Add SentinelOne connector (#159157)

## Summary Adds new connector type to support https://www.sentinelone.com/ The scope of this PR was limited to the Connector logic, schemas, and types to make PR more digestible. In the current PR, the connector is NOT registered, so it's not going to be available to the users. In the follow-up PR I'm going to improve the UX of Param's form and then enable the connector <img width="1685" alt="Zrzut ekranu 2023-08-3 o 11 18 54" src="https://github.com/elastic/kibana/assets/5188868/965ef8ef-497f-42a8-983e-38fd0370cba8"> visual changes include a screenshot or gif. <img width="1685" alt="image" src="https://github.com/elastic/kibana/assets/5188868/119d2255-ed9f-4923-886d-eb139223a47d"> <img width="1690" alt="image" src="https://github.com/elastic/kibana/assets/5188868/e2c569d2-b497-4641-a6a6-454494223ffc">
elastic · Aug 9, 2023 · 4637b74 · 4637b74
1 parent 6673e9d
commit 4637b74
Show file tree

Hide file tree

Showing 23 changed files with 1,883 additions and 2 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -1146,6 +1146,11 @@ x-pack/plugins/cloud_integrations/cloud_full_story/server/config.ts @elastic/kib
 /x-pack/plugins/stack_connectors/server/connector_types/gen_ai @elastic/security-threat-hunting-explore
 /x-pack/plugins/stack_connectors/common/gen_ai @elastic/security-threat-hunting-explore
 
+## Defend Workflows owner connectors
+/x-pack/plugins/stack_connectors/public/connector_types/sentinelone @elastic/security-defend-workflows
+/x-pack/plugins/stack_connectors/server/connector_types/sentinelone @elastic/security-defend-workflows
+/x-pack/plugins/stack_connectors/common/sentinelone @elastic/security-defend-workflows
+
 ## Security Solution sub teams - Detection Rule Management
 /x-pack/plugins/security_solution/common/api/detection_engine/model/rule_schema @elastic/security-detection-rule-management @elastic/security-detection-engine
 /x-pack/plugins/security_solution/common/api/detection_engine/fleet_integrations @elastic/security-detection-rule-management

diff --git a/packages/kbn-optimizer/limits.yml b/packages/kbn-optimizer/limits.yml
@@ -129,7 +129,7 @@ pageLoadAssetSize:
   snapshotRestore: 79032
   spaces: 57868
   stackAlerts: 58316
-  stackConnectors: 36314
+  stackConnectors: 52131
   synthetics: 40958
   telemetry: 51957
   telemetryManagementSection: 38586

diff --git a/...y_solution/public/timelines/components/side_panel/event_details/flyout/use_sub_action.tsx b/...y_solution/public/timelines/components/side_panel/event_details/flyout/use_sub_action.tsx
@@ -0,0 +1,43 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { executeAction } from '@kbn/triggers-actions-ui-plugin/public';
+import { useQuery } from '@tanstack/react-query';
+import { useKibana } from '../../../../../common/lib/kibana/kibana_react';
+
+export interface UseSubActionParams<P> {
+  connectorId: string;
+  subAction: string;
+  subActionParams?: P;
+  disabled?: boolean;
+}
+
+export const useSubAction = <P, R>({
+  connectorId,
+  subAction,
+  subActionParams,
+  disabled = false,
+  ...rest
+}: UseSubActionParams<P>) => {
+  const { http } = useKibana().services;
+
+  return useQuery({
+    queryKey: ['useSubAction', connectorId, subAction, subActionParams],
+    queryFn: ({ signal }) =>
+      executeAction<R>({
+        id: connectorId,
+        params: {
+          subAction,
+          subActionParams,
+        },
+        http,
+        signal,
+      }),
+    enabled: !disabled && !!connectorId && !!subAction,
+    ...rest,
+  });
+};
diff --git a/...n/public/timelines/components/side_panel/event_details/flyout/use_sub_action_mutation.tsx b/...n/public/timelines/components/side_panel/event_details/flyout/use_sub_action_mutation.tsx
@@ -0,0 +1,38 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { executeAction } from '@kbn/triggers-actions-ui-plugin/public';
+import { useMutation } from '@tanstack/react-query';
+import { useKibana } from '../../../../../common/lib/kibana/kibana_react';
+
+export interface UseSubActionParams<P> {
+  connectorId: string;
+  subAction: string;
+  subActionParams?: P;
+  disabled?: boolean;
+}
+
+export const useSubActionMutation = <P, R>({
+  connectorId,
+  subAction,
+  subActionParams,
+  disabled = false,
+}: UseSubActionParams<P>) => {
+  const { http } = useKibana().services;
+
+  return useMutation({
+    mutationFn: () =>
+      executeAction<R>({
+        id: connectorId,
+        params: {
+          subAction,
+          subActionParams,
+        },
+        http,
+      }),
+  });
+};
diff --git a/x-pack/plugins/stack_connectors/common/sentinelone/constants.ts b/x-pack/plugins/stack_connectors/common/sentinelone/constants.ts
@@ -0,0 +1,21 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export const SENTINELONE_TITLE = 'Sentinel One';
+export const SENTINELONE_CONNECTOR_ID = '.sentinelone';
+export const API_MAX_RESULTS = 1000;
+
+export enum SUB_ACTION {
+  KILL_PROCESS = 'killProcess',
+  EXECUTE_SCRIPT = 'executeScript',
+  GET_AGENTS = 'getAgents',
+  ISOLATE_AGENT = 'isolateAgent',
+  RELEASE_AGENT = 'releaseAgent',
+  GET_REMOTE_SCRIPTS = 'getRemoteScripts',
+  GET_REMOTE_SCRIPT_STATUS = 'getRemoteScriptStatus',
+  GET_REMOTE_SCRIPT_RESULTS = 'getRemoteScriptResults',
+}