Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Change Proposal] When the deployment_mode agentless is enabled we want the package to have additional fields populated. #795

Closed
seanrathier opened this issue Sep 6, 2024 · 5 comments · Fixed by #801
Closed

[Change Proposal] When the deployment_mode agentless is enabled we want the package to have additional fields populated. #795

seanrathier opened this issue Sep 6, 2024 · 5 comments · Fixed by #801
Assignees
@seanrathier
Labels
discuss Issue needs discussion Team:Cloud Security

Comments

@seanrathier
Copy link
Contributor

Motivation

We would like to have additional fields required to be populated in an integration package when the deployment_mode agentless is enabled. These fields are for identifying the organization, division, and team responsible for the integration. This information will be used to tag the agentless agent deployed in MKI so that we know who to contact when support is needed and for the teams to monitor their agentless agents.

Some open questions

  • Should these new fields be siblings of the deployment_mode.agentless?
  • Can we require fields to be populated by the integration developer if parent or sibling fields are enabled?

For example....

format_version: 3.0.0
name: aws
title: AWS
version: 2.13.1
...
policy_templates:
  - name: billing
    title: AWS Billing
    description: Collect billing metrics with Elastic Agent
    deployment_modes: # <---
      default:
        enabled: false
      agentless:
        enabled: true
        organization: 'Security'
        division: 'Cloud Security'
        team:  'Cloud Security Posture Management'
    data_streams:
      - billing

Related Issues
@seanrathier seanrathier added Team:Cloud Security discuss Issue needs discussion labels Sep 6, 2024
@jsoriano
Copy link
Member

jsoriano commented Sep 9, 2024

This information will be used to tag the agentless agent deployed in MKI

What is the plan for these tags to reach MKI from the manifest? Will this be done by Fleet?

  • Should these new fields be siblings of the deployment_mode.agentless?

This sounds like a reasonable option, yes.

  • Can we require fields to be populated by the integration developer if parent or sibling fields are enabled?

We could add these fields as required, but only for new versions of the spec, to avoid breaking existing packages.

@eyalkraft
Copy link
Contributor

eyalkraft commented Sep 9, 2024
edited
Loading

What is the plan for these tags to reach MKI from the manifest? Will this be done by Fleet?

Agentless API & Controller will be doing this. Kibana will send those tags as part of the request to the Agentless API.

@jsoriano
Copy link
Member

jsoriano commented Sep 9, 2024

Ok, if Kibana/Fleet is the one reading the manifest the plan sounds good to me.

@seanrathier
Copy link
Contributor Author

CC: @eyalkraft @oren-zohar @acorretti @orestisfl

@seanrathier seanrathier self-assigned this Sep 9, 2024
@eyalkraft eyalkraft mentioned this issue Sep 12, 2024
Merged
6 tasks
@seanrathier seanrathier mentioned this issue Sep 12, 2024
Merged
2 tasks
@seanrathier seanrathier linked a pull request Sep 12, 2024 that will close this issue
Add support for integration deployment mode agentless to include identity fields #801
Merged
2 tasks
@seanrathier
Copy link
Contributor Author

seanrathier commented Sep 12, 2024
edited
Loading

Full disclosure this is my first time working in this area, I've started a PR here

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@seanrathier seanrathier

Labels
discuss Issue needs discussion Team:Cloud Security
Projects
None yet
Milestone
No milestone
3 participants
@jsoriano @seanrathier @eyalkraft