[Fleet] Restrict Azure Eventhub input for agentless integrations #211092
Comments
kcreddy
added
the
Team:Fleet
|
Pinging @elastic/fleet (Team:Fleet) |
|
We will need to block |
|
@nimarezainia @kpollich is this something y'all could address sooner rather than later? We have a number of integrations that we'd like to add agentless support to. They support ingest via API and other inputs yet so be supported by agentless. We'd ideally like to address this issue before making these integrations agentless, as it'll likely cause confusion. If there's an ETA we can plan around it. Thanks! |
|
Yes we can take care of this ASAP. Does it make more sense to move to an allowlist rather than a blocklist for these input types? Should we simply only allow |
No objections on my end, and we can add more inputs to the allowlist once we support S3 etc. Thanks for jumping on it so quickly! |
|
I added #211275 as a chore to our next sprint to swap this to an allowlist. |
…gentles inputs (elastic#211262) Closes elastic#211092 ## Summary Disallows unsupported input types for security integrations adopting agentless. ### Checklist - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) cc @jamiehynds @qcorporation @kcreddy (cherry picked from commit 46812bc)
Coming from elastic/integrations#12586 (comment), while testing Microsoft Sentinel integration in 8.18.0 cloud environment (also Serverless), the integration policy UI shows 2 inputs:
APIandAzure EventHub.azure-eventhubinput is unsupported in Agentless at the moment as per elastic/integrations#12586 (comment) and needs to be removed just like other inputs here: #202091.Screenshot from 8.18.0 cloud environment
Edit: As per #211092 (comment), we also need to block
o365auditandgcp-pubsubalong withazure-eventhubcc: @qcorporation @jamiehynds
The text was updated successfully, but these errors were encountered: