[Epic] Road to Agentless + Security Integrations Release (Phase I)

[qcorporation]

Topic

The Epic describes the Development efforts to release the first initial Security Integrations under the Agentless deployment model.
Product Ticket is defined here

What are we releasing?

Security Integrations targeted for the initial release for the 8.18 release, are:

1. Office 365
2. Okta
3. AWS Security Hub
4. SentinelOne
5. AbuseCH
6. Microsoft Defender Cloud
7. Microsoft 365 Defender
8. Microsoft Defender for Endpoint
9. Google Security Command Center
10. Google Workspace
11. Tenable IO
12. Wiz
13. Qualys VMDR

What is required for the release?

• Enabling the integrations listed above within the integration manifest.yml template policy to have an agentless deployment mode
• Providing important Agentless information within the integration documentation
• End-to-end testing for each integration (require account/permission to vendors)

Dependencies

State Storage for Filebeat: PR: elastic/beats#41446
Disable Agentless in UI for on-prem users: elastic/kibana#201217
Hide unsupported inputs and outputs elastic/package-spec#805 (all listed integrations have been vetted for supported inputs)

Breakdown

Tasks

Preview Give feedback

1. https://github.com/elastic/security-team/issues/8883
2. Apply agentless deployment policy to the 13 Security Integrations #11812
   Team:Security-Deployment and Devices +1
   
3. Acquire Development License to Test Phase I integrations #11811
   Team:Security-Deployment and Devices Team:Service-Integrations +2
   
4. Testing Phase I Integrations #11813
   Team:Security-Deployment and Devices +1
   
5. Documentation for agentless for Phase I Integrations (pending ownership)

[elasticmachine]

Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)

[elasticmachine]

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)