Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SecuritySolutions][Endpoint] Microsoft defender for Endpoint response actions API #205097

Draft
wants to merge 3 commits into
base: main
Choose a base branch
from
Draft

[SecuritySolutions][Endpoint] Microsoft defender for Endpoint response actions API #205097

wants to merge 3 commits into from

Conversation

ashokaditya
Copy link
Member

Summary

Adds response actions client/APIs for isolate and release actions.
The feature is behind a feature flag responseActionsMSDefenderEndpointEnabled

Checklist

Check the PR satisfies following conditions.

Reviewers should verify this PR satisfies this list as well.

  • Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n support
  • Documentation was added for features that require explanation or tutorials
  • Unit or functional tests were updated or added to match the most common scenarios
  • If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the docker list
  • This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The release_note:breaking label should be applied in these situations.
  • Flaky Test Runner was used on any tests changed
  • The PR description includes the appropriate Release Notes section, and the correct release_note:* label is applied per the guidelines

Identify risks

Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss.

Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging.

@ashokaditya
-------[ PR 205012 (drop before rebase with main) ]-------
69ed613 
Add creation of the connector + SIEM rule

FIx bug - ensure agent count is returned with agent policy

Create MS integration and adds it to agentless policy + starts VM for agnetless policies if needed

Initial script to run MS host - creates an event

New scripting fleet service method to install a package
@ashokaditya ashokaditya self-assigned this Dec 23, 2024
@elasticmachine
Copy link
Contributor

🤖 Jobs for this PR can be triggered through checkboxes. 🚧

ℹ️ To trigger the CI, please tick the checkbox below 👇

  • Click to trigger kibana-pull-request for this PR!
  • Click to trigger kibana-deploy-project-from-pr for this PR!

@ashokaditya ashokaditya added release_note:skip Skip the PR/issue when compiling release notes v9.0.0 OLM Sprint v8.18.0 labels Dec 23, 2024
@ashokaditya ashokaditya force-pushed the task/dw-ms-defend-response-actions-api branch 3 times, most recently from 83d126e to 2c36b95 Compare December 23, 2024 15:53
@ashokaditya ashokaditya force-pushed the task/dw-ms-defend-response-actions-api branch from 2c36b95 to aa0e228 Compare December 23, 2024 16:03
@ashokaditya ashokaditya force-pushed the task/dw-ms-defend-response-actions-api branch from aa0e228 to 925baf6 Compare December 23, 2024 16:22
@ashokaditya ashokaditya added the backport:version Backport to applied version labels label Dec 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@ashokaditya ashokaditya

Labels
backport:version Backport to applied version labels OLM Sprint release_note:skip Skip the PR/issue when compiling release notes v8.18.0 v9.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ashokaditya @elasticmachine