Add SentinelOne connector

elastic · Aug 8, 2023 · 752c441 · 752c441
1 parent b8841bc
commit 752c441
Show file tree

Hide file tree

Showing 23 changed files with 1,883 additions and 2 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -1145,6 +1145,11 @@ x-pack/plugins/cloud_integrations/cloud_full_story/server/config.ts @elastic/kib
 /x-pack/plugins/stack_connectors/server/connector_types/gen_ai @elastic/security-threat-hunting-explore
 /x-pack/plugins/stack_connectors/common/gen_ai @elastic/security-threat-hunting-explore
 
+## Defend Workflows owner connectors
+/x-pack/plugins/stack_connectors/public/connector_types/sentinelone @elastic/security-defend-workflows
+/x-pack/plugins/stack_connectors/server/connector_types/sentinelone @elastic/security-defend-workflows
+/x-pack/plugins/stack_connectors/common/sentinelone @elastic/security-defend-workflows
+
 ## Security Solution sub teams - Detection Rule Management
 /x-pack/plugins/security_solution/common/api/detection_engine/model/rule_schema @elastic/security-detection-rule-management @elastic/security-detection-engine
 /x-pack/plugins/security_solution/common/api/detection_engine/fleet_integrations @elastic/security-detection-rule-management

diff --git a/packages/kbn-optimizer/limits.yml b/packages/kbn-optimizer/limits.yml
@@ -129,7 +129,7 @@ pageLoadAssetSize:
   snapshotRestore: 79032
   spaces: 57868
   stackAlerts: 58316
-  stackConnectors: 36314
+  stackConnectors: 52131
   synthetics: 40958
   telemetry: 51957
   telemetryManagementSection: 38586

diff --git a/...y_solution/public/timelines/components/side_panel/event_details/flyout/use_sub_action.tsx b/...y_solution/public/timelines/components/side_panel/event_details/flyout/use_sub_action.tsx
@@ -0,0 +1,43 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { executeAction } from '@kbn/triggers-actions-ui-plugin/public';
+import { useQuery } from '@tanstack/react-query';
+import { useKibana } from '../../../../../common/lib/kibana/kibana_react';
+
+export interface UseSubActionParams<P> {
+  connectorId: string;
+  subAction: string;
+  subActionParams?: P;
+  disabled?: boolean;
+}
+
+export const useSubAction = <P, R>({
+  connectorId,
+  subAction,
+  subActionParams,
+  disabled = false,
+  ...rest
+}: UseSubActionParams<P>) => {
+  const { http } = useKibana().services;
+
+  return useQuery({
+    queryKey: ['useSubAction', connectorId, subAction, subActionParams],
+    queryFn: ({ signal }) =>
+      executeAction<R>({
+        id: connectorId,
+        params: {
+          subAction,
+          subActionParams,
+        },
+        http,
+        signal,
+      }),
+    enabled: !disabled && !!connectorId && !!subAction,
+    ...rest,
+  });
+};
diff --git a/...n/public/timelines/components/side_panel/event_details/flyout/use_sub_action_mutation.tsx b/...n/public/timelines/components/side_panel/event_details/flyout/use_sub_action_mutation.tsx
@@ -0,0 +1,38 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { executeAction } from '@kbn/triggers-actions-ui-plugin/public';
+import { useMutation } from '@tanstack/react-query';
+import { useKibana } from '../../../../../common/lib/kibana/kibana_react';
+
+export interface UseSubActionParams<P> {
+  connectorId: string;
+  subAction: string;
+  subActionParams?: P;
+  disabled?: boolean;
+}
+
+export const useSubActionMutation = <P, R>({
+  connectorId,
+  subAction,
+  subActionParams,
+  disabled = false,
+}: UseSubActionParams<P>) => {
+  const { http } = useKibana().services;
+
+  return useMutation({
+    mutationFn: () =>
+      executeAction<R>({
+        id: connectorId,
+        params: {
+          subAction,
+          subActionParams,
+        },
+        http,
+      }),
+  });
+};
diff --git a/x-pack/plugins/stack_connectors/common/sentinelone/constants.ts b/x-pack/plugins/stack_connectors/common/sentinelone/constants.ts
@@ -0,0 +1,21 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export const SENTINELONE_TITLE = 'Sentinel One';
+export const SENTINELONE_CONNECTOR_ID = '.sentinelone';
+export const API_MAX_RESULTS = 1000;
+
+export enum SUB_ACTION {
+  KILL_PROCESS = 'killProcess',
+  EXECUTE_SCRIPT = 'executeScript',
+  GET_AGENTS = 'getAgents',
+  ISOLATE_AGENT = 'isolateAgent',
+  RELEASE_AGENT = 'releaseAgent',
+  GET_REMOTE_SCRIPTS = 'getRemoteScripts',
+  GET_REMOTE_SCRIPT_STATUS = 'getRemoteScriptStatus',
+  GET_REMOTE_SCRIPT_RESULTS = 'getRemoteScriptResults',
+}