[9.0] [DOCS] Update CrowdStrike and SentinelOne connectors (elastic#219887) (elastic#220564)

# Backport

This will backport the following commits from `main` to `9.0`:
- [[DOCS] Update CrowdStrike and SentinelOne connectors
(elastic#219887)](elastic#219887)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Lisa
Cawley","email":"[email protected]"},"sourceCommit":{"committedDate":"2025-05-08T18:34:40Z","message":"[DOCS]
Update CrowdStrike and SentinelOne connectors
(elastic#219887)","sha":"f3115c6746fe071672911a2e7f74b03bff10b209","branchLabelMapping":{"^v9.1.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:ResponseOps","docs","backport:version","v9.1.0","v8.19.0","v8.18.2","v9.0.2"],"title":"[DOCS]
Update CrowdStrike and SentinelOne
connectors","number":219887,"url":"https://github.com/elastic/kibana/pull/219887","mergeCommit":{"message":"[DOCS]
Update CrowdStrike and SentinelOne connectors
(elastic#219887)","sha":"f3115c6746fe071672911a2e7f74b03bff10b209"}},"sourceBranch":"main","suggestedTargetBranches":["8.19","8.18","9.0"],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/219887","number":219887,"mergeCommit":{"message":"[DOCS]
Update CrowdStrike and SentinelOne connectors
(elastic#219887)","sha":"f3115c6746fe071672911a2e7f74b03bff10b209"}},{"branch":"8.19","label":"v8.19.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.2","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"9.0","label":"v9.0.2","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Lisa Cawley <[email protected]>

Author: kibanamachine

docs/reference/connectors-kibana/crowdstrike-action-type.md

@@ -11,10 +11,6 @@ applies_to:
 
 # CrowdStrike connector [crowdstrike-action-type]
 
-::::{warning}
-This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
-::::
-
 The CrowdStrike connector communicates with CrowdStrike Management Console via REST API.
 
 To use this connector, you must have authority to run {{endpoint-sec}} connectors, which is an **{{connectors-feature}}** sub-feature privilege. Refer to [{{kib}} privileges](docs-content://deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md).
@@ -41,6 +37,17 @@ CrowdStrike client ID
 Client secret
 :   The CrowdStrike API client secret to authenticate the client ID.
 
-## Test connectors [crowdstrike-action-parameters]
+## Test connectors [crowdstrike-action-configuration]
+
+You can test connectors as you’re creating or editing the connector in {{kib}}. For example:
+
+:::{image} ../images/crowdstrike-connector-test.png
+:screenshot:
+:alt: CrowdStrike connector test
+:::
+
+The CrowdStrike action has the following configuration properties:
+
+Agent IDs
+:   Get details about one or more CrowdStrike agent IDs.
 
-At this time, you cannot test the CrowdStrike connector.

docs/reference/connectors-kibana/sentinelone-action-type.md

@@ -11,10 +11,6 @@ applies_to:
 
 # SentinelOne connector [sentinelone-action-type]
 
-::::{warning}
-This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
-::::
-
 The SentinelOne connector communicates with SentinelOne Management Console via REST API.
 
 To use this connector, you must have authority to run {{endpoint-sec}} connectors, which is an **{{connectors-feature}}** sub-feature privilege. Refer to [{{kib}} privileges](docs-content://deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md).
@@ -40,4 +36,11 @@ URL
 
 ## Test connectors [sentinelone-action-parameters]
 
-At this time, you cannot test the SentinelOne connector.
+You can test connectors as you're creating or editing the connector in {{kib}}.
+For example:
+
+:::{image} ../images/sentinelone-connector-test.png
+:alt: SentinelOne connector test
+:screenshot:
+:::
+

docs/reference/images/crowdstrike-connector-test.png

@@ -647,6 +647,8 @@ paths:
                     - $ref: '#/components/schemas/run_closeincident'
                     - $ref: '#/components/schemas/run_createalert'
                     - $ref: '#/components/schemas/run_fieldsbyissuetype'
+                    - $ref: '#/components/schemas/run_getagentdetails'
+                    - $ref: '#/components/schemas/run_getagents'
                     - $ref: '#/components/schemas/run_getchoices'
                     - $ref: '#/components/schemas/run_getfields'
                     - $ref: '#/components/schemas/run_getincident'
@@ -64581,6 +64583,42 @@ components:
               type: string
               description: The Jira issue type identifier.
               example: 10024
+    run_getagentdetails:
+      title: The getAgentDetails subaction
+      type: object
+      required:
+        - subAction
+        - subActionParams
+      description: The `getAgentDetails` subaction for CrowdStrike connectors.
+      properties:
+        subAction:
+          type: string
+          description: The action to test.
+          enum:
+            - getAgentDetails
+        subActionParams:
+          type: object
+          description: The set of configuration properties for the action.
+          required:
+            - ids
+          properties:
+            ids:
+              type: array
+              description: An array of CrowdStrike agent identifiers.
+              items:
+                type: string
+    run_getagents:
+      title: The getAgents subaction
+      type: object
+      required:
+        - subAction
+      description: The `getAgents` subaction for SentinelOne connectors.
+      properties:
+        subAction:
+          type: string
+          description: The action to test.
+          enum:
+            - getAgents
     run_getchoices:
       title: The getChoices subaction
       type: object

docs/reference/images/crowdstrike-connector.png

@@ -693,6 +693,8 @@ paths:
                     - $ref: '#/components/schemas/run_closeincident'
                     - $ref: '#/components/schemas/run_createalert'
                     - $ref: '#/components/schemas/run_fieldsbyissuetype'
+                    - $ref: '#/components/schemas/run_getagentdetails'
+                    - $ref: '#/components/schemas/run_getagents'
                     - $ref: '#/components/schemas/run_getchoices'
                     - $ref: '#/components/schemas/run_getfields'
                     - $ref: '#/components/schemas/run_getincident'
@@ -71053,6 +71055,42 @@ components:
               type: string
               description: The Jira issue type identifier.
               example: 10024
+    run_getagentdetails:
+      title: The getAgentDetails subaction
+      type: object
+      required:
+        - subAction
+        - subActionParams
+      description: The `getAgentDetails` subaction for CrowdStrike connectors.
+      properties:
+        subAction:
+          type: string
+          description: The action to test.
+          enum:
+            - getAgentDetails
+        subActionParams:
+          type: object
+          description: The set of configuration properties for the action.
+          required:
+            - ids
+          properties:
+            ids:
+              type: array
+              description: An array of CrowdStrike agent identifiers.
+              items:
+                type: string
+    run_getagents:
+      title: The getAgents subaction
+      type: object
+      required:
+        - subAction
+      description: The `getAgents` subaction for SentinelOne connectors.
+      properties:
+        subAction:
+          type: string
+          description: The action to test.
+          enum:
+            - getAgents
     run_getchoices:
       title: The getChoices subaction
       type: object

docs/reference/images/sentinelone-connector-test.png

@@ -392,6 +392,8 @@ actions:
                     - $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_closeincident.yaml'
                     - $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_createalert.yaml'
                     - $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_fieldsbyissuetype.yaml'
+                    - $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getagentdetails.yaml'
+                    - $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getagents.yaml'
                     - $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getchoices.yaml'
                     - $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getfields.yaml'
                     - $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/run_getincident.yaml'

docs/reference/images/sentinelone-connector.png

@@ -0,0 +1,23 @@
+title: The getAgentDetails subaction
+type: object
+required:
+  - subAction
+  - subActionParams
+description: The `getAgentDetails` subaction for CrowdStrike connectors.
+properties:
+  subAction:
+    type: string
+    description: The action to test.
+    enum:
+      - getAgentDetails
+  subActionParams:
+    type: object
+    description: The set of configuration properties for the action.
+    required:
+      - ids
+    properties:
+      ids:
+        type: array
+        description: An array of CrowdStrike agent identifiers.
+        items:
+          type: string