[REQUEST]: 8.18: Document new Connector for Microsoft Defender for Endpoint (in Tech. Preview)

[paul-tavares]

Description

Description

Add documentation for new Microsoft Defender for Endpoint connector. This new connector will (at this time) be in Tech. Preview, but that could change by the time we enable it (currently hidden behind a feature flag.

When

Looking to make this connector available with v8.18 / v9.0.
It may be enabled for serverless prior to these release dates.

Resources

Implementation PR: elastic/kibana#203183

Note that this connector is an EDR only connector. The EDR sub-privileges implementation is being done here and that PR may have impacts to how you word the documentation for this new connector (as well as the existing SentinelOne + Crowdstrike connectors)

Relates to elastic/kibana#207136

Which documentation set does this change impact?

Elastic On-Prem and Cloud (all)

Feature differences

From the connector's standpoint, all is the same.

See below for screen capture of required data for creating the connector:

The data required closely mirrors the same data required to set the Fleet Microsoft Defender for Endpoint integration - screen capture of the input fields in fleet:

What release is this request related to?

8.18, 9.0

Collaboration model

The documentation team

Point of contact.

Main contact:

• @paul-tavares

Stakeholders:

??

[paul-tavares]

@caitlinbetz ,

Can you confirm: are we planning on GA'ing the Microsoft Defender ++ Crowdstrike ++ SentinelOne functionality in 8.18/9.0?

Also - my guess is that we'll need to do this first for Serverless , so at some point here soon we'll need to discuss the timing and the target serverless release so that we can all get sync'd up.

[paul-tavares]

cc/ @dasansol92

Including David on here as he will be coordinating the release of this feature to serverless

[caitlinbetz]

@paul-tavares Yes, we want to these connectors in GA in 8.18