[eset_protect, lumos, sophos_central] Add Agentless Deployment

[mohitjha-elastic]

Proposed commit message

eset_protect, lumos, sophos_central: add agentless deployment

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.
• I have verified that any added dashboard complies with Kibana's Dashboard good practices

How to test this PR locally

• Clone integrations repo.
• Install the elastic package locally.
• Start the elastic stack using the elastic package.
• Move to integrations/packages/ {integration} directory.
• Run the following command to run tests.

elastic-package test -v

Related issues

• Closes [eset_protect] Add Agentless Deployment Support #18983
• Closes [lumos] Add Agentless Deployment Support #19207
• Closes [sophos_central] Add Agentless Deployment Support #19349

[infra-vault-gh-plugin-prod]

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

[github-actions]

✅ Elastic Docs Style Checker (Vale)

No issues found on modified lines!

---

The Vale linter checks documentation changes against the Elastic Docs style guide. To use Vale locally or report issues, refer to Elastic style guide for Vale.

[github-actions]

TL;DR

Buildkite failed in Check integrations eset_protect because package README docs are out of date with current field definitions. Regenerate package docs and commit the updated packages/eset_protect/docs/README.md.

Remediation

• Run elastic-package build from the repo root to regenerate package documentation.
• Commit the resulting docs diff (specifically packages/eset_protect/docs/README.md) and re-run CI.

Investigation details

Root Cause

The failure is from the package lint step enforcing up-to-date README generation, not from runtime/test logic. The log shows a README.md is outdated diff where generated output includes additional ECS fields (for example host.*, observer.*, related.ip) that were not present in the checked-in README.

Relevant package field definitions that align with the generated additions include:

• packages/eset_protect/elasticsearch/transform/latest_cdr_vuln/fields/ecs.yml:1
• packages/eset_protect/elasticsearch/transform/latest_cdr_vuln/fields/ecs.yml:3

And generated docs currently containing those fields (example section):

• packages/eset_protect/docs/README.md:234-249

Evidence

• Build: https://buildkite.com/elastic/integrations/builds/44064
• Job/step: Check integrations eset_protect
• Key log excerpt:

README.md is outdated. Rebuild the package with 'elastic-package build'
...
Error: checking package failed: checking readme files are up-to-date failed: files do not match

Verification

• Not run locally against the PR branch in this environment (workspace is on main), but the Buildkite log provides a deterministic lint failure and required remediation.

Follow-up

If this reappears after regeneration, check for uncommitted generated-doc changes in the package and ensure no subsequent field edits were made after the build step.

Note

🔒 Integrity filter blocked 2 items

The following items were blocked because they don't meet the GitHub integrity level.

• [eset_protect, lumos, sophos_central] Add Agentless Deployment #19353 pull_request_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #19353 pull_request_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".

To allow these resources, lower min-integrity in your GitHub frontmatter:

tools:
  github:
    min-integrity: approved  # merged | approved | unapproved | none

---

What is this? | From workflow: PR Buildkite Detective

Give us feedback! React with 🚀 if perfect, 👍 if helpful, 👎 if not.

[elastic-vault-github-plugin-prod]

✅ All changelog entries have the correct PR link.

[elasticmachine]

💚 Build Succeeded

• Buildkite Build
• Commit: 001db1f

History

• 💔 Build #44064 failed ee11c52

cc @mohitjha-elastic

[elastic-vault-github-plugin-prod]

Package eset_protect - 2.4.0 containing this change is available at https://epr.elastic.co/package/eset_protect/2.4.0/

[elastic-vault-github-plugin-prod]

Package lumos - 1.7.0 containing this change is available at https://epr.elastic.co/package/lumos/1.7.0/

[elastic-vault-github-plugin-prod]

Package sophos_central - 1.22.0 containing this change is available at https://epr.elastic.co/package/sophos_central/1.22.0/