[EDR Workflows] Workflow Insights - insights generating script

[szwarckonrad]

This PR introduces a new script for loading parameterized workflow insights into a data stream. It enables UI/UX testing without requiring an agent installation or generating insights manually.

Arguments

--endpointId       Required. The endpoint ID to use for generating workflow insights.
--elasticsearch    Optional. The URL to Elasticsearch. Default: http://localhost:9200
--username         Optional. The username to use for authentication. Default: elastic
--password         Optional. The password to use for authentication. Default: changeme
--count            Optional. The number of workflow insights to generate. Default: 5
--os               Optional. The OS to use for generating workflow insights. Default: linux
--antivirus        Optional. The antivirus to use for generating workflow insights. Default: ClamAV
--path             Optional. The executable path of the AV to use for generating workflow insights. Default: /usr/bin/clamscan

Example usage:

• Load 5 workflow insights, using the default values - Linux, ClamAV, /usr/bin/clamscan on the endpoint with ID 8ee2a3a4-ca2b-4884-ae20-8b17d31837b6

node ./load_workflow_insights.js --endpointId 8ee2a3a4-ca2b-4884-ae20-8b17d31837b6

• Load 10 workflow insights for Malwarebytes with path of C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe on Windows endpoint with ID 8ee2a3a4-ca2b-4884-ae20-8b17d31837b6

node ./load_workflow_insights.js --endpointId 8ee2a3a4-ca2b-4884-ae20-8b17d31837b6 --count 10 --os windows --antivirus Malwarebytes --path 'C:\\Program Files\\Malwarebytes\\Anti-Malware\\mbam.exe'

[elasticmachine]

Pinging @elastic/security-defend-workflows (Team:Defend Workflows)

[elasticmachine]

💛 Build succeeded, but was flaky

• Buildkite Build
• Commit: 1f09f90

Failed CI Steps

• Osquery Cypress Tests #8

Metrics [docs]

✅ unchanged

History

cc @szwarckonrad

[paul-tavares]

👍

[joeypoon]

good idea, thanks for adding this 👍