[DOCS] Update CrowdStrike and SentinelOne connectors (#219887)

2025-06-27 18:51:07 -04:00 · 2025-05-08 11:34:40 -07:00 · 2025-05-08 11:34:40 -07:00 · f3115c6746
commit f3115c6746
parent 154ed1ef6f
11 changed files with 133 additions and 11 deletions
--- a/docs/reference/connectors-kibana/crowdstrike-action-type.md
+++ b/docs/reference/connectors-kibana/crowdstrike-action-type.md
@ -11,10 +11,6 @@ applies_to:
 # CrowdStrike connector [crowdstrike-action-type]
 ::::{warning}
 This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
 ::::
 The CrowdStrike connector communicates with CrowdStrike Management Console via REST API.
 To use this connector, you must have authority to run {{endpoint-sec}} connectors, which is an **{{connectors-feature}}** sub-feature privilege. Refer to [{{kib}} privileges](docs-content://deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md).
@ -41,6 +37,17 @@ CrowdStrike client ID
 Client secret
 :   The CrowdStrike API client secret to authenticate the client ID.
-## Test connectors [crowdstrike-action-parameters]
+## Test connectors [crowdstrike-action-configuration]
 You can test connectors as you’re creating or editing the connector in {{kib}}. For example:
 :::{image} ../images/crowdstrike-connector-test.png
 :screenshot:
 :alt: CrowdStrike connector test
 :::
 The CrowdStrike action has the following configuration properties:
 Agent IDs
 :   Get details about one or more CrowdStrike agent IDs.
 At this time, you cannot test the CrowdStrike connector.
--- a/docs/reference/connectors-kibana/sentinelone-action-type.md
+++ b/docs/reference/connectors-kibana/sentinelone-action-type.md
@ -11,10 +11,6 @@ applies_to:
 # SentinelOne connector [sentinelone-action-type]
 ::::{warning}
 This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
 ::::
 The SentinelOne connector communicates with SentinelOne Management Console via REST API.
 To use this connector, you must have authority to run {{endpoint-sec}} connectors, which is an **{{connectors-feature}}** sub-feature privilege. Refer to [{{kib}} privileges](docs-content://deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md).
@ -40,4 +36,11 @@ URL
 ## Test connectors [sentinelone-action-parameters]
-At this time, you cannot test the SentinelOne connector.
+You can test connectors as you're creating or editing the connector in {{kib}}.
 For example:
 :::{image} ../images/sentinelone-connector-test.png
 :alt: SentinelOne connector test
 :screenshot:
 :::
--- a/docs/reference/images/crowdstrike-connector-test.png
+++ b/docs/reference/images/crowdstrike-connector-test.png
--- a/docs/reference/images/crowdstrike-connector.png
+++ b/docs/reference/images/crowdstrike-connector.png
--- a/docs/reference/images/sentinelone-connector-test.png
+++ b/docs/reference/images/sentinelone-connector-test.png
--- a/docs/reference/images/sentinelone-connector.png
+++ b/docs/reference/images/sentinelone-connector.png
--- a/oas_docs/output/kibana.serverless.yaml
+++ b/oas_docs/output/kibana.serverless.yaml
@ -646,6 +646,8 @@ paths:
                    - $ref: '#/components/schemas/run_closeincident'
                    - $ref: '#/components/schemas/run_createalert'
                    - $ref: '#/components/schemas/run_fieldsbyissuetype'
                    - $ref: '#/components/schemas/run_getagentdetails'
                    - $ref: '#/components/schemas/run_getagents'
                    - $ref: '#/components/schemas/run_getchoices'
                    - $ref: '#/components/schemas/run_getfields'
                    - $ref: '#/components/schemas/run_getincident'
@ -71032,6 +71034,42 @@ components:
              type: string
              description: The Jira issue type identifier.
              example: 10024
    run_getagentdetails:
      title: The getAgentDetails subaction
      type: object
      required:
        - subAction
        - subActionParams
      description: The `getAgentDetails` subaction for CrowdStrike connectors.
      properties:
        subAction:
          type: string
          description: The action to test.
          enum:
            - getAgentDetails
        subActionParams:
          type: object
          description: The set of configuration properties for the action.
          required:
            - ids
          properties:
            ids:
              type: array
              description: An array of CrowdStrike agent identifiers.
              items:
                type: string
    run_getagents:
      title: The getAgents subaction
      type: object
      required:
        - subAction
      description: The `getAgents` subaction for SentinelOne connectors.
      properties:
        subAction:
          type: string
          description: The action to test.
          enum:
            - getAgents
    run_getchoices:
      title: The getChoices subaction
      type: object
--- a/oas_docs/output/kibana.yaml
+++ b/oas_docs/output/kibana.yaml
@ -698,6 +698,8 @@ paths:
                    - $ref: '#/components/schemas/run_closeincident'
                    - $ref: '#/components/schemas/run_createalert'
                    - $ref: '#/components/schemas/run_fieldsbyissuetype'
                    - $ref: '#/components/schemas/run_getagentdetails'
                    - $ref: '#/components/schemas/run_getagents'
                    - $ref: '#/components/schemas/run_getchoices'
                    - $ref: '#/components/schemas/run_getfields'
                    - $ref: '#/components/schemas/run_getincident'
@ -80939,6 +80941,42 @@ components:
              type: string
              description: The Jira issue type identifier.
              example: 10024
    run_getagentdetails:
      title: The getAgentDetails subaction
      type: object
      required:
        - subAction
        - subActionParams
      description: The `getAgentDetails` subaction for CrowdStrike connectors.
      properties:
        subAction:
          type: string
          description: The action to test.
          enum:
            - getAgentDetails
        subActionParams:
          type: object
          description: The set of configuration properties for the action.
          required:
            - ids
          properties:
            ids:
              type: array
              description: An array of CrowdStrike agent identifiers.
              items:
                type: string
    run_getagents:
      title: The getAgents subaction
      type: object
      required:
        - subAction
      description: The `getAgents` subaction for SentinelOne connectors.
      properties:
        subAction:
          type: string
          description: The action to test.
          enum:
            - getAgents
    run_getchoices:
      title: The getChoices subaction
      type: object
--- a/oas_docs/overlays/connectors.overlays.yaml
+++ b/oas_docs/overlays/connectors.overlays.yaml
@ -392,6 +392,8 @@ actions:
                    - $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_closeincident.yaml'
                    - $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_createalert.yaml'
                    - $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_fieldsbyissuetype.yaml'
                    - $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getagentdetails.yaml'
                    - $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getagents.yaml'
                    - $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getchoices.yaml'
                    - $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getfields.yaml'
                    - $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getincident.yaml'
--- a/x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getagentdetails.yaml
+++ b/x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getagentdetails.yaml
@ -0,0 +1,23 @@
 title: The getAgentDetails subaction
 type: object
 required:
  - subAction
  - subActionParams
 description: The `getAgentDetails` subaction for CrowdStrike connectors.
 properties:
  subAction:
    type: string
    description: The action to test.
    enum:
      - getAgentDetails
  subActionParams:
    type: object
    description: The set of configuration properties for the action.
    required:
      - ids
    properties:
      ids:
        type: array
        description: An array of CrowdStrike agent identifiers.
        items:
          type: string
--- a/x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getagents.yaml
+++ b/x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getagents.yaml
@ -0,0 +1,11 @@
 title: The getAgents subaction
 type: object
 required:
  - subAction
 description: The `getAgents` subaction for SentinelOne connectors.
 properties:
  subAction:
    type: string
    description: The action to test.
    enum:
      - getAgents