Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enhancements to SentinelOne bidirectional actions - response console & history #4875

Closed
2 tasks done
caitlinbetz opened this issue Mar 6, 2024 · 1 comment
Closed
2 tasks done
Assignees
Labels
Docset: ESS Issues that apply to docs in the Stack release Docset: Serverless Issues for Serverless Security Feature: Response actions also includes response console Team: EDR Workflows Formerly Defend Workflows, Onboarding and Lifecycle Management v8.13.0

Comments

@caitlinbetz
Copy link

caitlinbetz commented Mar 6, 2024

Description

Expands the sentinel one bidirectional capability (initially released in 8.12, tech preview) to make use of our response console and actions history views. (in 8.12, you could only isolate through the "Isolate" flyout UX).

  • Users can take isolate/release actions on S1 hosts from the response console
  • Actions submitted will be tracked through the response action history views. "Agent Type" drop down allows users to filter through Defend vs S1 agent.

Background & resources

Condensed docs issue template info

Prerequisites, privileges, feature flags

This is an Enterprise level feature - still in Tech Preview for 8.13.

@ashokaditya do we have any feature flag info to provide here?

Feature flag PRs:


Docs Pull Requests

Preview Give feedback
@joepeeples joepeeples self-assigned this Mar 6, 2024
@joepeeples joepeeples added Team: EDR Workflows Formerly Defend Workflows, Onboarding and Lifecycle Management Feature: Response actions also includes response console Docset: Serverless Issues for Serverless Security Docset: ESS Issues that apply to docs in the Stack release v8.13.0 labels Mar 6, 2024
@joepeeples joepeeples changed the title Enhancements to SentinelOne bidirectional actions - response console & history[Request] Enhancements to SentinelOne bidirectional actions - response console & history Mar 6, 2024
@joepeeples
Copy link
Contributor

joepeeples commented Mar 6, 2024

@ashokaditya do we have any feature flag info to provide here?

Per elastic/kibana#175810, it looks like responseActionsSentinelOneV1Enabled is a required feature flag (I tested in BC3). Will this flag be required for release versions (8.13.0 release AND serverless production release)?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Docset: ESS Issues that apply to docs in the Stack release Docset: Serverless Issues for Serverless Security Feature: Response actions also includes response console Team: EDR Workflows Formerly Defend Workflows, Onboarding and Lifecycle Management v8.13.0
Projects
None yet
Development

No branches or pull requests

2 participants