[Defend Workflows] SentinelOne response actions failing with error: `Response validation failed (Error: [data.0.rangerVersion]: expected value of type [string] but got [null])`

[sukhwindersingh-qasource]

Describe the bug:

• SentinelOne response actions failing with error: Response validation failed (Error: [data.0.rangerVersion]: expected value of type [string] but got [null])

Build Details:

VERSION: 8.17.0 BC2
BUILD: 80427
COMMIT: 2421fb67e0069e7e2c3036cb4e9077fceb4a587a

Login Credentials

• https://p.elstc.co/paste/bzOm1aKR#tyCpK+u0JO57S2JEx+5Px7eMxvWpLdLcI4X1x8ELF9-

Preconditions

• Kibana should be running.
• Sentinel Alerts should be present

Steps to Reproduce

• Navigate to the response console through the sentinel alerts flyout
• Add Any response action in the response console and run the command , Lets say processes
• Observe the error: Error while attempting to retrieve SentinelOne host with agent id [1946294231519300942]: Attempt to send [getAgents] to SentinelOne failed: Response validation failed (Error: [data.0.rangerVersion]: expected value of type [string] but got [null]) is shown

Whats not working :

• It is not working for all of the response actions of SentinelOne

Actual result

• SentinelOne response actions failing with error: Response validation failed (Error: [data.0.rangerVersion]: expected value of type [string] but got [null])

Expected Result

• SentinelOne response actions should be working as expected and does not show any errors

Screen-cast

https://github.com/user-attachments/assets/dcf23ea2-5718-4adb-8d5b-50a4ac9da810

Logs

• N/A

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)

[elasticmachine]

Pinging @elastic/security-defend-workflows (Team:Defend Workflows)

[sukhwindersingh-qasource]

@muskangulati-qasource Please review this

[dasansol92]

Hey @sukhwindersingh-qasource , is this working as expected in previous stack versions? Thanks!

[sukhwindersingh-qasource]

Hi @dasansol92,

We tested this on the previous version using the same setup and VM. We observed that it is not working on 8.16.0. However, during the 8.16.0 release process, it was working on the same stack. We're not sure why it is no longer functioning in 8.16.0.

Additionally, there is another related ticket with a somewhat similar issue, although the error message differs. We also validated the fix for this issue on the serverless environment.

Build Details:

VERSION: 8.16.0
BUILD: 79644
COMMIT: a8a07dfc586d78b8f4b7997b00e126363d68c043

Screen cast :

https://github.com/user-attachments/assets/e9a4a32b-fe46-4045-be36-c5b6881a904e

Please let us know if anything else is required from our end.

Thanks!!

[muskangulati-qasource]

Secondary review is Done for this ticket!

[paul-tavares]

PR https://github.com/elastic/kibana/pull/202515

[paul-tavares]

Fix for this has been merged.