Description
Description
What:
With 9.1 we introduce support to picking saved custom scripts from the list - for now just for External EDR -Crowdstrike. Work on MS Defender support will start today as well, which is the top priority now.
Why:
This will enable users access scripts list and choose from it instead of writing manually.
How:
In Response console with specific actions we support adding a SelectorArgument component that renders additional pickers in popovers.
In this particular example when user uses runscript command, and after they use --CloudFile (for Crowdstrike) the popover with the list appears that enables to pick a specific saved script.
Thanks!
Background & resources
- PRs: [EDR Workflows] Scripts selector component in Response Console kibana#204965
- Issues/metas: https://github.com/elastic/security-team/issues/11684
- Point of contact: @raqueltabuyo @dasansol92 @tomsonpl
- Test environments: n/a
Which documentation set does this change impact?
ESS and serverless
ESS release
9.1, 8.19
Serverless release
CrowdStrike when merged - around End of May, MS Defender Around 9.1 release
Feature differences
They do not differ
API docs impact
Internal API only
Prerequisites, privileges, feature flags
No response