[EDR Workflows] Initialize CrowdStrike session API#201420
Merged
tomsonpl merged 7 commits intoelastic:mainfrom Nov 28, 2024
Merged
[EDR Workflows] Initialize CrowdStrike session API#201420tomsonpl merged 7 commits intoelastic:mainfrom
tomsonpl merged 7 commits intoelastic:mainfrom
Conversation
tomsonpl
added
release_note:skip
Contributor
Author
|
/ci |
Contributor
Author
|
/ci |
Contributor
Author
|
/ci |
Contributor
Author
|
/ci |
Contributor
Author
|
/ci |
Contributor
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Page load bundle
History
cc @tomsonpl |
Contributor
|
Pinging @elastic/security-defend-workflows (Team:Defend Workflows) |
tomsonpl
requested review from
szwarckonrad
and removed request for
parkiino
adcoelho
approved these changes
Nov 28, 2024
Contributor
|
Starting backport for target branches: 8.x https://github.com/elastic/kibana/actions/runs/12072646970 |
Contributor
💔 All backports failed
Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
Contributor
Author
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
tomsonpl
added a commit
to tomsonpl/kibana
that referenced
this pull request
Nov 29, 2024
(cherry picked from commit 99a4135) # Conflicts: # x-pack/plugins/stack_connectors/common/experimental_features.ts
tomsonpl
added a commit
that referenced
this pull request
Nov 29, 2024
…202259) # Backport This will backport the following commits from `main` to `8.x`: - [[EDR Workflows] Initialize CrowdStrike session API (#201420)](#201420) <!--- Backport version: 8.9.8 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Tomasz Ciecierski","email":"tomasz.ciecierski@elastic.co"},"sourceCommit":{"committedDate":"2024-11-28T16:31:22Z","message":"[EDR Workflows] Initialize CrowdStrike session API (#201420)","sha":"99a413506f502f86fef438d334741ec2bad64728","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Defend Workflows","backport:version","v8.18.0"],"number":201420,"url":"https://github.com/elastic/kibana/pull/201420","mergeCommit":{"message":"[EDR Workflows] Initialize CrowdStrike session API (#201420)","sha":"99a413506f502f86fef438d334741ec2bad64728"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/201420","number":201420,"mergeCommit":{"message":"[EDR Workflows] Initialize CrowdStrike session API (#201420)","sha":"99a413506f502f86fef438d334741ec2bad64728"}},{"branch":"8.x","label":"v8.18.0","labelRegex":"^v8.18.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT-->
This was referenced Dec 5, 2024
CAWilson94
pushed a commit
to CAWilson94/kibana
that referenced
this pull request
Dec 12, 2024
This was referenced Dec 16, 2024
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR introduces a session manager to handle RTR session lifecycle management for CrowdStrike connectors. It also includes a temporary
RTRCommandsubAction for testing and validation purposes. All changes are currently gated behind thecrowdstrikeConnectorRTROnfeature flag.Key Changes
Session Manager:
Temporary RTRCommand SubAction:
Feature Flag:
crowdstrikeConnectorRTROnfeature flag to ensure controlled rollout.Tests:
TestableCrowdStrikeSessionManagerfor testing private fields and methods.Why is this needed?
This implementation lays the groundwork for enabling RTR command execution through Elastic connectors by providing a robust session management mechanism. The temporary subAction allows for incremental testing and development while maintaining flexibility.
Future Considerations