[Epic] Road to Agentless + Security Integrations Release (Phase I)

[qcorporation]

Topic

The Epic describes the Development efforts to release the first initial Security Integrations under the Agentless deployment model. Product Ticket is defined here

What are we releasing?

Security Integrations targeted for the initial release for the 8.18 release, are:

1. Office 365
2. Okta
3. AWS Security Hub
4. SentinelOne
5. AbuseCH
6. Microsoft Defender Cloud
7. Microsoft 365 Defender
8. Microsoft Defender for Endpoint
9. Google Security Command Center
10. Google Workspace
11. Tenable IO
12. Wiz
13. Qualys VMDR

What is required for the release?

• Enabling the integrations listed above within the integration manifest.yml template policy to have an agentless deployment mode
• Providing important Agentless information within the integration documentation
• End-to-end testing for each integration (require account/permission to vendors)

Dependencies

State Storage for Filebeat: PR: https://github.com/elastic/beats/pull/41446 Disable Agentless in UI for on-prem customers: https://github.com/elastic/kibana/issues/201217 Hide unsupported inputs and outputs https://github.com/elastic/package-spec/issues/805 (all listed integrations have been vetted for supported inputs)

Breakdown

## Tasks
- [ ] https://github.com/elastic/security-team/issues/8883
- [ ] https://github.com/elastic/integrations/issues/11812
- [ ] https://github.com/elastic/integrations/issues/11811
- [ ] https://github.com/elastic/integrations/issues/11813
- [ ] Documentation for agentless for Phase I Integrations (pending ownership)