diff --git a/docs/reference/connectors-kibana/crowdstrike-action-type.md b/docs/reference/connectors-kibana/crowdstrike-action-type.md index 60e8cdce1cdba..811cff390048f 100644 --- a/docs/reference/connectors-kibana/crowdstrike-action-type.md +++ b/docs/reference/connectors-kibana/crowdstrike-action-type.md @@ -11,10 +11,6 @@ applies_to: # CrowdStrike connector [crowdstrike-action-type] -::::{warning} -This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. -:::: - The CrowdStrike connector communicates with CrowdStrike Management Console via REST API. To use this connector, you must have authority to run {{endpoint-sec}} connectors, which is an **{{connectors-feature}}** sub-feature privilege. Refer to [{{kib}} privileges](docs-content://deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md). @@ -41,6 +37,17 @@ CrowdStrike client ID Client secret : The CrowdStrike API client secret to authenticate the client ID. -## Test connectors [crowdstrike-action-parameters] +## Test connectors [crowdstrike-action-configuration] + +You can test connectors as you’re creating or editing the connector in {{kib}}. For example: + +:::{image} ../images/crowdstrike-connector-test.png +:screenshot: +:alt: CrowdStrike connector test +::: + +The CrowdStrike action has the following configuration properties: + +Agent IDs +: Get details about one or more CrowdStrike agent IDs. -At this time, you cannot test the CrowdStrike connector. diff --git a/docs/reference/connectors-kibana/sentinelone-action-type.md b/docs/reference/connectors-kibana/sentinelone-action-type.md index e14b0ca7fa87a..6c776c1c6a896 100644 --- a/docs/reference/connectors-kibana/sentinelone-action-type.md +++ b/docs/reference/connectors-kibana/sentinelone-action-type.md @@ -11,10 +11,6 @@ applies_to: # SentinelOne connector [sentinelone-action-type] -::::{warning} -This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. -:::: - The SentinelOne connector communicates with SentinelOne Management Console via REST API. To use this connector, you must have authority to run {{endpoint-sec}} connectors, which is an **{{connectors-feature}}** sub-feature privilege. Refer to [{{kib}} privileges](docs-content://deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md). @@ -40,4 +36,11 @@ URL ## Test connectors [sentinelone-action-parameters] -At this time, you cannot test the SentinelOne connector. +You can test connectors as you're creating or editing the connector in {{kib}}. +For example: + +:::{image} ../images/sentinelone-connector-test.png +:alt: SentinelOne connector test +:screenshot: +::: + diff --git a/docs/reference/images/crowdstrike-connector-test.png b/docs/reference/images/crowdstrike-connector-test.png new file mode 100644 index 0000000000000..4a90c3e5802b4 Binary files /dev/null and b/docs/reference/images/crowdstrike-connector-test.png differ diff --git a/docs/reference/images/crowdstrike-connector.png b/docs/reference/images/crowdstrike-connector.png index 4943d2402b1bb..46a05cddb7a3d 100644 Binary files a/docs/reference/images/crowdstrike-connector.png and b/docs/reference/images/crowdstrike-connector.png differ diff --git a/docs/reference/images/sentinelone-connector-test.png b/docs/reference/images/sentinelone-connector-test.png new file mode 100644 index 0000000000000..d73b9c3fdea44 Binary files /dev/null and b/docs/reference/images/sentinelone-connector-test.png differ diff --git a/docs/reference/images/sentinelone-connector.png b/docs/reference/images/sentinelone-connector.png index 17559091f9181..fca6305babaef 100644 Binary files a/docs/reference/images/sentinelone-connector.png and b/docs/reference/images/sentinelone-connector.png differ diff --git a/oas_docs/output/kibana.serverless.yaml b/oas_docs/output/kibana.serverless.yaml index b590e2605402d..a586a13bd0d16 100644 --- a/oas_docs/output/kibana.serverless.yaml +++ b/oas_docs/output/kibana.serverless.yaml @@ -645,6 +645,8 @@ paths: - $ref: '#/components/schemas/run_closeincident' - $ref: '#/components/schemas/run_createalert' - $ref: '#/components/schemas/run_fieldsbyissuetype' + - $ref: '#/components/schemas/run_getagentdetails' + - $ref: '#/components/schemas/run_getagents' - $ref: '#/components/schemas/run_getchoices' - $ref: '#/components/schemas/run_getfields' - $ref: '#/components/schemas/run_getincident' @@ -64545,6 +64547,42 @@ components: type: string description: The Jira issue type identifier. example: 10024 + run_getagentdetails: + title: The getAgentDetails subaction + type: object + required: + - subAction + - subActionParams + description: The `getAgentDetails` subaction for CrowdStrike connectors. + properties: + subAction: + type: string + description: The action to test. + enum: + - getAgentDetails + subActionParams: + type: object + description: The set of configuration properties for the action. + required: + - ids + properties: + ids: + type: array + description: An array of CrowdStrike agent identifiers. + items: + type: string + run_getagents: + title: The getAgents subaction + type: object + required: + - subAction + description: The `getAgents` subaction for SentinelOne connectors. + properties: + subAction: + type: string + description: The action to test. + enum: + - getAgents run_getchoices: title: The getChoices subaction type: object diff --git a/oas_docs/output/kibana.yaml b/oas_docs/output/kibana.yaml index 7766cf57cb6c8..06581f7d1a186 100644 --- a/oas_docs/output/kibana.yaml +++ b/oas_docs/output/kibana.yaml @@ -691,6 +691,8 @@ paths: - $ref: '#/components/schemas/run_closeincident' - $ref: '#/components/schemas/run_createalert' - $ref: '#/components/schemas/run_fieldsbyissuetype' + - $ref: '#/components/schemas/run_getagentdetails' + - $ref: '#/components/schemas/run_getagents' - $ref: '#/components/schemas/run_getchoices' - $ref: '#/components/schemas/run_getfields' - $ref: '#/components/schemas/run_getincident' @@ -71017,6 +71019,42 @@ components: type: string description: The Jira issue type identifier. example: 10024 + run_getagentdetails: + title: The getAgentDetails subaction + type: object + required: + - subAction + - subActionParams + description: The `getAgentDetails` subaction for CrowdStrike connectors. + properties: + subAction: + type: string + description: The action to test. + enum: + - getAgentDetails + subActionParams: + type: object + description: The set of configuration properties for the action. + required: + - ids + properties: + ids: + type: array + description: An array of CrowdStrike agent identifiers. + items: + type: string + run_getagents: + title: The getAgents subaction + type: object + required: + - subAction + description: The `getAgents` subaction for SentinelOne connectors. + properties: + subAction: + type: string + description: The action to test. + enum: + - getAgents run_getchoices: title: The getChoices subaction type: object diff --git a/oas_docs/overlays/connectors.overlays.yaml b/oas_docs/overlays/connectors.overlays.yaml index 5622973106152..73ee5fda11bce 100644 --- a/oas_docs/overlays/connectors.overlays.yaml +++ b/oas_docs/overlays/connectors.overlays.yaml @@ -388,6 +388,8 @@ actions: - $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_closeincident.yaml' - $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_createalert.yaml' - $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_fieldsbyissuetype.yaml' + - $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getagentdetails.yaml' + - $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getagents.yaml' - $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getchoices.yaml' - $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getfields.yaml' - $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getincident.yaml' diff --git a/x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getagentdetails.yaml b/x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getagentdetails.yaml new file mode 100644 index 0000000000000..933815d5bcfe3 --- /dev/null +++ b/x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getagentdetails.yaml @@ -0,0 +1,23 @@ +title: The getAgentDetails subaction +type: object +required: + - subAction + - subActionParams +description: The `getAgentDetails` subaction for CrowdStrike connectors. +properties: + subAction: + type: string + description: The action to test. + enum: + - getAgentDetails + subActionParams: + type: object + description: The set of configuration properties for the action. + required: + - ids + properties: + ids: + type: array + description: An array of CrowdStrike agent identifiers. + items: + type: string diff --git a/x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getagents.yaml b/x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getagents.yaml new file mode 100644 index 0000000000000..a310304b6024e --- /dev/null +++ b/x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getagents.yaml @@ -0,0 +1,11 @@ +title: The getAgents subaction +type: object +required: + - subAction +description: The `getAgents` subaction for SentinelOne connectors. +properties: + subAction: + type: string + description: The action to test. + enum: + - getAgents \ No newline at end of file