Skip to content

[sentinel_one] Add Support for Application Risk Data Stream #14910

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 9 commits into from
Sep 19, 2025
+3,523 −18
Merged

[sentinel_one] Add Support for Application Risk Data Stream #14910

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
c8b819e
Add application risk data stream
mohitjha-elastic Aug 12, 2025
6772b03
Update changelog entry
mohitjha-elastic Aug 12, 2025
f1115b1
Add more test logs to improve code coverage
mohitjha-elastic Aug 13, 2025
f47b531
Resolve review comments.
mohitjha-elastic Aug 29, 2025
10b8c98
Add ILM Policy to the data streams
mohitjha-elastic Sep 4, 2025
eb98f51
Update the kibana version in manifest
mohitjha-elastic Sep 4, 2025
1287853
Merge branch 'main' of github.com:mohitjha-elastic/integrations into …
mohitjha-elastic Sep 16, 2025
f8d149a
Add pipeline and rally benchmarks
mohitjha-elastic Sep 18, 2025
0812b66
Add policy test and resolve CI issue.
mohitjha-elastic Sep 18, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 9 additions & 1 deletion packages/sentinel_one/_dev/build/docs/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,4 +87,12 @@ This is the `threat` dataset.

{{event "threat"}}

{{fields "threat"}}
{{fields "threat"}}

### application risk

This is the `application risk` dataset.

{{event "application_risk"}}

{{fields "application_risk"}}
197 changes: 197 additions & 0 deletions packages/sentinel_one/_dev/deploy/docker/files/config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -352,3 +352,200 @@ rules:
}
}
`}}
- path: /web/api/v2.1/application-management/risks
methods: ['GET']
query_params:
limit: 2
cursor: null
request_headers:
Authorization:
- "ApiToken xxxx"
responses:
- status_code: 200
headers:
Content-Type:
- 'application/json'
body: |-
{{ minify_json `
{
"data": [
{
"application": "7-Zip 22.01",
"applicationName": "7-Zip",
"applicationVendor": "Igor Pavlov",
"applicationVersion": "22.01",
"baseScore": "7.00",
"cveId": "CVE-2025-0411",
"cvssVersion": "3.1",
"daysDetected": 59,
"detectionDate": "2025-06-02T04:46:51.710569Z",
"endpointId": "2162143406517023959",
"endpointName": "test_endpoint",
"endpointType": "desktop",
"id": "2228104980801805822",
"lastScanDate": "2025-07-29T19:25:47Z",
"lastScanResult": "Succeeded",
"markType": "",
"markedBy": null,
"markedDate": null,
"osType": "windows",
"publishedDate": "2025-01-20T07:04:04Z",
"reason": null,
"severity": "HIGH",
"status": "Detected"
},
{
"application": "7-Zip 22.01",
"applicationName": "7-Zip",
"applicationVendor": "Igor Pavlov",
"applicationVersion": "22.01",
"baseScore": "7.80",
"cveId": "CVE-2024-11477",
"cvssVersion": "3.1",
"daysDetected": 59,
"detectionDate": "2025-06-02T04:46:51.710578Z",
"endpointId": "2162143406517023959",
"endpointName": "example_endpoint",
"endpointType": "desktop",
"id": "2228104981028298282",
"lastScanDate": "2025-07-29T19:25:47Z",
"lastScanResult": "Succeeded",
"markType": "",
"markedBy": null,
"markedDate": null,
"osType": "windows",
"publishedDate": "2024-11-21T06:42:16Z",
"reason": null,
"severity": "HIGH",
"status": "Detected"
}
],
"pagination": {
"nextCursor": "page2",
"totalItems": 5
}
}
`}}
- path: /web/api/v2.1/application-management/risks
methods: ['GET']
query_params:
limit: 2
cursor: page2
request_headers:
Authorization:
- "ApiToken xxxx"
responses:
- status_code: 200
headers:
Content-Type:
- 'application/json'
body: |-
{{ minify_json `
{
"data": [
{
"application": "Microsoft Edge 112.0.1722.68",
"applicationName": "Microsoft Edge",
"applicationVendor": "Microsoft Corporation",
"applicationVersion": "112.0.1722.68",
"baseScore": "4.30",
"cveId": "CVE-2024-29057",
"cvssVersion": "3.1",
"daysDetected": 59,
"detectionDate": "2025-06-02T04:46:51.710587Z",
"endpointId": "2162143406517023959",
"endpointName": "DESKTOP-example",
"endpointType": "desktop",
"id": "2228104981036686896",
"lastScanDate": "2025-07-29T19:25:47Z",
"lastScanResult": "Succeeded",
"markType": "",
"markedBy": null,
"markedDate": null,
"osType": "windows",
"publishedDate": "2024-03-22T22:15:00Z",
"reason": null,
"severity": "MEDIUM",
"status": "Detected"
},
{
"application": "Microsoft Edge 112.0.1722.68",
"applicationName": "Microsoft Edge",
"applicationVendor": "Microsoft Corporation",
"applicationVersion": "112.0.1722.68",
"baseScore": "6.10",
"cveId": "CVE-2024-38156",
"cvssVersion": "3.1",
"daysDetected": 59,
"detectionDate": "2025-06-02T04:46:51.710591Z",
"endpointId": "2162143406517023959",
"endpointName": "DESKTOP-test",
"endpointType": "desktop",
"id": "2228104981070241336",
"lastScanDate": "2025-07-29T19:25:47Z",
"lastScanResult": "Succeeded",
"markType": "",
"markedBy": null,
"markedDate": null,
"osType": "windows",
"publishedDate": "2024-07-18T05:39:23Z",
"reason": null,
"severity": "MEDIUM",
"status": "Detected"
}
],
"pagination": {
"nextCursor": "page3",
"totalItems": 5
}
}
`}}
- path: /web/api/v2.1/application-management/risks
methods: ['GET']
query_params:
limit: 2
cursor: page3
request_headers:
Authorization:
- "ApiToken xxxx"
responses:
- status_code: 200
headers:
Content-Type:
- 'application/json'
body: |-
{{ minify_json `
{
"data": [
{
"application": "Microsoft Edge 112.0.1722.68",
"applicationName": "Microsoft Edge",
"applicationVendor": "Microsoft Corporation",
"applicationVersion": "112.0.1722.68",
"baseScore": "6.50",
"cveId": "CVE-2024-38222",
"cvssVersion": "3.1",
"daysDetected": 59,
"detectionDate": "2025-06-02T04:46:51.710593Z",
"endpointId": "2162143406517023959",
"endpointName": "DESKTOP-R1E2DQ2",
"endpointType": "desktop",
"id": "2228104981095407166",
"lastScanDate": "2025-07-29T19:25:47Z",
"lastScanResult": "Succeeded",
"markType": "",
"markedBy": null,
"markedDate": null,
"osType": "windows",
"publishedDate": "2024-08-13T18:27:28Z",
"reason": null,
"severity": "MEDIUM",
"status": "Detected"
}
],
"pagination": {
"nextCursor": null,
"totalItems": 5
}
}
`}}
5 changes: 5 additions & 0 deletions packages/sentinel_one/changelog.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "1.38.0"
changes:
- description: Add support for application risk data stream.
type: enhancement
link: https://github.com/elastic/integrations/pull/14910
- version: "1.37.0"
changes:
- description: Add support for application data stream.
Expand Down
10 changes: 10 additions & 0 deletions ...es/sentinel_one/data_stream/application_risk/_dev/test/pipeline/test-application-risk.log
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
{"application":"7-Zip 22.01","applicationName":"7-Zip","applicationVendor":"Igor Pavlov","applicationVersion":"22.01","baseScore":"7.00","cveId":"CVE-2025-0411","cvssVersion":"3.1","daysDetected":59,"detectionDate":"2025-06-02T04:46:51.710569Z","endpointId":"2162143406517023959","endpointName":"DESKTOP-R1E2DQ2","endpointType":"desktop","id":"2228104980801805822","lastScanDate":"2025-07-29T19:25:47Z","lastScanResult":"Succeeded","markType":"","markedBy":null,"markedDate":null,"osType":"windows","publishedDate":"2025-01-20T07:04:04Z","reason":null,"severity":"HIGH","status":"Detected"}
{"application":"Microsoft Edge 112.0.1722.68","applicationName":"Microsoft Edge","applicationVendor":"Microsoft Corporation","applicationVersion":"112.0.1722.68","baseScore":"4.30","cveId":"CVE-2024-29057","cvssVersion":"3.1","daysDetected":59,"detectionDate":"2025-06-02T04:46:51.710587Z","endpointId":"2162143406517023959","endpointName":"DESKTOP-R1E2DQ2","endpointType":"desktop","id":"2228104981036686896","lastScanDate":"2025-07-29T19:25:47Z","lastScanResult":"Succeeded","markType":"","markedBy":null,"markedDate":null,"osType":"windows","publishedDate":"2024-03-22T22:15:00Z","reason":null,"severity":"MEDIUM","status":"Detected"}
{"application":"Microsoft Edge WebView2 Runtime 112.0.1722.64","applicationName":"Microsoft Edge WebView2 Runtime","applicationVendor":"Microsoft Corporation","applicationVersion":"112.0.1722.64","baseScore":"4.70","cveId":"CVE-2024-26247","cvssVersion":"3.1","daysDetected":59,"detectionDate":"2025-06-02T04:46:51.710624Z","endpointId":"2162143406517023959","endpointName":"DESKTOP-R1E2DQ2","endpointType":"desktop","id":"2228104981154127438","lastScanDate":"2025-07-29T19:25:47Z","lastScanResult":"Succeeded","markType":"","markedBy":null,"markedDate":null,"osType":"windows","publishedDate":"2024-03-22T22:15:00Z","reason":null,"severity":"MEDIUM","status":"Detected"}
{"application":"VMware Tools 10.3.10.12406962","applicationName":"VMware Tools","applicationVendor":"VMware, Inc.","applicationVersion":"10.3.10.12406962","baseScore":"7.10","cveId":"CVE-2022-22977","cvssVersion":"3.1","daysDetected":59,"detectionDate":"2025-06-02T04:46:51.710668Z","endpointId":"2162143406517023959","endpointName":"DESKTOP-R1E2DQ2","endpointType":"desktop","id":"2228104981196070492","lastScanDate":"2025-07-29T19:25:47Z","lastScanResult":"Succeeded","markType":"","markedBy":null,"markedDate":null,"osType":"windows","publishedDate":"2022-05-24T19:15:00Z","reason":null,"severity":"HIGH","status":"Detected"}
{"application":"PuTTY release 0.77.0.0","applicationName":"PuTTY release","applicationVendor":"Simon Tatham","applicationVersion":"0.77.0.0","baseScore":"5.90","cveId":"CVE-2024-31497","cvssVersion":"3.1","daysDetected":10,"detectionDate":"2025-07-21T18:00:44.231765Z","endpointId":"2162143406517023959","endpointName":"DESKTOP-R1E2DQ2","endpointType":"desktop","id":"2264018562208952766","lastScanDate":"2025-07-29T19:25:47Z","lastScanResult":"Succeeded","markType":"","markedBy":null,"markedDate":null,"osType":"windows","publishedDate":"2024-04-15T20:15:00Z","reason":null,"severity":"MEDIUM","status":"Detected"}
{"application":"7-Zip 22.01","applicationName":"7-Zip","applicationVendor":"Igor Pavlov","applicationVersion":"22.01","baseScore":"7.80","cveId":"CVE-2024-11477","cvssVersion":"3.1","daysDetected":72,"detectionDate":"2025-06-02T04:46:51.710578Z","endpointId":"2162143406517023959","endpointName":"DESKTOP-R1E2DQ2","endpointType":"desktop","id":"2228104981028298282","lastScanDate":"2025-08-11T18:02:20Z","lastScanResult":"Succeeded","markType":"","markedBy":null,"markedDate":null,"osType":"windows","publishedDate":"2024-11-21T06:42:16Z","reason":null,"severity":"HIGH","status":"Detected"}
{"application":"Microsoft Edge 112.0.1722.68","applicationName":"Microsoft Edge","applicationVendor":"Microsoft Corporation","applicationVersion":"112.0.1722.68","baseScore":"6.10","cveId":"CVE-2024-38156","cvssVersion":"3.1","daysDetected":72,"detectionDate":"2025-06-02T04:46:51.710591Z","endpointId":"2162143406517023959","endpointName":"DESKTOP-R1E2DQ2","endpointType":"desktop","id":"2228104981070241336","lastScanDate":"2025-08-11T18:02:20Z","lastScanResult":"Succeeded","markType":"","markedBy":null,"markedDate":null,"osType":"windows","publishedDate":"2024-07-18T05:39:23Z","reason":null,"severity":"MEDIUM","status":"Detected"}
{"application":"Microsoft Edge 112.0.1722.68","applicationName":"Microsoft Edge","applicationVendor":"Microsoft Corporation","applicationVersion":"112.0.1722.68","baseScore":"6.50","cveId":"CVE-2024-38222","cvssVersion":"3.1","daysDetected":72,"detectionDate":"2025-06-02T04:46:51.710593Z","endpointId":"2162143406517023959","endpointName":"DESKTOP-R1E2DQ2","endpointType":"desktop","id":"2228104981095407166","lastScanDate":"2025-08-11T18:02:20Z","lastScanResult":"Succeeded","markType":"","markedBy":null,"markedDate":null,"osType":"windows","publishedDate":"2024-08-13T18:27:28Z","reason":null,"severity":"MEDIUM","status":"Detected"}
{"application":"Microsoft Edge 112.0.1722.68","applicationName":"Microsoft Edge","applicationVendor":"Microsoft Corporation","applicationVersion":"112.0.1722.68","baseScore":"9.60","cveId":"CVE-2024-7971","cvssVersion":"3.1","daysDetected":72,"detectionDate":"2025-06-02T04:46:51.710604Z","endpointId":"2162143406517023959","endpointName":"DESKTOP-R1E2DQ2","endpointType":"desktop","id":"2228104981128961604","lastScanDate":"2025-08-11T18:02:20Z","lastScanResult":"Succeeded","markType":"","markedBy":null,"markedDate":null,"osType":"windows","publishedDate":"2024-08-21T21:15:00Z","reason":null,"severity":"CRITICAL","status":"Detected"}
{"application":"Microsoft Edge 112.0.1722.68","applicationName":"Microsoft Edge","applicationVendor":"Microsoft Corporation","applicationVersion":"112.0.1722.68","baseScore":"4.70","cveId":"CVE-2024-38082","cvssVersion":"3.1","daysDetected":72,"detectionDate":"2025-06-02T04:46:51.710607Z","endpointId":"2162143406517023959","endpointName":"DESKTOP-R1E2DQ2","endpointType":"desktop","id":"2228104981137350215","lastScanDate":"2025-08-11T18:02:20Z","lastScanResult":"Succeeded","markType":"","markedBy":null,"markedDate":null,"osType":"windows","publishedDate":"2024-06-20T20:15:00Z","reason":null,"severity":"MEDIUM","status":"Detected"}
Loading