Skip to content

[Epic] Road to Agentless + Security Integrations Release (Phase I) #11810

Closed
Enhancement
1 of 1 issue completed
Closed
[Epic] Road to Agentless + Security Integrations Release (Phase I)#11810
Enhancement
1 of 1 issue completed
Assignees
qcorporation
Labels
EpicIntegration:aws_securityhubAWS Security HubIntegration:google_sccGoogle Security Command CenterIntegration:google_secopsGoogle SecOpsIntegration:google_workspaceGoogle WorkspaceIntegration:m365_defenderMicrosoft Defender XDRIntegration:microsoft_defender_cloudMicrosoft Defender for CloudIntegration:microsoft_defender_endpointMicrosoft Defender for EndpointIntegration:microsoft_sentinelMicrosoft SentinelIntegration:o365Microsoft Office 365Integration:oktaOktaIntegration:qualys_vmdrQualys VMDRIntegration:sentinel_oneSentinelOneIntegration:splunkSplunkIntegration:tenable_ioTenable Vulnerability ManagementIntegration:ti_abusechabuse.chIntegration:wizWizTeam:Security-Deployment and DevicesDEPRECATED Deployment and Devices Security team [elastic/sec-deployment-and-devices]Team:Security-Service IntegrationsSecurity Service Integrations team [elastic/security-service-integrations]enhancementNew feature or request
@qcorporation

Description

@qcorporation
qcorporation
opened on Nov 21, 2024

Topic

The Epic describes the Development efforts to release the first initial Security Integrations under the Agentless deployment model.
Product Ticket is defined here

What are we releasing?

Security Integrations targeted for the initial release for the 8.18 release, are:

  1. Office 365
  2. Okta
  3. AWS Security Hub
  4. SentinelOne
  5. AbuseCH
  6. Microsoft Defender Cloud
  7. Microsoft 365 Defender
  8. Microsoft Defender for Endpoint
  9. Google Security Command Center
  10. Google Workspace
  11. Tenable IO
  12. Wiz
  13. Qualys VMDR
  14. Microsoft Sentinel
  15. Google SecOps
  16. Splunk

What is required for the release?

  • Enabling the integrations listed above within the integration manifest.yml template policy to have an agentless deployment mode
  • Providing important Agentless information within the integration documentation
  • End-to-end testing for each integration (require account/permission to vendors)

Dependencies

State Storage for Filebeat: PR: elastic/beats#41446
Disable Agentless in UI for on-prem users: elastic/kibana#201217
Hide unsupported inputs and outputs elastic/package-spec#805 (all listed integrations have been vetted for supported inputs)

Breakdown

## Tasks
- [ ] https://github.com/elastic/security-team/issues/8883
- [ ] https://github.com/elastic/integrations/issues/11812
- [ ] https://github.com/elastic/integrations/issues/11811
- [ ] https://github.com/elastic/integrations/issues/11813
- [ ] Documentation for agentless for Phase I Integrations (pending ownership)

Metadata

Metadata

Assignees

Labels

EpicIntegration:aws_securityhubAWS Security HubIntegration:google_sccGoogle Security Command CenterIntegration:google_secopsGoogle SecOpsIntegration:google_workspaceGoogle WorkspaceIntegration:m365_defenderMicrosoft Defender XDRIntegration:microsoft_defender_cloudMicrosoft Defender for CloudIntegration:microsoft_defender_endpointMicrosoft Defender for EndpointIntegration:microsoft_sentinelMicrosoft SentinelIntegration:o365Microsoft Office 365Integration:oktaOktaIntegration:qualys_vmdrQualys VMDRIntegration:sentinel_oneSentinelOneIntegration:splunkSplunkIntegration:tenable_ioTenable Vulnerability ManagementIntegration:ti_abusechabuse.chIntegration:wizWizTeam:Security-Deployment and DevicesDEPRECATED Deployment and Devices Security team [elastic/sec-deployment-and-devices]Team:Security-Service IntegrationsSecurity Service Integrations team [elastic/security-service-integrations]enhancementNew feature or request

Type

Enhancement

Fields

No fields configured for Enhancement.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions