Skip to content

[8.18] [DOCS] Update CrowdStrike and SentinelOne connectors (#219887) #220577

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
lcawl merged 2 commits into from
May 9, 2025
Merged

[8.18] [DOCS] Update CrowdStrike and SentinelOne connectors (#219887) #220577

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
637b31f
[DOCS] Update CrowdStrike and SentinelOne connectors (#219887)
lcawl May 8, 2025
ecaac8e
Fix Asciidoc formatting
lcawl May 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 8 additions & 4 deletions docs/management/connectors/action-types/crowdstrike.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,6 @@
:frontmatter-tags-content-type: [how-to]
:frontmatter-tags-user-goals: [configure]

preview::[]

The CrowdStrike connector communicates with CrowdStrike Management Console via REST API.

To use this connector, you must have authority to run {endpoint-sec} connectors, which is an *{connectors-feature}* sub-feature privilege. Refer to <<kibana-privileges>>.
Expand All @@ -22,7 +20,6 @@ You can create connectors in *{stack-manage-app} > {connectors-ui}*. For example

[role="screenshot"]
image::management/connectors/images/crowdstrike-connector.png[CrowdStrike connector]
// NOTE: This is an autogenerated screenshot. Do not edit it directly.

[float]
[[crowdstrike-connector-configuration]]
Expand All @@ -38,4 +35,11 @@ Client secret:: The CrowdStrike API client secret to authenticate the client ID
[[crowdstrike-action-parameters]]
=== Test connectors

At this time, you cannot test the CrowdStrike connector.
You can test connectors as you're creating or editing the connector in {kib}. For example:

[role="screenshot"]
image::management/connectors/images/crowdstrike-connector-test.png[CrowdStrike connector test]

The CrowdStrike action has the following configuration properties:

Agent IDs:: Get details about one or more CrowdStrike agent IDs.
9 changes: 5 additions & 4 deletions docs/management/connectors/action-types/sentinelone.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,6 @@
:frontmatter-tags-content-type: [how-to]
:frontmatter-tags-user-goals: [configure]

preview::[]

The SentinelOne connector communicates with SentinelOne Management Console via REST API.

To use this connector, you must have authority to run {endpoint-sec} connectors, which is an *{connectors-feature}* sub-feature privilege. Refer to <<kibana-privileges>>.
Expand All @@ -22,7 +20,6 @@ You can create connectors in *{stack-manage-app} > {connectors-ui}*. For example

[role="screenshot"]
image::management/connectors/images/sentinelone-connector.png[SentinelOne connector]
// NOTE: This is an autogenerated screenshot. Do not edit it directly.

[float]
[[sentinelone-connector-configuration]]
Expand All @@ -38,4 +35,8 @@ URL:: The SentinelOne tenant URL. If you are using the <<action-settings,`xpack.
[[sentinelone-action-parameters]]
=== Test connectors

At this time, you cannot test the SentinelOne connector.
You can test connectors as you're creating or editing the connector in {kib}.
For example:

[role="screenshot"]
image::management/connectors/images/sentinelone-connector-test.png[SentinelOne connector test]
Binary file added docs/management/connectors/images/crowdstrike-connector-test.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified docs/management/connectors/images/crowdstrike-connector.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/management/connectors/images/sentinelone-connector-test.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified docs/management/connectors/images/sentinelone-connector.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
38 changes: 38 additions & 0 deletions oas_docs/output/kibana.serverless.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -614,6 +614,8 @@ paths:
- $ref: '#/components/schemas/run_closeincident'
- $ref: '#/components/schemas/run_createalert'
- $ref: '#/components/schemas/run_fieldsbyissuetype'
- $ref: '#/components/schemas/run_getagentdetails'
- $ref: '#/components/schemas/run_getagents'
- $ref: '#/components/schemas/run_getchoices'
- $ref: '#/components/schemas/run_getfields'
- $ref: '#/components/schemas/run_getincident'
Expand Down Expand Up @@ -62047,6 +62049,42 @@ components:
type: string
description: The Jira issue type identifier.
example: 10024
run_getagentdetails:
title: The getAgentDetails subaction
type: object
required:
- subAction
- subActionParams
description: The `getAgentDetails` subaction for CrowdStrike connectors.
properties:
subAction:
type: string
description: The action to test.
enum:
- getAgentDetails
subActionParams:
type: object
description: The set of configuration properties for the action.
required:
- ids
properties:
ids:
type: array
description: An array of CrowdStrike agent identifiers.
items:
type: string
run_getagents:
title: The getAgents subaction
type: object
required:
- subAction
description: The `getAgents` subaction for SentinelOne connectors.
properties:
subAction:
type: string
description: The action to test.
enum:
- getAgents
run_getchoices:
title: The getChoices subaction
type: object
Expand Down
38 changes: 38 additions & 0 deletions oas_docs/output/kibana.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -985,6 +985,8 @@ paths:
- $ref: '#/components/schemas/run_closeincident'
- $ref: '#/components/schemas/run_createalert'
- $ref: '#/components/schemas/run_fieldsbyissuetype'
- $ref: '#/components/schemas/run_getagentdetails'
- $ref: '#/components/schemas/run_getagents'
- $ref: '#/components/schemas/run_getchoices'
- $ref: '#/components/schemas/run_getfields'
- $ref: '#/components/schemas/run_getincident'
Expand Down Expand Up @@ -51144,6 +51146,42 @@ components:
type: string
description: The Jira issue type identifier.
example: 10024
run_getagentdetails:
title: The getAgentDetails subaction
type: object
required:
- subAction
- subActionParams
description: The `getAgentDetails` subaction for CrowdStrike connectors.
properties:
subAction:
type: string
description: The action to test.
enum:
- getAgentDetails
subActionParams:
type: object
description: The set of configuration properties for the action.
required:
- ids
properties:
ids:
type: array
description: An array of CrowdStrike agent identifiers.
items:
type: string
run_getagents:
title: The getAgents subaction
type: object
required:
- subAction
description: The `getAgents` subaction for SentinelOne connectors.
properties:
subAction:
type: string
description: The action to test.
enum:
- getAgents
run_getchoices:
title: The getChoices subaction
type: object
Expand Down
2 changes: 2 additions & 0 deletions oas_docs/overlays/connectors.overlays.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -388,6 +388,8 @@ actions:
- $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_closeincident.yaml'
- $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_createalert.yaml'
- $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_fieldsbyissuetype.yaml'
- $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getagentdetails.yaml'
- $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getagents.yaml'
- $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getchoices.yaml'
- $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getfields.yaml'
- $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getincident.yaml'
Expand Down
23 changes: 23 additions & 0 deletions .../platform/plugins/shared/actions/docs/openapi/components/schemas/run_getagentdetails.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
title: The getAgentDetails subaction
type: object
required:
- subAction
- subActionParams
description: The `getAgentDetails` subaction for CrowdStrike connectors.
properties:
subAction:
type: string
description: The action to test.
enum:
- getAgentDetails
subActionParams:
type: object
description: The set of configuration properties for the action.
required:
- ids
properties:
ids:
type: array
description: An array of CrowdStrike agent identifiers.
items:
type: string
11 changes: 11 additions & 0 deletions x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getagents.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
title: The getAgents subaction
type: object
required:
- subAction
description: The `getAgents` subaction for SentinelOne connectors.
properties:
subAction:
type: string
description: The action to test.
enum:
- getAgents