[DOCS] Update CrowdStrike and SentinelOne connectors (#219887)

2025-06-27 18:51:07 -04:00 · 2025-05-08 11:34:40 -07:00 · 2025-05-08 11:34:40 -07:00 · f3115c6746
commit f3115c6746
parent 154ed1ef6f
11 changed files with 133 additions and 11 deletions
--- a/docs/reference/connectors-kibana/crowdstrike-action-type.md
+++ b/docs/reference/connectors-kibana/crowdstrike-action-type.md
@ -11,10 +11,6 @@ applies_to:

 # CrowdStrike connector [crowdstrike-action-type]

-::::{warning}
-This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
-::::
-
 The CrowdStrike connector communicates with CrowdStrike Management Console via REST API.

 To use this connector, you must have authority to run {{endpoint-sec}} connectors, which is an **{{connectors-feature}}** sub-feature privilege. Refer to [{{kib}} privileges](docs-content://deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md).
@ -41,6 +37,17 @@ CrowdStrike client ID
 Client secret
 :   The CrowdStrike API client secret to authenticate the client ID.

-## Test connectors [crowdstrike-action-parameters]
+## Test connectors [crowdstrike-action-configuration]
+
+You can test connectors as you’re creating or editing the connector in {{kib}}. For example:
+
+:::{image} ../images/crowdstrike-connector-test.png
+:screenshot:
+:alt: CrowdStrike connector test
+:::
+
+The CrowdStrike action has the following configuration properties:
+
+Agent IDs
+:   Get details about one or more CrowdStrike agent IDs.

-At this time, you cannot test the CrowdStrike connector.
--- a/docs/reference/connectors-kibana/sentinelone-action-type.md
+++ b/docs/reference/connectors-kibana/sentinelone-action-type.md
@ -11,10 +11,6 @@ applies_to:

 # SentinelOne connector [sentinelone-action-type]

-::::{warning}
-This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
-::::
-
 The SentinelOne connector communicates with SentinelOne Management Console via REST API.

 To use this connector, you must have authority to run {{endpoint-sec}} connectors, which is an **{{connectors-feature}}** sub-feature privilege. Refer to [{{kib}} privileges](docs-content://deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md).
@ -40,4 +36,11 @@ URL

 ## Test connectors [sentinelone-action-parameters]

-At this time, you cannot test the SentinelOne connector.
+You can test connectors as you're creating or editing the connector in {{kib}}.
+For example:
+
+:::{image} ../images/sentinelone-connector-test.png
+:alt: SentinelOne connector test
+:screenshot:
+:::
+
--- a/docs/reference/images/crowdstrike-connector-test.png
+++ b/docs/reference/images/crowdstrike-connector-test.png
--- a/docs/reference/images/crowdstrike-connector.png
+++ b/docs/reference/images/crowdstrike-connector.png
--- a/docs/reference/images/sentinelone-connector-test.png
+++ b/docs/reference/images/sentinelone-connector-test.png
--- a/docs/reference/images/sentinelone-connector.png
+++ b/docs/reference/images/sentinelone-connector.png
--- a/oas_docs/output/kibana.serverless.yaml
+++ b/oas_docs/output/kibana.serverless.yaml
@ -646,6 +646,8 @@ paths:
                    - $ref: '#/components/schemas/run_closeincident'
                    - $ref: '#/components/schemas/run_createalert'
                    - $ref: '#/components/schemas/run_fieldsbyissuetype'
+                    - $ref: '#/components/schemas/run_getagentdetails'
+                    - $ref: '#/components/schemas/run_getagents'
                    - $ref: '#/components/schemas/run_getchoices'
                    - $ref: '#/components/schemas/run_getfields'
                    - $ref: '#/components/schemas/run_getincident'
@ -71032,6 +71034,42 @@ components:
              type: string
              description: The Jira issue type identifier.
              example: 10024
+    run_getagentdetails:
+      title: The getAgentDetails subaction
+      type: object
+      required:
+        - subAction
+        - subActionParams
+      description: The `getAgentDetails` subaction for CrowdStrike connectors.
+      properties:
+        subAction:
+          type: string
+          description: The action to test.
+          enum:
+            - getAgentDetails
+        subActionParams:
+          type: object
+          description: The set of configuration properties for the action.
+          required:
+            - ids
+          properties:
+            ids:
+              type: array
+              description: An array of CrowdStrike agent identifiers.
+              items:
+                type: string
+    run_getagents:
+      title: The getAgents subaction
+      type: object
+      required:
+        - subAction
+      description: The `getAgents` subaction for SentinelOne connectors.
+      properties:
+        subAction:
+          type: string
+          description: The action to test.
+          enum:
+            - getAgents
    run_getchoices:
      title: The getChoices subaction
      type: object
--- a/oas_docs/output/kibana.yaml
+++ b/oas_docs/output/kibana.yaml
@ -698,6 +698,8 @@ paths:
                    - $ref: '#/components/schemas/run_closeincident'
                    - $ref: '#/components/schemas/run_createalert'
                    - $ref: '#/components/schemas/run_fieldsbyissuetype'
+                    - $ref: '#/components/schemas/run_getagentdetails'
+                    - $ref: '#/components/schemas/run_getagents'
                    - $ref: '#/components/schemas/run_getchoices'
                    - $ref: '#/components/schemas/run_getfields'
                    - $ref: '#/components/schemas/run_getincident'
@ -80939,6 +80941,42 @@ components:
              type: string
              description: The Jira issue type identifier.
              example: 10024
+    run_getagentdetails:
+      title: The getAgentDetails subaction
+      type: object
+      required:
+        - subAction
+        - subActionParams
+      description: The `getAgentDetails` subaction for CrowdStrike connectors.
+      properties:
+        subAction:
+          type: string
+          description: The action to test.
+          enum:
+            - getAgentDetails
+        subActionParams:
+          type: object
+          description: The set of configuration properties for the action.
+          required:
+            - ids
+          properties:
+            ids:
+              type: array
+              description: An array of CrowdStrike agent identifiers.
+              items:
+                type: string
+    run_getagents:
+      title: The getAgents subaction
+      type: object
+      required:
+        - subAction
+      description: The `getAgents` subaction for SentinelOne connectors.
+      properties:
+        subAction:
+          type: string
+          description: The action to test.
+          enum:
+            - getAgents
    run_getchoices:
      title: The getChoices subaction
      type: object
--- a/oas_docs/overlays/connectors.overlays.yaml
+++ b/oas_docs/overlays/connectors.overlays.yaml
@ -392,6 +392,8 @@ actions:
                    - $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_closeincident.yaml'
                    - $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_createalert.yaml'
                    - $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_fieldsbyissuetype.yaml'
+                    - $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getagentdetails.yaml'
+                    - $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getagents.yaml'
                    - $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getchoices.yaml'
                    - $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getfields.yaml'
                    - $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getincident.yaml'
--- a/x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getagentdetails.yaml
+++ b/x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getagentdetails.yaml
@ -0,0 +1,23 @@
+title: The getAgentDetails subaction
+type: object
+required:
+  - subAction
+  - subActionParams
+description: The `getAgentDetails` subaction for CrowdStrike connectors.
+properties:
+  subAction:
+    type: string
+    description: The action to test.
+    enum:
+      - getAgentDetails
+  subActionParams:
+    type: object
+    description: The set of configuration properties for the action.
+    required:
+      - ids
+    properties:
+      ids:
+        type: array
+        description: An array of CrowdStrike agent identifiers.
+        items:
+          type: string
--- a/x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getagents.yaml
+++ b/x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getagents.yaml
@ -0,0 +1,11 @@
+title: The getAgents subaction
+type: object
+required:
+  - subAction
+description: The `getAgents` subaction for SentinelOne connectors.
+properties:
+  subAction:
+    type: string
+    description: The action to test.
+    enum:
+      - getAgents