Add docs for SentinelOne connector (#174696)

## Summary Add docs for SentinelOne connector --------- Co-authored-by: Joe Peeples <joe.peeples@elastic.co> Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: lcawl <lcawley@elastic.co>
2025-04-24 01:38:56 -04:00 · 2024-02-01 18:15:26 +01:00 · 2024-02-01 18:15:26 +01:00 · 04004ddaac
commit 04004ddaac
parent da34e181cd
8 changed files with 98 additions and 0 deletions
--- a/docs/management/action-types.asciidoc
+++ b/docs/management/action-types.asciidoc
@ -47,6 +47,10 @@ a| <<pagerduty-action-type,PagerDuty>>

 | Send an event in PagerDuty.

+a| <<sentinelone-action-type,SentinelOne>>
+
+| Send a request to SentinelOne.
+
 a| <<server-log-action-type,ServerLog>>

 | Add a message to a Kibana log.
--- a/docs/management/connectors/action-types/sentinelone.asciidoc
+++ b/docs/management/connectors/action-types/sentinelone.asciidoc
@ -0,0 +1,39 @@
+[[sentinelone-action-type]]
+== SentinelOne connector
++++
+<titleabbrev>SentinelOne</titleabbrev>
++++
+:frontmatter-description: Add a connector that can use the SentinelOne API to send actions.
+:frontmatter-tags-products: [kibana] 
+:frontmatter-tags-content-type: [how-to] 
+:frontmatter-tags-user-goals: [configure]
+
+preview::[]
+
+The SentinelOne connector communicates with SentinelOne Management Console via REST API.
+
+[float]
+[[define-sentinelone-ui]]
+=== Create connectors in {kib}
+
+You can create connectors in *{stack-manage-app} > {connectors-ui}*. For example:
+
+[role="screenshot"]
+image::management/connectors/images/sentinelone-connector.png[SentinelOne connector]
+// NOTE: This is an autogenerated screenshot. Do not edit it directly.
+
+[float]
+[[sentinelone-connector-configuration]]
+==== Connector configuration
+
+SentinelOne connectors have the following configuration properties:
+
+API token::  A SentinelOne API token created by the user.
+URL:: The SentinelOne tenant URL. If you are using the <<action-settings,`xpack.actions.allowedHosts`>> setting, make sure the hostname is added to the allowed hosts.
+
+
+[float]
+[[sentinelone-action-parameters]]
+=== Test connectors
+
+At this time, you cannot test the SentinelOne connector.
--- a/docs/management/connectors/images/sentinelone-connector.png
+++ b/docs/management/connectors/images/sentinelone-connector.png
--- a/docs/management/connectors/images/sentinelone-params-test.png
+++ b/docs/management/connectors/images/sentinelone-params-test.png
--- a/docs/management/connectors/index.asciidoc
+++ b/docs/management/connectors/index.asciidoc
@ -8,6 +8,7 @@ include::action-types/teams.asciidoc[leveloffset=+1]
 include::action-types/openai.asciidoc[leveloffset=+1]
 include::action-types/opsgenie.asciidoc[leveloffset=+1]
 include::action-types/pagerduty.asciidoc[leveloffset=+1]
+include::action-types/sentinelone.asciidoc[leveloffset=+1]
 include::action-types/server-log.asciidoc[leveloffset=+1]
 include::action-types/servicenow.asciidoc[leveloffset=+1]
 include::action-types/servicenow-sir.asciidoc[leveloffset=+1]
--- a/x-pack/test/alerting_api_integration/common/plugins/actions_simulators/server/plugin.ts
+++ b/x-pack/test/alerting_api_integration/common/plugins/actions_simulators/server/plugin.ts
@ -45,6 +45,7 @@ export enum ExternalServiceSimulator {
  XMATTERS = 'xmatters',
  TORQ = 'torq',
  TINES = 'tines',
+  SENTINELONE = 'sentinelone',
 }

 export function getExternalServiceSimulatorPath(service: ExternalServiceSimulator): string {
@ -63,6 +64,7 @@ export function getAllExternalServiceSimulatorPaths(): string[] {
  allPaths.push(`/api/_${NAME}/${ExternalServiceSimulator.MS_EXCHANGE}/1234567/oauth2/v2.0/token`);
  allPaths.push(`/api/_${NAME}/${ExternalServiceSimulator.SERVICENOW}/oauth_token.do`);
  allPaths.push(`/api/_${NAME}/${ExternalServiceSimulator.TINES}/webhook/path/secret`);
+  allPaths.push(`/api/_${NAME}/${ExternalServiceSimulator.SENTINELONE}/web/api/v2.1/`);
  return allPaths;
 }

--- a/x-pack/test/screenshot_creation/apps/response_ops_docs/stack_connectors/index.ts
+++ b/x-pack/test/screenshot_creation/apps/response_ops_docs/stack_connectors/index.ts
@ -63,6 +63,7 @@ export default function ({ loadTestFile, getService }: FtrProviderContext) {
    loadTestFile(require.resolve('./jira_connector'));
    loadTestFile(require.resolve('./opsgenie_connector'));
    loadTestFile(require.resolve('./pagerduty_connector'));
+    loadTestFile(require.resolve('./sentinelone_connector'));
    loadTestFile(require.resolve('./server_log_connector'));
    loadTestFile(require.resolve('./servicenow_itom_connector'));
    loadTestFile(require.resolve('./servicenow_itsm_connector'));
--- a/x-pack/test/screenshot_creation/apps/response_ops_docs/stack_connectors/sentinelone_connector.ts
+++ b/x-pack/test/screenshot_creation/apps/response_ops_docs/stack_connectors/sentinelone_connector.ts
@ -0,0 +1,51 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import {
+  ExternalServiceSimulator,
+  getExternalServiceSimulatorPath,
+} from '@kbn/actions-simulators-plugin/server/plugin';
+import { FtrProviderContext } from '../../../ftr_provider_context';
+
+export default function ({ getService, getPageObjects }: FtrProviderContext) {
+  const commonScreenshots = getService('commonScreenshots');
+  const screenshotDirectories = ['response_ops_docs', 'stack_connectors'];
+  const pageObjects = getPageObjects(['common', 'header']);
+  const actions = getService('actions');
+  const kibanaServer = getService('kibanaServer');
+  const testSubjects = getService('testSubjects');
+  let simulatorUrl: string;
+  let editSimulatorUrl: string;
+
+  describe('sentinelone connector', function () {
+    before(async () => {
+      simulatorUrl = kibanaServer.resolveUrl(
+        getExternalServiceSimulatorPath(ExternalServiceSimulator.TINES)
+      );
+      editSimulatorUrl = simulatorUrl.replace('/elastic:changeme@', '/');
+    });
+
+    beforeEach(async () => {
+      await pageObjects.common.navigateToApp('connectors');
+      await pageObjects.header.waitUntilLoadingHasFinished();
+    });
+
+    it('sentinelone connector screenshots', async () => {
+      await pageObjects.common.navigateToApp('connectors');
+      await pageObjects.header.waitUntilLoadingHasFinished();
+      await actions.common.openNewConnectorForm('sentinelone');
+      await testSubjects.setValue('nameInput', 'Sentinelone test connector');
+      await testSubjects.setValue('config.url-input', editSimulatorUrl);
+      await testSubjects.setValue('secrets.token-input', 'tester');
+      await commonScreenshots.takeScreenshot('sentinelone-connector', screenshotDirectories);
+      await testSubjects.click('create-connector-flyout-save-test-btn');
+      await pageObjects.common.clearAllToasts();
+      await commonScreenshots.takeScreenshot('sentinelone-params-test', screenshotDirectories);
+      await testSubjects.click('euiFlyoutCloseButton');
+    });
+  });
+}