Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[EDR Workflows] Add RunScript CS Command - UI #202012

Draft
wants to merge 7 commits into
base: main
Choose a base branch
from
Draft

[EDR Workflows] Add RunScript CS Command - UI #202012

wants to merge 7 commits into from
+174 −3

Conversation

tomsonpl
Copy link
Contributor

@tomsonpl tomsonpl commented Nov 27, 2024
edited
Loading

Summary

This PR introduces the runscript command for CrowdStrike RTR and adds parameter validation to align with the CrowdStrike API. The functionality is currently hidden behind a new crowdstrikeRunScriptEnabled feature flag for controlled rollout. Some aspects are temporary and will be refined in future PRs.

Key Changes

  • Added runscript Command:

    • Implements the runscript command to allow execution of scripts via CrowdStrike RTR.

  • Parameter Validation:

    • Added validation for the following parameters, as defined by the CrowdStrike API:
      • --Raw
      • --HostPath
      • --CloudFile
      • --CommandLine
      • --Timeout

  • Temporary Use of ExecuteResultComponent:

    • Currently leveraging the ExecuteResultComponent to display results.
    • A dedicated component for runscript results will be introduced in a separate PR.

  • API Route:

    • The API route for executing the runscript command will be added in a subsequent PR.

  • Feature Flag:

    • Hidden behind the new crowdstrikeRunScriptEnabled feature flag to ensure incremental adoption and testing.

Future Work

  • Replace ExecuteResultComponent with a dedicated component for displaying runscript results.
  • Add API route for executing the runscript command.
  • Expand support for additional RTR commands and enhance error handling.

Why is this needed?

The runscript command is a critical RTR feature that enables script execution on target hosts. Adding this functionality brings Elastic closer to full-featured integration with CrowdStrike RTR, providing greater flexibility and utility for users.

Testing

  • Validated parameter schema against the CrowdStrike API.
  • Ensured the feature is gated by the crowdstrikeRunScriptEnabled flag.

@tomsonpl tomsonpl self-assigned this Nov 27, 2024
@elasticmachine
Copy link
Contributor

🤖 Jobs for this PR can be triggered through checkboxes. 🚧

ℹ️ To trigger the CI, please tick the checkbox below 👇

  • Click to trigger kibana-pull-request for this PR!
  • Click to trigger kibana-deploy-project-from-pr for this PR!

@tomsonpl tomsonpl added Team:Defend Workflows “EDR Workflows” sub-team of Security Solution release_note:feature Makes this part of the condensed release notes v8.18.0 labels Nov 27, 2024
@tomsonpl
Copy link
Contributor Author

/ci

@tomsonpl
Copy link
Contributor Author

/ci

@tomsonpl
Copy link
Contributor Author

/ci

@tomsonpl
Copy link
Contributor Author

/ci

@tomsonpl
Copy link
Contributor Author

/ci

@elasticmachine
Copy link
Contributor

elasticmachine commented Nov 28, 2024
edited
Loading

💔 Build Failed

Failed CI Steps

History

cc @tomsonpl

@tomsonpl
Copy link
Contributor Author

/ci

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@tomsonpl tomsonpl

Labels
release_note:feature Makes this part of the condensed release notes Team:Defend Workflows “EDR Workflows” sub-team of Security Solution v8.18.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tomsonpl @elasticmachine @kibanamachine