[Security Solution][Endpoint] API emulator developer utility

[paul-tavares]

Summary

• Adds a new script and utility to run a standalone HTTP web server for emulating external API calls (ex. APIs called by Connectors in support for Bi-Directional response actions)
  • Includes two plugins: SentinelOne and Crowdstrike. Only SentinelOne has some working APIs (APIs that respond with payloads)
  • Has not been tested with Kibana yet, but should be able to start it and then use the URL for the desired plugin (SentinelOne or Crowdstrike) to setup a Connector in Kibana
  • See README file for more on this utility and associated framework

To run it, execute:

 node x-pack/plugins/security_solution/scripts/endpoint/start_external_edr_server_emulator.js

 info [EmulatorServer] added route: [CORE] GET /_status
 info [EmulatorServer] added route: [sentinelone] GET /sentinelone/web/api/v2.1/agents
 info [EmulatorServer] added route: [sentinelone] GET /sentinelone/web/api/v2.1/activities
 info [EmulatorServer] added route: [sentinelone] POST /sentinelone/web/api/v2.1/agents/actions/connect
 info [EmulatorServer] added route: [sentinelone] POST /sentinelone/web/api/v2.1/agents/actions/disconnect
 info [EmulatorServer] added route: [crowdstrike] GET /crowdstrike
 info [EmulatorServer] Server started and available at: http://your-conputer-dns-address:54498

All arguments are optional and the defaults assume a developer stack running locally on port 5601 (KBN) and 9200 (ES). These can be overwritten - see utility's --help output:

 node x-pack/plugins/security_solution/scripts/endpoint/start_external_edr_server_emulator.js --help

  node x-pack/plugins/security_solution/scripts/endpoint/start_external_edr_server_emulator.js

  Start external API emulator

  Options:
    --port              The port number where the server should listen on
                        (Default is 0 - which means an available port is assigned randomly)
    --username          User name to be used for auth against elasticsearch and
                        kibana (Default: elastic).
                        **IMPORTANT:** if 'asSuperuser' option is not used, then the
                        user defined here MUST have 'superuser' AND 'kibana_system' roles
    --password          User name Password (Default: changeme)
    --apiKey            An API key to use for communication with Kibana/Elastisearch. Would be
                        used instead of username/password
    --asSuperuser       If defined, then a Security super user will be created using the
                        the credentials defined via 'username' and 'password' options. This
                        new user will then be used to run this utility.
    --kibana            The url to Kibana (Default: http://127.0.0.1:5601)
    --elasticsearch     The url to Elasticsearch (Default: http://127.0.0.1:9200)
    --verbose, -v      Log verbosely
    --debug            Log debug messages (less than verbose)
    --quiet            Only log errors
    --silent           Don't log anything
    --help             Show this message

[elasticmachine]

Pinging @elastic/security-defend-workflows (Team:Defend Workflows)

[kibana-ci]

:green_heart: Build Succeeded

• Buildkite Build
• Commit: c3081fde59733006eb890a4deb03229688cf777e

Metrics [docs]

Unknown metric groups

#### ESLint disabled in files | id | [before](https://github.com/elastic/kibana/commit/4ded78d3eebcdd9ec62143f7bde58def4eb6c593) | [after](https://github.com/elastic/kibana/commit/c3081fde59733006eb890a4deb03229688cf777e) | diff | | --- | --- | --- | --- | | `securitySolution` | 78 | 82 | +4 | #### Total ESLint disabled count | id | [before](https://github.com/elastic/kibana/commit/4ded78d3eebcdd9ec62143f7bde58def4eb6c593) | [after](https://github.com/elastic/kibana/commit/c3081fde59733006eb890a4deb03229688cf777e) | diff | | --- | --- | --- | --- | | `securitySolution` | 596 | 600 | +4 |

To update your PR or re-run it, just comment with: @elasticmachine merge upstream

cc @paul-tavares