Bidirectional integration response actions (SentinelOne) #4312
Labels
Docset: ESS
Issues that apply to docs in the Stack release
Docset: Serverless
Issues for Serverless Security
Feature: Response actions
also includes response console
Team: EDR Workflows
Formerly Defend Workflows, Onboarding and Lifecycle Management
v8.12.0
Description
Create docs and docs links for bi-directional integration response actions, per https://github.com/elastic/security-team/issues/7780#issuecomment-1828209705.
Response action configuration
From #4534, which we closed in favor of this meta-ish issue.
First release of our bidirectional integration work - https://github.com/elastic/security-team/issues/6200
There are a handful of steps users must take to ensure they are able to successfully take action on Sentinel One hosts (for the initial tech preview release in 8.12, the only action is to isolate / release a host). We want to make sure we have a page that walks through the full configuration requirements.
Prerequesites:
High level steps:
Information needed
Enterprise
Endpoint Protection Complete
all
permissions for connectors & actions (may change in future releases)SOC manager
,Endpoint operations analyst
(per security-team#7911)Pull requests, related tasks
Tasks
Order of operations
Cross-docs links create some dependencies between the PRs above. Merge in the following order to minimize breaking builds. Note that we'll need to update links in some PRs before merging them.
The text was updated successfully, but these errors were encountered: