Description
Building on the completion of Phase I (#11810), this Epic describes enabling agentless deployment for the next wave of security integrations. Phase I delivered 15+ integrations including Office 365, Okta, AWS Security Hub and others.
Phase II expands agentless support to additional high-priority security integrations based on customer demand/usage.
Security integrations targeted for Phase II release:
| Integration |
Input |
Owner |
Agentless |
| ti_anomali |
cel |
@elastic/security-service-integrations |
✅ |
| ti_crowdstrike |
cel |
@elastic/security-service-integrations |
✅ |
| carbon_black_cloud |
cel, httpjson |
@elastic/security-service-integrations |
✅ |
| proofpoint_tap |
httpjson |
@elastic/security-service-integrations |
✅ |
| mimecast |
cel, httpjson |
@elastic/security-service-integrations |
✅ |
| checkpoint_harmony_endpoint |
cel |
@elastic/security-service-integrations |
|
| checkpoint_email |
cel |
@elastic/security-service-integrations |
✅ |
| cisco_duo |
cel, httpjson |
@elastic/security-service-integrations |
✅ |
| trend_micro_vision_one |
httpjson |
@elastic/security-service-integrations |
|
| guardduty |
httpjson |
@elastic/security-service-integrations |
✅ |
| inspector |
httpjson |
@elastic/security-service-integrations |
✅ |
| cloudflare |
httpjson |
@elastic/security-service-integrations |
|
| imperva_cloud_waf |
cel |
@elastic/security-service-integrations |
|
| auth0 |
cel |
@elastic/security-service-integrations |
|
| 1password |
httpjson |
@elastic/security-service-integrations |
✅ |
| github |
httpjson |
@elastic/security-service-integrations |
|
| slack |
httpjson |
@elastic/security-service-integrations |
|
| ti_rapid7_threat_command |
httpjson |
@elastic/security-service-integrations |
|
| tenable_sc |
httpjson |
@elastic/security-service-integrations |
✅ |
| snyk |
cel, httpjson |
@elastic/security-service-integrations |
✅ |
| abnormal_security |
cel |
@elastic/security-service-integrations |
|
| digital_guardian |
cel |
@elastic/security-service-integrations |
|
| ti_recordedfuture |
httpjson |
@elastic/security-service-integrations |
✅ |
| ping_one |
httpjson |
@elastic/security-service-integrations |
|
edit: Table statuses updated 2026-02-19
Requirements
Following the established Phase I pattern, for each integration see the Onboarding Integration Guide.
1. Technical implementation
Example reference: #13367
2. Performance documentation
Example documentation format: "Crowdstrike Falcon Intelligence: 200ms avg API response, 5,000 events/min, 0.1% error rate, 512MB RAM/0.5CPU, 1000 API calls/hour limit"
Dependencies
- Agentless infrastructure GA readiness (still in beta)
- Input compatibility: Currently agentless is optimized for httpjson and cel inputs
- UX enhancement: Add agentless deployment filter/toggle to integrations catalog page for better discoverability
References
Description
Building on the completion of Phase I (#11810), this Epic describes enabling agentless deployment for the next wave of security integrations. Phase I delivered 15+ integrations including Office 365, Okta, AWS Security Hub and others.
Phase II expands agentless support to additional high-priority security integrations based on customer demand/usage.
Security integrations targeted for Phase II release:
edit: Table statuses updated 2026-02-19
Requirements
Following the established Phase I pattern, for each integration see the Onboarding Integration Guide.
1. Technical implementation
Example reference: #13367
2. Performance documentation
Example documentation format: "Crowdstrike Falcon Intelligence: 200ms avg API response, 5,000 events/min, 0.1% error rate, 512MB RAM/0.5CPU, 1000 API calls/hour limit"
Dependencies
References