[Fleet] Add o365audit, gcp-pubsup, and azure-eventhub as disallowed agentles inputs (#211262)

Closes https://github.com/elastic/kibana/issues/211092 ## Summary Disallows unsupported input types for security integrations adopting agentless. ### Checklist - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) cc @jamiehynds @qcorporation @kcreddy
2025-04-24 09:48:58 -04:00 · 2025-02-20 13:51:13 -05:00 · 2025-02-20 13:51:13 -05:00 · 46812bc00a
commit 46812bc00a
parent c4826bdfbf
1 changed files with 10 additions and 1 deletions
--- a/x-pack/platform/plugins/shared/fleet/common/constants/agentless.ts
+++ b/x-pack/platform/plugins/shared/fleet/common/constants/agentless.ts
@ -19,4 +19,13 @@ export const AGENTLESS_GLOBAL_TAG_NAME_TEAM = 'team';
 export const AGENTLESS_ALLOWED_OUTPUT_TYPES = [outputType.Elasticsearch];

 // Input types to disable for agentless integrations
-export const AGENTLESS_DISABLED_INPUTS = ['tcp', 'udp', 'filestream', 'http_endpoint', 'winlog'];
+export const AGENTLESS_DISABLED_INPUTS = [
+  'tcp',
+  'udp',
+  'filestream',
+  'http_endpoint',
+  'winlog',
+  'o365audit',
+  'gcp-pubsub',
+  'azure-eventhub',
+];