: true, file: true, network: true, security: true },
                     malware: { mode: 'prevent', blocklist: true, on_write_scan: true },
                     behavior_protection: {
                       mode: 'off',

x-pack/solutions/security/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/cards/mac_event_collection_card.test.tsx

@@ -40,7 +40,7 @@ describe('Policy Mac Event Collection Card', () => {
 
     expect(
       getByTestId(testSubj.optionsContainer).querySelectorAll('input[type="checkbox"]')
-    ).toHaveLength(4);
+    ).toHaveLength(5);
     expect(getByTestId(testSubj.fileCheckbox)).toBeChecked();
     expect(getByTestId(testSubj.networkCheckbox)).toBeChecked();
     expect(getByTestId(testSubj.processCheckbox)).toBeChecked();
@@ -63,8 +63,9 @@ describe('Policy Mac Event Collection Card', () => {
             'Event collection' +
             'Operating system' +
             'Mac ' +
-            '4 / 4 event collections enabled' +
+            '5 / 5 event collections enabled' +
             'Events' +
+            'DNS' +
             'File' +
             'Process' +
             'Network' +
@@ -86,8 +87,9 @@ describe('Policy Mac Event Collection Card', () => {
             'Event collection' +
             'Operating system' +
             'Mac ' +
-            '3 / 4 event collections enabled' +
+            '4 / 5 event collections enabled' +
             'Events' +
+            'DNS' +
             'File' +
             'Process' +
             'Network' +

x-pack/solutions/security/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/cards/mac_event_collection_card.tsx

@@ -13,6 +13,12 @@ import { EventCollectionCard } from '../event_collection_card';
 import type { PolicyFormComponentCommonProps } from '../../types';
 
 const OPTIONS: ReadonlyArray<EventFormOption<OperatingSystem.MAC>> = [
+  {
+    name: i18n.translate('xpack.securitySolution.endpoint.policyDetailsConfig.mac.events.dns', {
+      defaultMessage: 'DNS',
+    }),
+    protectionField: 'dns',
+  },
   {
     name: i18n.translate('xpack.securitySolution.endpoint.policyDetailsConfig.mac.events.file', {
       defaultMessage: 'File',

x-pack/solutions/security/plugins/security_solution/server/fleet_integration/handlers/create_default_policy.test.ts

@@ -127,7 +127,11 @@ describe('Create Default Policy tests ', () => {
       };
     };
 
-    const defaultEventsDisabled = () => ({
+    const defaultEventsDisabled = (): {
+      linux: PolicyConfig['linux']['events'];
+      mac: PolicyConfig['mac']['events'];
+      windows: PolicyConfig['windows']['events'];
+    } => ({
       linux: {
         process: false,
         file: false,
@@ -136,11 +140,14 @@ describe('Create Default Policy tests ', () => {
         tty_io: false,
       },
       mac: {
+        dns: false,
         process: false,
         file: false,
         network: false,
+        security: false,
       },
       windows: {
+        credential_access: false,
         process: false,
         file: false,
         network: false,