Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[EDR Workflows] Initialize CrowdStrike session API #201420

Merged
merged 7 commits into from
Nov 28, 2024
Merged

[EDR Workflows] Initialize CrowdStrike session API #201420

merged 7 commits into from
Nov 28, 2024

Conversation

tomsonpl
Copy link
Contributor

@tomsonpl tomsonpl commented Nov 22, 2024
edited by kibanamachine
Loading

Summary

This PR introduces a session manager to handle RTR session lifecycle management for CrowdStrike connectors. It also includes a temporary RTRCommand subAction for testing and validation purposes. All changes are currently gated behind the crowdstrikeConnectorRTROn feature flag.

Key Changes

  1. Session Manager:

    • Manages RTR session initialization, refresh, and termination.
    • Implements logic to refresh the session periodically and to stop refreshing when the session is idle.

  2. Temporary RTRCommand SubAction:

    • A new subAction that utilizes the session manager to demonstrate and validate its functionality.
    • Provides a foundation for implementing RTR commands in the future.

  3. Feature Flag:

    • Changes are hidden behind the crowdstrikeConnectorRTROn feature flag to ensure controlled rollout.

  4. Tests:

    • Tested public methods for initializing and managing the session through the session manager.
    • Validated internal session logic, including timeouts and refresh handling, by introducing a
      TestableCrowdStrikeSessionManager for testing private fields and methods.

Why is this needed?

This implementation lays the groundwork for enabling RTR command execution through Elastic connectors by providing a robust session management mechanism. The temporary subAction allows for incremental testing and development while maintaining flexibility.

Future Considerations

  • Expand support for additional RTR commands once session management is stable.

@tomsonpl tomsonpl self-assigned this Nov 22, 2024
@tomsonpl tomsonpl added release_note:skip Skip the PR/issue when compiling release notes Team:Defend Workflows “EDR Workflows” sub-team of Security Solution v8.18.0 backport:version Backport to applied version labels labels Nov 22, 2024
@tomsonpl
Copy link
Contributor Author

/ci

@tomsonpl
Copy link
Contributor Author

/ci

@tomsonpl
Copy link
Contributor Author

/ci

@tomsonpl
Copy link
Contributor Author

/ci

@tomsonpl
Copy link
Contributor Author

/ci

@elasticmachine
Copy link
Contributor

💛 Build succeeded, but was flaky

Failed CI Steps

Test Failures

  • [job] [logs] FTR Configs #7 / management Index patterns on aliases discover verify hits should be able to discover and verify no of hits for alias2

Metrics [docs]

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
stackConnectors 58.3KB 58.4KB +71.0B

History

cc @tomsonpl

@tomsonpl tomsonpl marked this pull request as ready for review November 27, 2024 07:12
@tomsonpl tomsonpl requested review from a team as code owners November 27, 2024 07:12
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-defend-workflows (Team:Defend Workflows)

@tomsonpl tomsonpl requested review from szwarckonrad and removed request for parkiino November 27, 2024 07:13
szwarckonrad
szwarckonrad approved these changes Nov 28, 2024
View reviewed changes
Copy link
Contributor

@szwarckonrad szwarckonrad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code LGTM!

@tomsonpl tomsonpl merged commit 99a4135 into elastic:main Nov 28, 2024
45 checks passed
@kibanamachine
Copy link
Contributor

Starting backport for target branches: 8.x

https://github.com/elastic/kibana/actions/runs/12072646970

@kibanamachine
Copy link
Contributor

💔 All backports failed

Status Branch Result
8.x Backport failed because of merge conflicts

You might need to backport the following PRs to 8.x:
- Disable Inference Connector experimental feature (#196036)

Manual backport

To create the backport manually run:

node scripts/backport --pr 201420

Questions ?

Please refer to the Backport tool documentation

@tomsonpl tomsonpl mentioned this pull request Nov 29, 2024
Merged
@tomsonpl
Copy link
Contributor Author

💚 All backports created successfully

Status Branch Result
8.x

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation

tomsonpl added a commit to tomsonpl/kibana that referenced this pull request Nov 29, 2024
@tomsonpl
[EDR Workflows] Initialize CrowdStrike session API (elastic#201420)
82b0a08 
(cherry picked from commit 99a4135)

# Conflicts:
#	x-pack/plugins/stack_connectors/common/experimental_features.ts
tomsonpl added a commit that referenced this pull request Nov 29, 2024
@tomsonpl
[8.x] [EDR Workflows] Initialize CrowdStrike session API (#201420) (#…
faf6ab2 
…202259)

# Backport

This will backport the following commits from `main` to `8.x`:
- [[EDR Workflows] Initialize CrowdStrike session API
(#201420)](#201420)

<!--- Backport version: 8.9.8 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Tomasz
Ciecierski","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-11-28T16:31:22Z","message":"[EDR
Workflows] Initialize CrowdStrike session API
(#201420)","sha":"99a413506f502f86fef438d334741ec2bad64728","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Defend
Workflows","backport:version","v8.18.0"],"number":201420,"url":"https://github.com/elastic/kibana/pull/201420","mergeCommit":{"message":"[EDR
Workflows] Initialize CrowdStrike session API
(#201420)","sha":"99a413506f502f86fef438d334741ec2bad64728"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/201420","number":201420,"mergeCommit":{"message":"[EDR
Workflows] Initialize CrowdStrike session API
(#201420)","sha":"99a413506f502f86fef438d334741ec2bad64728"}},{"branch":"8.x","label":"v8.18.0","labelRegex":"^v8.18.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->
This was referenced Dec 5, 2024
Merged
Merged
CAWilson94 pushed a commit to CAWilson94/kibana that referenced this pull request Dec 12, 2024
@tomsonpl @CAWilson94
[EDR Workflows] Initialize CrowdStrike session API (elastic#201420)
ab4618a
This was referenced Dec 16, 2024
Merged
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@szwarckonrad szwarckonrad szwarckonrad approved these changes

@adcoelho adcoelho adcoelho approved these changes

@joeypoon joeypoon Awaiting requested review from joeypoon joeypoon was automatically assigned from elastic/security-defend-workflows

Assignees

@tomsonpl tomsonpl

Labels
backport:version Backport to applied version labels release_note:skip Skip the PR/issue when compiling release notes Team:Defend Workflows “EDR Workflows” sub-team of Security Solution v8.18.0 v9.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@tomsonpl @elasticmachine @kibanamachine @adcoelho @szwarckonrad