elastic · kibanamachine · May 8, 2025 · May 8, 2025
@@ -11,10 +11,6 @@ applies_to:
 
 # CrowdStrike connector [crowdstrike-action-type]
 
-::::{warning}
-This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
-::::
-
 The CrowdStrike connector communicates with CrowdStrike Management Console via REST API.
 
 To use this connector, you must have authority to run {{endpoint-sec}} connectors, which is an **{{connectors-feature}}** sub-feature privilege. Refer to [{{kib}} privileges](docs-content://deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md).
@@ -41,6 +37,17 @@ CrowdStrike client ID
 Client secret
 :   The CrowdStrike API client secret to authenticate the client ID.
 
-## Test connectors [crowdstrike-action-parameters]
+## Test connectors [crowdstrike-action-configuration]
+
+You can test connectors as you’re creating or editing the connector in {{kib}}. For example:
+
+:::{image} ../images/crowdstrike-connector-test.png
+:screenshot:
+:alt: CrowdStrike connector test
+:::
+
+The CrowdStrike action has the following configuration properties:
+
+Agent IDs
+:   Get details about one or more CrowdStrike agent IDs.
 
-At this time, you cannot test the CrowdStrike connector.
@@ -11,10 +11,6 @@ applies_to:
 
 # SentinelOne connector [sentinelone-action-type]
 
-::::{warning}
-This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
-::::
-
 The SentinelOne connector communicates with SentinelOne Management Console via REST API.
 
 To use this connector, you must have authority to run {{endpoint-sec}} connectors, which is an **{{connectors-feature}}** sub-feature privilege. Refer to [{{kib}} privileges](docs-content://deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md).
@@ -40,4 +36,11 @@ URL
 
 ## Test connectors [sentinelone-action-parameters]
 
-At this time, you cannot test the SentinelOne connector.
+You can test connectors as you're creating or editing the connector in {{kib}}.
+For example:
+
+:::{image} ../images/sentinelone-connector-test.png
+:alt: SentinelOne connector test
+:screenshot:
+:::
+
@@ -645,6 +645,8 @@ paths:
                     - $ref: '#/components/schemas/run_closeincident'
                     - $ref: '#/components/schemas/run_createalert'
                     - $ref: '#/components/schemas/run_fieldsbyissuetype'
+                    - $ref: '#/components/schemas/run_getagentdetails'
+                    - $ref: '#/components/schemas/run_getagents'
                     - $ref: '#/components/schemas/run_getchoices'
                     - $ref: '#/components/schemas/run_getfields'
                     - $ref: '#/components/schemas/run_getincident'
@@ -64545,6 +64547,42 @@ components:
               type: string
               description: The Jira issue type identifier.
               example: 10024
+    run_getagentdetails:
+      title: The getAgentDetails subaction
+      type: object
+      required:
+        - subAction
+        - subActionParams
+      description: The `getAgentDetails` subaction for CrowdStrike connectors.
+      properties:
+        subAction:
+          type: string
+          description: The action to test.
+          enum:
+            - getAgentDetails
+        subActionParams:
+          type: object
+          description: The set of configuration properties for the action.
+          required:
+            - ids
+          properties:
+            ids:
+              type: array
+              description: An array of CrowdStrike agent identifiers.
+              items:
+                type: string
+    run_getagents:
+      title: The getAgents subaction
+      type: object
+      required:
+        - subAction
+      description: The `getAgents` subaction for SentinelOne connectors.
+      properties:
+        subAction:
+          type: string
+          description: The action to test.
+          enum:
+            - getAgents
     run_getchoices:
       title: The getChoices subaction
       type: object

@@ -691,6 +691,8 @@ paths:
                     - $ref: '#/components/schemas/run_closeincident'
                     - $ref: '#/components/schemas/run_createalert'
                     - $ref: '#/components/schemas/run_fieldsbyissuetype'
+                    - $ref: '#/components/schemas/run_getagentdetails'
+                    - $ref: '#/components/schemas/run_getagents'
                     - $ref: '#/components/schemas/run_getchoices'
                     - $ref: '#/components/schemas/run_getfields'
                     - $ref: '#/components/schemas/run_getincident'
@@ -71017,6 +71019,42 @@ components:
               type: string
               description: The Jira issue type identifier.
               example: 10024
+    run_getagentdetails:
+      title: The getAgentDetails subaction
+      type: object
+      required:
+        - subAction
+        - subActionParams
+      description: The `getAgentDetails` subaction for CrowdStrike connectors.
+      properties:
+        subAction:
+          type: string
+          description: The action to test.
+          enum:
+            - getAgentDetails
+        subActionParams:
+          type: object
+          description: The set of configuration properties for the action.
+          required:
+            - ids
+          properties:
+            ids:
+              type: array
+              description: An array of CrowdStrike agent identifiers.
+              items:
+                type: string
+    run_getagents:
+      title: The getAgents subaction
+      type: object
+      required:
+        - subAction
+      description: The `getAgents` subaction for SentinelOne connectors.
+      properties:
+        subAction:
+          type: string
+          description: The action to test.
+          enum:
+            - getAgents
     run_getchoices:
       title: The getChoices subaction
       type: object

@@ -388,6 +388,8 @@ actions:
                     - $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_closeincident.yaml'
                     - $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_createalert.yaml'
                     - $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_fieldsbyissuetype.yaml'
+                    - $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getagentdetails.yaml'
+                    - $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getagents.yaml'
                     - $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getchoices.yaml'
                     - $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getfields.yaml'
                     - $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getincident.yaml'

@@ -0,0 +1,23 @@
+title: The getAgentDetails subaction
+type: object
+required:
+  - subAction
+  - subActionParams
+description: The `getAgentDetails` subaction for CrowdStrike connectors.
+properties:
+  subAction:
+    type: string
+    description: The action to test.
+    enum:
+      - getAgentDetails
+  subActionParams:
+    type: object
+    description: The set of configuration properties for the action.
+    required:
+      - ids
+    properties:
+      ids:
+        type: array
+        description: An array of CrowdStrike agent identifiers.
+        items:
+          type: string
@@ -0,0 +1,11 @@
+title: The getAgents subaction
+type: object
+required:
+  - subAction
+description: The `getAgents` subaction for SentinelOne connectors.
+properties:
+  subAction:
+    type: string
+    description: The action to test.
+    enum:
+      - getAgents