[Security Solution][Endpoint] API for SentinelOne runscript response actions

[paul-tavares]

Summary

• Enables runscript response action API for agentType of sentinel_one
  • API support is behind feature flag: responseActionsSentinelOneRunScriptEnabled
  • At this time, the action will be submitted to SentinelOne, but will remain in pending state in Kibana (completion of it will be done in a subsequent PR)

Testing

• Enable the feature flag
• Setup env. with SentinelOne connector and ensure you have a host running the sentinelone agent

POST /api/endpoint/action/run_script
{
    "agent_type": "sentinel_one",
    "endpoint_ids": [ "__YOUR_SENTINEONE_HOST_ID__" ],
    "parameters": {
        "scriptId": "1466645477667595729",
        "scriptInput": "--paths-to-delete /tmp/foo.txt"
    }
}

Checklist

• Unit or functional tests were updated or added to match the most common scenarios

[paul-tavares]

/ci

[paul-tavares]

/ci

[paul-tavares]

/ci

[paul-tavares]

/ci

[paul-tavares]

/ci

[elasticmachine]

Pinging @elastic/security-defend-workflows (Team:Defend Workflows)

[elasticmachine]

💚 Build Succeeded

• Buildkite Build
• Commit: 96ffe92

Metrics [docs]

Unknown metric groups

ESLint disabled in files

id	before	after	diff
securitySolution	98	99	+1

ESLint disabled line counts

id	before	after	diff
securitySolution	646	648	+2

Total ESLint disabled count

id	before	after	diff
securitySolution	744	747	+3

History

• 💔 Build #326030 failed 07f5844
• 💚 Build #325530 succeeded 813c7ed
• 💔 Build #325293 failed 16b1e51
• 💔 Build #325124 failed 3bc0cb2
• 💔 Build #324908 failed 8f02f0c

cc @paul-tavares

[tomsonpl]

LGTM 👍

[gergoabraham]

didn't test it, but code-wise looks good 👍

[kibanamachine]

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create automatically backports add a backport:* label or prevent reminders by adding the backport:skip label.
You can also create backports manually by running node scripts/backport --pr 229892 locally
cc: @paul-tavares