-
Notifications
You must be signed in to change notification settings - Fork 8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution][Endpoint] Add validation to ensure a SentinelOne agent ID exists when enabling the Respond
Take Action option
#182158
Conversation
Pinging @elastic/security-defend-workflows (Team:Defend Workflows) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for making a fix. I wasn't aware one could create a custom query and be able to query sentinel one alerts.
...curity_solution/public/detections/components/endpoint_responder/use_responder_action_data.ts
Show resolved
Hide resolved
…ts-with-no-obserser_serial_number
💚 Build Succeeded
Metrics [docs]Async chunks
To update your PR or re-run it, just comment with: |
…agent ID exists when enabling the `Respond` Take Action option (elastic#182158) ## Summary - For alerts created against SentinelOne data: Fixes the display of "Respond" in the alert details panel "Take Action" menu so that it is disabled if the event data does not have the property that identifies the SentinelOne agent - A tooltip is displayed indicating why Responder is not available when it is disabled for this condition (see screen capture below) (cherry picked from commit 06f3c30)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
…nelOne agent ID exists when enabling the `Respond` Take Action option (#182158) (#182247) # Backport This will backport the following commits from `main` to `8.14`: - [[Security Solution][Endpoint] Add validation to ensure a SentinelOne agent ID exists when enabling the `Respond` Take Action option (#182158)](#182158) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Paul Tavares","email":"56442535+paul-tavares@users.noreply.github.com"},"sourceCommit":{"committedDate":"2024-05-01T13:55:54Z","message":"[Security Solution][Endpoint] Add validation to ensure a SentinelOne agent ID exists when enabling the `Respond` Take Action option (#182158)\n\n## Summary\r\n\r\n- For alerts created against SentinelOne data: Fixes the display of\r\n\"Respond\" in the alert details panel \"Take Action\" menu so that it is\r\ndisabled if the event data does not have the property that identifies\r\nthe SentinelOne agent\r\n- A tooltip is displayed indicating why Responder is not available when\r\nit is disabled for this condition (see screen capture below)","sha":"06f3c30c9d1f58d9647ff73e1b2ff6ce582ba198","branchLabelMapping":{"^v8.15.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Defend Workflows","v8.14.0","v8.15.0"],"title":"[Security Solution][Endpoint] Add validation to ensure a SentinelOne agent ID exists when enabling the `Respond` Take Action option","number":182158,"url":"#182158 Solution][Endpoint] Add validation to ensure a SentinelOne agent ID exists when enabling the `Respond` Take Action option (#182158)\n\n## Summary\r\n\r\n- For alerts created against SentinelOne data: Fixes the display of\r\n\"Respond\" in the alert details panel \"Take Action\" menu so that it is\r\ndisabled if the event data does not have the property that identifies\r\nthe SentinelOne agent\r\n- A tooltip is displayed indicating why Responder is not available when\r\nit is disabled for this condition (see screen capture below)","sha":"06f3c30c9d1f58d9647ff73e1b2ff6ce582ba198"}},"sourceBranch":"main","suggestedTargetBranches":["8.14"],"targetPullRequestStates":[{"branch":"8.14","label":"v8.14.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.15.0","branchLabelMappingKey":"^v8.15.0$","isSourceBranch":true,"state":"MERGED","url":"#182158 Solution][Endpoint] Add validation to ensure a SentinelOne agent ID exists when enabling the `Respond` Take Action option (#182158)\n\n## Summary\r\n\r\n- For alerts created against SentinelOne data: Fixes the display of\r\n\"Respond\" in the alert details panel \"Take Action\" menu so that it is\r\ndisabled if the event data does not have the property that identifies\r\nthe SentinelOne agent\r\n- A tooltip is displayed indicating why Responder is not available when\r\nit is disabled for this condition (see screen capture below)","sha":"06f3c30c9d1f58d9647ff73e1b2ff6ce582ba198"}}]}] BACKPORT--> Co-authored-by: Paul Tavares <56442535+paul-tavares@users.noreply.github.com>
…agent ID exists when enabling the `Respond` Take Action option (elastic#182158) ## Summary - For alerts created against SentinelOne data: Fixes the display of "Respond" in the alert details panel "Take Action" menu so that it is disabled if the event data does not have the property that identifies the SentinelOne agent - A tooltip is displayed indicating why Responder is not available when it is disabled for this condition (see screen capture below)
Summary
Checklist