[Epic] Road to Agentless + Security Integrations Release (Phase I)

[qcorporation]

Topic

The Epic describes the Development efforts to release the first initial Security Integrations under the Agentless deployment model.
Product Ticket is defined here

What are we releasing?

Security Integrations targeted for the initial release for the 8.18 release, are:

1. Office 365
2. Okta
3. AWS Security Hub
4. SentinelOne
5. AbuseCH
6. Microsoft Defender Cloud
7. Microsoft 365 Defender
8. Microsoft Defender for Endpoint
9. Google Security Command Center
10. Google Workspace
11. Tenable IO
12. Wiz
13. Qualys VMDR
14. Microsoft Sentinel
15. Google SecOps
16. Splunk

What is required for the release?

• Enabling the integrations listed above within the integration manifest.yml template policy to have an agentless deployment mode
• Providing important Agentless information within the integration documentation
• End-to-end testing for each integration (require account/permission to vendors)

Dependencies

State Storage for Filebeat: PR: elastic/beats#41446
Disable Agentless in UI for on-prem users: elastic/kibana#201217
Hide unsupported inputs and outputs elastic/package-spec#805 (all listed integrations have been vetted for supported inputs)

Breakdown

## Tasks
- [ ] https://github.com/elastic/security-team/issues/8883
- [ ] https://github.com/elastic/integrations/issues/11812
- [ ] https://github.com/elastic/integrations/issues/11811
- [ ] https://github.com/elastic/integrations/issues/11813
- [ ] Documentation for agentless for Phase I Integrations (pending ownership)

[elasticmachine]

Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)

[elasticmachine]

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

[smriti0321]

@qcorporation 2 dependencies (elastic/kibana#202091 and elastic/kibana#202090) on the Fleet team are closed now, FYI- this will enable us restrict the inputs which are supported for agentless.

[smriti0321]

@qcorporation The dependency related to the state store has been resolved with the merge of this pull request. Since the CSPM integration does not use this capability by design, we want to see this new capability utilized in Okta or any other integration that stores state.

As discussed during out sync on agentless integration yesterday, with the public release of 9.0 Beta approaching on February 18th, we need to gain more confidence in these changes. Please keep us updated on your agentless support progress for these SaaS integrations and report any issues you encounter. cc @oren-zohar @norrietaylor @snehsach19 @tehilashn