[8.x] [Security Solution][Endpoint] Enable bi-directional response actions and remove tech. preview labels (#207107)

x-pack/platform/plugins/shared/actions/server/integration_tests/connector_types.test.ts

@@ -11,7 +11,7 @@ import { setupTestServers } from './lib';
 import { connectorTypes } from './mocks/connector_types';
 import { actionsConfigMock } from '../actions_config.mock';
 import { loggerMock } from '@kbn/logging-mocks';
-import { Services } from '../types';
+import type { ActionTypeConfig, Services } from '../types';
 
 jest.mock('../action_type_registry', () => {
   const actual = jest.requireActual('../action_type_registry');
@@ -64,8 +64,20 @@ describe('Connector type config checks', () => {
 
       // SubActionConnector
       if (getService) {
+        let connectorConfig: ActionTypeConfig = {};
+
+        if (connectorTypeId === '.microsoft_defender_endpoint') {
+          connectorConfig = {
+            clientId: 'foo',
+            tenantId: 'foo-foo',
+            oAuthServerUrl: 'https://_fake_auth.com/',
+            oAuthScope: 'some-scope',
+            apiUrl: 'https://_face_api_.com',
+          };
+        }
+
         const subActions = getService({
-          config: {},
+          config: connectorConfig,
           configurationUtilities: actionsConfigMock.create(),
           connector: { id: 'foo', type: 'bar' },
           logger: loggerMock.create(),

x-pack/platform/plugins/shared/actions/server/integration_tests/mocks/connector_types.ts

@@ -33,6 +33,7 @@ export const connectorTypes: string[] = [
   '.sentinelone',
   '.crowdstrike',
   '.inference',
+  '.microsoft_defender_endpoint',
   '.cases',
   '.observability-ai-assistant',
 ];

x-pack/platform/plugins/shared/actions/tsconfig.json

@@ -49,7 +49,7 @@
     "@kbn/security-plugin-types-server",
     "@kbn/core-application-common",
     "@kbn/cloud-plugin",
-    "@kbn/core-http-server-utils"
+    "@kbn/core-http-server-utils",
   ],
   "exclude": [
     "target/**/*",

x-pack/platform/plugins/shared/stack_connectors/common/experimental_features.ts

@@ -16,8 +16,8 @@ export const allowedExperimentalValues = Object.freeze({
   sentinelOneConnectorOn: true,
   crowdstrikeConnectorOn: true,
   inferenceConnectorOn: true,
-  crowdstrikeConnectorRTROn: false,
-  microsoftDefenderEndpointOn: false,
+  crowdstrikeConnectorRTROn: true,
+  microsoftDefenderEndpointOn: true,
 });
 
 export type ExperimentalConfigKeys = Array<keyof ExperimentalFeatures>;

x-pack/platform/plugins/shared/stack_connectors/public/connector_types/crowdstrike/crowdstrike.ts

@@ -35,7 +35,7 @@ export function getConnectorType(): ConnectorTypeModel<
     id: CROWDSTRIKE_CONNECTOR_ID,
     actionTypeTitle: CROWDSTRIKE_TITLE,
     iconClass: lazy(() => import('./logo')),
-    isExperimental: true,
+    isExperimental: false,
     selectMessage: i18n.translate(
       'xpack.stackConnectors.security.crowdstrike.config.selectMessageText',
       {

x-pack/platform/plugins/shared/stack_connectors/public/connector_types/microsoft_defender_endpoint/microsoft_defender_endpoint.ts

@@ -35,7 +35,7 @@ export function getConnectorType(): ConnectorTypeModel<
     id: MICROSOFT_DEFENDER_ENDPOINT_CONNECTOR_ID,
     actionTypeTitle: MICROSOFT_DEFENDER_ENDPOINT_TITLE,
     iconClass: lazy(() => import('./logo')),
-    isExperimental: true,
+    isExperimental: false,
     selectMessage: i18n.translate(
       'xpack.stackConnectors.security.MicrosoftDefenderEndpointSecrets.config.selectMessageText',
       {

x-pack/platform/plugins/shared/stack_connectors/public/connector_types/sentinelone/sentinelone.ts

@@ -35,7 +35,7 @@ export function getConnectorType(): ConnectorTypeModel<
     id: SENTINELONE_CONNECTOR_ID,
     actionTypeTitle: SENTINELONE_TITLE,
     iconClass: lazy(() => import('./logo')),
-    isExperimental: true,
+    isExperimental: false,
     selectMessage: i18n.translate(
       'xpack.stackConnectors.security.sentinelone.config.selectMessageText',
       {

x-pack/platform/plugins/shared/stack_connectors/server/plugin.test.ts

@@ -131,7 +131,7 @@ describe('Stack Connectors Plugin', () => {
           name: 'Torq',
         })
       );
-      expect(actionsSetup.registerSubActionConnectorType).toHaveBeenCalledTimes(11);
+      expect(actionsSetup.registerSubActionConnectorType).toHaveBeenCalledTimes(12);
       expect(actionsSetup.registerSubActionConnectorType).toHaveBeenNthCalledWith(
         1,
         expect.objectContaining({

x-pack/solutions/security/plugins/security_solution/common/endpoint/service/response_actions/is_agent_type_in_tech_preview.ts

@@ -0,0 +1,23 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { ResponseActionAgentType } from './constants';
+
+const TECH_PREVIEW_AGENT_TYPE = Object.freeze<Record<ResponseActionAgentType, boolean>>({
+  endpoint: false,
+  microsoft_defender_endpoint: false,
+  crowdstrike: false,
+  sentinel_one: false,
+});
+
+/**
+ * Returns boolean indicating if agent type is in tech preview or not.
+ * @param agentType
+ */
+export const isAgentTypeInTechPreview = (agentType: ResponseActionAgentType) => {
+  return TECH_PREVIEW_AGENT_TYPE[agentType] ?? true;
+};

x-pack/solutions/security/plugins/security_solution/common/experimental_features.ts

@@ -253,8 +253,9 @@ export const allowedExperimentalValues = Object.freeze({
 
   /**
    * Enables CrowdStrike's RunScript RTR command
+   * Release: 8.18/9.0
    */
-  crowdstrikeRunScriptEnabled: false,
+  crowdstrikeRunScriptEnabled: true,
 
   /**
    * Enables the Asset Inventory Entity Store feature.
@@ -268,9 +269,10 @@ export const allowedExperimentalValues = Object.freeze({
   assetInventoryUXEnabled: false,
 
   /**
-   * Enabled Microsoft Defender for  Endpoint actions client
+   * Enabled Microsoft Defender for  Endpoint actions: Isolate and Release.
+   * Release: 8.18/9.0
    */
-  responseActionsMSDefenderEndpointEnabled: false,
+  responseActionsMSDefenderEndpointEnabled: true,
 });
 
 type ExperimentalConfigKeys = Array<keyof ExperimentalFeatures>;

x-pack/solutions/security/plugins/security_solution/public/common/components/endpoint/agents/agent_type_integration/agent_type_integration.test.tsx

@@ -12,6 +12,7 @@ import type { AgentTypeIntegrationProps } from './agent_type_integration';
 import { AgentTypeIntegration, INTEGRATION_SECTION_LABEL } from './agent_type_integration';
 import { getAgentTypeName } from '../../../../translations';
 import { RESPONSE_ACTION_AGENT_TYPE } from '../../../../../../common/endpoint/service/response_actions/constants';
+import { isAgentTypeInTechPreview } from '../../../../../../common/endpoint/service/response_actions/is_agent_type_in_tech_preview';
 
 describe('AgentTypeIntegration component', () => {
   let props: AgentTypeIntegrationProps;
@@ -52,11 +53,7 @@ describe('AgentTypeIntegration component', () => {
       expect(getByTestId('test-tooltipAnchor'));
     });
 
-    if (
-      agentType === 'sentinel_one' ||
-      agentType === 'crowdstrike' ||
-      agentType === 'microsoft_defender_endpoint'
-    ) {
+    if (isAgentTypeInTechPreview(agentType)) {
       it('should display tech preview badge', () => {
         const { getByTestId } = render();
 

x-pack/solutions/security/plugins/security_solution/public/common/components/endpoint/agents/agent_type_integration/agent_type_integration.tsx

@@ -10,6 +10,7 @@ import type { EuiTextProps } from '@elastic/eui';
 import { EuiBetaBadge, EuiFlexGroup, EuiFlexItem, EuiIconTip, EuiText } from '@elastic/eui';
 import { FormattedMessage } from '@kbn/i18n-react';
 import { i18n } from '@kbn/i18n';
+import { isAgentTypeInTechPreview } from '../../../../../../common/endpoint/service/response_actions/is_agent_type_in_tech_preview';
 import { useTestIdGenerator } from '../../../../../management/hooks/use_test_id_generator';
 import { AgentTypeVendorLogo } from '../agent_type_vendor_logo';
 import {
@@ -43,11 +44,7 @@ export const AgentTypeIntegration = memo<AgentTypeIntegrationProps>(
     const testId = useTestIdGenerator(dataTestSubj);
 
     const isTechPreview = useMemo(() => {
-      return (
-        agentType === 'sentinel_one' ||
-        agentType === 'crowdstrike' ||
-        agentType === 'microsoft_defender_endpoint'
-      );
+      return isAgentTypeInTechPreview(agentType);
     }, [agentType]);
 
     return (

x-pack/solutions/security/plugins/security_solution/public/management/components/endpoint_response_actions_list/integration_tests/response_actions_log.test.tsx

@@ -1854,25 +1854,6 @@ describe('Response actions history', () => {
       ]);
     });
 
-    it('should show only action types when 3rd party vendor feature flags are set to false thus only endpoint available', async () => {
-      mockedContext.setExperimentalFlag({
-        responseActionsSentinelOneV1Enabled: false,
-        responseActionsCrowdstrikeManualHostIsolationEnabled: false,
-      });
-      render({ isFlyout: false });
-      const { getByTestId, getAllByTestId } = renderResult;
-
-      await user.click(getByTestId(`${testPrefix}-${filterPrefix}-popoverButton`));
-      const filterList = getByTestId(`${testPrefix}-${filterPrefix}-popoverList`);
-      expect(filterList).toBeTruthy();
-      expect(getAllByTestId(`${filterPrefix}-option`).length).toEqual(
-        [...RESPONSE_ACTION_TYPE].length
-      );
-      expect(getAllByTestId(`${filterPrefix}-option`).map((option) => option.textContent)).toEqual([
-        'Triggered by rule',
-        'Triggered manually',
-      ]);
-    });
     it('should show a list of agents and action types when opened in page view', async () => {
       mockedContext.setExperimentalFlag({
         responseActionsSentinelOneV1Enabled: true,

x-pack/solutions/security/plugins/security_solution/scripts/endpoint/microsoft_defender_host/index.ts

@@ -235,7 +235,11 @@ const runCli: RunFn = async ({ log, flags }) => {
     }),
     createDetectionEngineMicrosoftDefenderRuleIfNeeded(kbnClient, log, agentPolicyNamespace),
     // Trigger alert on the windows VM
-    msVm.exec('curl -o /tmp/eicar.com.txt https://secure.eicar.org/eicar.com.txt'),
+    msVm.exec('curl -o /tmp/eicar.com.txt https://secure.eicar.org/eicar.com.txt').catch((err) => {
+      log.warning(
+        `Attempted to trigger an alert on host [${msVm.name}], but failed with: ${err.message}`
+      );
+    }),
   ]);
 
   log.info(`Done!

x-pack/solutions/security/plugins/security_solution/scripts/endpoint/sentinelone_host/index.ts

@@ -233,7 +233,13 @@ const runCli: RunFn = async ({ log, flags }) => {
 
   // Trigger an alert on the SentinelOn host so that we get an alert back in Kibana
   log.info(`Triggering SentinelOne alert`);
-  await s1HostVm.exec('nslookup elastic.co');
+  await s1HostVm
+    .exec('curl -o /tmp/eicar.com.txt https://secure.eicar.org/eicar.com.txt')
+    .catch((err) => {
+      log.warning(
+        `Attempted to trigger an alert on host [${s1HostVm.name}], but failed with: ${err.message}`
+      );
+    });
 
   log.info(`Done!