Skip to content

Commit

Permalink
Add SentinelOne connector (elastic#159157)
Browse files Browse the repository at this point in the history
## Summary

Adds new connector type to support https://www.sentinelone.com/

The scope of this PR was limited to the Connector logic, schemas, and
types to make PR more digestible.
In the current PR, the connector is NOT registered, so it's not going to
be available to the users.
In the follow-up PR I'm going to improve the UX of Param's form and then
enable the connector

<img width="1685" alt="Zrzut ekranu 2023-08-3 o 11 18 54"
src="https://github.com/elastic/kibana/assets/5188868/965ef8ef-497f-42a8-983e-38fd0370cba8">
 visual changes include a screenshot or gif.

<img width="1685" alt="image"
src="https://github.com/elastic/kibana/assets/5188868/119d2255-ed9f-4923-886d-eb139223a47d">

<img width="1690" alt="image"
src="https://github.com/elastic/kibana/assets/5188868/e2c569d2-b497-4641-a6a6-454494223ffc">
  • Loading branch information
patrykkopycinski authored and bryce-b committed Aug 9, 2023
1 parent 7c23155 commit 6f17ae9
Show file tree
Hide file tree
Showing 23 changed files with 1,883 additions and 2 deletions.
5 changes: 5 additions & 0 deletions .github/CODEOWNERS
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
Expand Up @@ -1146,6 +1146,11 @@ x-pack/plugins/cloud_integrations/cloud_full_story/server/config.ts @elastic/kib
/x-pack/plugins/stack_connectors/server/connector_types/gen_ai @elastic/security-threat-hunting-explore
/x-pack/plugins/stack_connectors/common/gen_ai @elastic/security-threat-hunting-explore

## Defend Workflows owner connectors
/x-pack/plugins/stack_connectors/public/connector_types/sentinelone @elastic/security-defend-workflows
/x-pack/plugins/stack_connectors/server/connector_types/sentinelone @elastic/security-defend-workflows
/x-pack/plugins/stack_connectors/common/sentinelone @elastic/security-defend-workflows

## Security Solution sub teams - Detection Rule Management
/x-pack/plugins/security_solution/common/api/detection_engine/model/rule_schema @elastic/security-detection-rule-management @elastic/security-detection-engine
/x-pack/plugins/security_solution/common/api/detection_engine/fleet_integrations @elastic/security-detection-rule-management
Expand Down
2 changes: 1 addition & 1 deletion packages/kbn-optimizer/limits.yml
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,7 @@ pageLoadAssetSize:
snapshotRestore: 79032
spaces: 57868
stackAlerts: 58316
stackConnectors: 36314
stackConnectors: 52131
synthetics: 40958
telemetry: 51957
telemetryManagementSection: 38586
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import { executeAction } from '@kbn/triggers-actions-ui-plugin/public';
import { useQuery } from '@tanstack/react-query';
import { useKibana } from '../../../../../common/lib/kibana/kibana_react';

export interface UseSubActionParams<P> {
connectorId: string;
subAction: string;
subActionParams?: P;
disabled?: boolean;
}

export const useSubAction = <P, R>({
connectorId,
subAction,
subActionParams,
disabled = false,
...rest
}: UseSubActionParams<P>) => {
const { http } = useKibana().services;

return useQuery({
queryKey: ['useSubAction', connectorId, subAction, subActionParams],
queryFn: ({ signal }) =>
executeAction<R>({
id: connectorId,
params: {
subAction,
subActionParams,
},
http,
signal,
}),
enabled: !disabled && !!connectorId && !!subAction,
...rest,
});
};
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import { executeAction } from '@kbn/triggers-actions-ui-plugin/public';
import { useMutation } from '@tanstack/react-query';
import { useKibana } from '../../../../../common/lib/kibana/kibana_react';

export interface UseSubActionParams<P> {
connectorId: string;
subAction: string;
subActionParams?: P;
disabled?: boolean;
}

export const useSubActionMutation = <P, R>({
connectorId,
subAction,
subActionParams,
disabled = false,
}: UseSubActionParams<P>) => {
const { http } = useKibana().services;

return useMutation({
mutationFn: () =>
executeAction<R>({
id: connectorId,
params: {
subAction,
subActionParams,
},
http,
}),
});
};
21 changes: 21 additions & 0 deletions x-pack/plugins/stack_connectors/common/sentinelone/constants.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

export const SENTINELONE_TITLE = 'Sentinel One';
export const SENTINELONE_CONNECTOR_ID = '.sentinelone';
export const API_MAX_RESULTS = 1000;

export enum SUB_ACTION {
KILL_PROCESS = 'killProcess',
EXECUTE_SCRIPT = 'executeScript',
GET_AGENTS = 'getAgents',
ISOLATE_AGENT = 'isolateAgent',
RELEASE_AGENT = 'releaseAgent',
GET_REMOTE_SCRIPTS = 'getRemoteScripts',
GET_REMOTE_SCRIPT_STATUS = 'getRemoteScriptStatus',
GET_REMOTE_SCRIPT_RESULTS = 'getRemoteScriptResults',
}
Loading

0 comments on commit 6f17ae9

Please sign in to comment.