elastic · paul-tavares · Jan 23, 2025 · Jan 17, 2025 · Jan 17, 2025 · Jan 17, 2025
@@ -11,7 +11,7 @@ import { setupTestServers } from './lib';
 import { connectorTypes } from './mocks/connector_types';
 import { actionsConfigMock } from '../actions_config.mock';
 import { loggerMock } from '@kbn/logging-mocks';
-import { Services } from '../types';
+import type { ActionTypeConfig, Services } from '../types';
 
 jest.mock('../action_type_registry', () => {
   const actual = jest.requireActual('../action_type_registry');
@@ -64,8 +64,20 @@ describe('Connector type config checks', () => {
 
       // SubActionConnector
       if (getService) {
+        let connectorConfig: ActionTypeConfig = {};
+
+        if (connectorTypeId === '.microsoft_defender_endpoint') {
+          connectorConfig = {
+            clientId: 'foo',
+            tenantId: 'foo-foo',
+            oAuthServerUrl: 'https://_fake_auth.com/',
+            oAuthScope: 'some-scope',
+            apiUrl: 'https://_face_api_.com',
+          };
+        }
+
         const subActions = getService({
-          config: {},
+          config: connectorConfig,
           configurationUtilities: actionsConfigMock.create(),
           connector: { id: 'foo', type: 'bar' },
           logger: loggerMock.create(),

@@ -32,6 +32,7 @@ export const connectorTypes: string[] = [
   '.thehive',
   '.sentinelone',
   '.crowdstrike',
+  '.microsoft_defender_endpoint',
   '.cases',
   '.observability-ai-assistant',
 ];
@@ -48,7 +48,7 @@
     "@kbn/security-plugin-types-server",
     "@kbn/core-application-common",
     "@kbn/cloud-plugin",
-    "@kbn/core-http-server-utils"
+    "@kbn/core-http-server-utils",
   ],
   "exclude": [
     "target/**/*",

@@ -16,8 +16,8 @@ export const allowedExperimentalValues = Object.freeze({
   sentinelOneConnectorOn: true,
   crowdstrikeConnectorOn: true,
   inferenceConnectorOn: false,
-  crowdstrikeConnectorRTROn: false,
-  microsoftDefenderEndpointOn: false,
+  crowdstrikeConnectorRTROn: true,
+  microsoftDefenderEndpointOn: true,
 });
 
 export type ExperimentalConfigKeys = Array<keyof ExperimentalFeatures>;

@@ -35,7 +35,7 @@ export function getConnectorType(): ConnectorTypeModel<
     id: CROWDSTRIKE_CONNECTOR_ID,
     actionTypeTitle: CROWDSTRIKE_TITLE,
     iconClass: lazy(() => import('./logo')),
-    isExperimental: true,
+    isExperimental: false,
     selectMessage: i18n.translate(
       'xpack.stackConnectors.security.crowdstrike.config.selectMessageText',
       {

@@ -35,7 +35,7 @@ export function getConnectorType(): ConnectorTypeModel<
     id: MICROSOFT_DEFENDER_ENDPOINT_CONNECTOR_ID,
     actionTypeTitle: MICROSOFT_DEFENDER_ENDPOINT_TITLE,
     iconClass: lazy(() => import('./logo')),
-    isExperimental: true,
+    isExperimental: false,
     selectMessage: i18n.translate(
       'xpack.stackConnectors.security.MicrosoftDefenderEndpointSecrets.config.selectMessageText',
       {

@@ -35,7 +35,7 @@ export function getConnectorType(): ConnectorTypeModel<
     id: SENTINELONE_CONNECTOR_ID,
     actionTypeTitle: SENTINELONE_TITLE,
     iconClass: lazy(() => import('./logo')),
-    isExperimental: true,
+    isExperimental: false,
     selectMessage: i18n.translate(
       'xpack.stackConnectors.security.sentinelone.config.selectMessageText',
       {

@@ -142,7 +142,7 @@ describe('Stack Connectors Plugin', () => {
           name: 'Torq',
         })
       );
-      expect(actionsSetup.registerSubActionConnectorType).toHaveBeenCalledTimes(11);
+      expect(actionsSetup.registerSubActionConnectorType).toHaveBeenCalledTimes(12);
       expect(actionsSetup.registerSubActionConnectorType).toHaveBeenNthCalledWith(
         1,
         expect.objectContaining({

@@ -0,0 +1,23 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { ResponseActionAgentType } from './constants';
+
+const TECH_PREVIEW_AGENT_TYPE = Object.freeze<Record<ResponseActionAgentType, boolean>>({
+  endpoint: false,
+  microsoft_defender_endpoint: false,
+  crowdstrike: false,
+  sentinel_one: false,
+});
+
+/**
+ * Returns boolean indicating if agent type is in tech preview or not.
+ * @param agentType
+ */
+export const isAgentTypeInTechPreview = (agentType: ResponseActionAgentType) => {
+  return TECH_PREVIEW_AGENT_TYPE[agentType] ?? true;
+};
@@ -253,8 +253,9 @@ export const allowedExperimentalValues = Object.freeze({
 
   /**
    * Enables CrowdStrike's RunScript RTR command
+   * Release: 8.18/9.0
    */
-  crowdstrikeRunScriptEnabled: false,
+  crowdstrikeRunScriptEnabled: true,
 
   /**
    * Enables the Asset Inventory Entity Store feature.
@@ -268,9 +269,10 @@ export const allowedExperimentalValues = Object.freeze({
   assetInventoryUXEnabled: false,
 
   /**
-   * Enabled Microsoft Defender for  Endpoint actions client
+   * Enabled Microsoft Defender for  Endpoint actions: Isolate and Release.
+   * Release: 8.18/9.0
    */
-  responseActionsMSDefenderEndpointEnabled: false,
+  responseActionsMSDefenderEndpointEnabled: true,
 });
 
 type ExperimentalConfigKeys = Array<keyof ExperimentalFeatures>;

@@ -12,6 +12,7 @@ import type { AgentTypeIntegrationProps } from './agent_type_integration';
 import { AgentTypeIntegration, INTEGRATION_SECTION_LABEL } from './agent_type_integration';
 import { getAgentTypeName } from '../../../../translations';
 import { RESPONSE_ACTION_AGENT_TYPE } from '../../../../../../common/endpoint/service/response_actions/constants';
+import { isAgentTypeInTechPreview } from '../../../../../../common/endpoint/service/response_actions/is_agent_type_in_tech_preview';
 
 describe('AgentTypeIntegration component', () => {
   let props: AgentTypeIntegrationProps;
@@ -52,11 +53,7 @@ describe('AgentTypeIntegration component', () => {
       expect(getByTestId('test-tooltipAnchor'));
     });
 
-    if (
-      agentType === 'sentinel_one' ||
-      agentType === 'crowdstrike' ||
-      agentType === 'microsoft_defender_endpoint'
-    ) {
+    if (isAgentTypeInTechPreview(agentType)) {
       it('should display tech preview badge', () => {
         const { getByTestId } = render();
 

@@ -10,6 +10,7 @@ import type { EuiTextProps } from '@elastic/eui';
 import { EuiBetaBadge, EuiFlexGroup, EuiFlexItem, EuiIconTip, EuiText } from '@elastic/eui';
 import { FormattedMessage } from '@kbn/i18n-react';
 import { i18n } from '@kbn/i18n';
+import { isAgentTypeInTechPreview } from '../../../../../../common/endpoint/service/response_actions/is_agent_type_in_tech_preview';
 import { useTestIdGenerator } from '../../../../../management/hooks/use_test_id_generator';
 import { AgentTypeVendorLogo } from '../agent_type_vendor_logo';
 import {
@@ -43,11 +44,7 @@ export const AgentTypeIntegration = memo<AgentTypeIntegrationProps>(
     const testId = useTestIdGenerator(dataTestSubj);
 
     const isTechPreview = useMemo(() => {
-      return (
-        agentType === 'sentinel_one' ||
-        agentType === 'crowdstrike' ||
-        agentType === 'microsoft_defender_endpoint'
-      );
+      return isAgentTypeInTechPreview(agentType);
     }, [agentType]);
 
     return (

@@ -1854,25 +1854,6 @@ describe('Response actions history', () => {
       ]);
     });
 
-    it('should show only action types when 3rd party vendor feature flags are set to false thus only endpoint available', async () => {
-      mockedContext.setExperimentalFlag({
-        responseActionsSentinelOneV1Enabled: false,
-        responseActionsCrowdstrikeManualHostIsolationEnabled: false,
-      });
-      render({ isFlyout: false });
-      const { getByTestId, getAllByTestId } = renderResult;
-
-      await user.click(getByTestId(`${testPrefix}-${filterPrefix}-popoverButton`));
-      const filterList = getByTestId(`${testPrefix}-${filterPrefix}-popoverList`);
-      expect(filterList).toBeTruthy();
-      expect(getAllByTestId(`${filterPrefix}-option`).length).toEqual(
-        [...RESPONSE_ACTION_TYPE].length
-      );
-      expect(getAllByTestId(`${filterPrefix}-option`).map((option) => option.textContent)).toEqual([
-        'Triggered by rule',
-        'Triggered manually',
-      ]);
-    });
     it('should show a list of agents and action types when opened in page view', async () => {
       mockedContext.setExperimentalFlag({
         responseActionsSentinelOneV1Enabled: true,

@@ -235,7 +235,11 @@ const runCli: RunFn = async ({ log, flags }) => {
     }),
     createDetectionEngineMicrosoftDefenderRuleIfNeeded(kbnClient, log, agentPolicyNamespace),
     // Trigger alert on the windows VM
-    msVm.exec('curl -o /tmp/eicar.com.txt https://secure.eicar.org/eicar.com.txt'),
+    msVm.exec('curl -o /tmp/eicar.com.txt https://secure.eicar.org/eicar.com.txt').catch((err) => {
+      log.warning(
+        `Attempted to trigger an alert on host [${msVm.name}], but failed with: ${err.message}`
+      );
+    }),
   ]);
 
   log.info(`Done!

@@ -233,7 +233,13 @@ const runCli: RunFn = async ({ log, flags }) => {
 
   // Trigger an alert on the SentinelOn host so that we get an alert back in Kibana
   log.info(`Triggering SentinelOne alert`);
-  await s1HostVm.exec('nslookup elastic.co');
+  await s1HostVm
+    .exec('curl -o /tmp/eicar.com.txt https://secure.eicar.org/eicar.com.txt')
+    .catch((err) => {
+      log.warning(
+        `Attempted to trigger an alert on host [${s1HostVm.name}], but failed with: ${err.message}`
+      );
+    });
 
   log.info(`Done!