39 Pull requests merged by 21 people

• GA microsoft_dnsserver integration

  #11269 merged Sep 27, 2024

• [checkpoint] Drop support for EOL OS version R80.X

  #11263 merged Sep 27, 2024

• Migrate security service packages to GA

  #11210 merged Sep 27, 2024

• [vSphere] Add SSL/TLS support for tcp input in log data stream

  #11061 merged Sep 27, 2024

• Add related.entity to cloudtrail integration

  #11115 merged Sep 27, 2024

• f5_bigip: url decode user agent strings

  #11222 merged Sep 27, 2024

• Rename the ingestion-team

  #11228 merged Sep 27, 2024

• [carbon_black_cloud] Fix alert_v7 CEL pagination logic

  #11259 merged Sep 27, 2024

• [cisco_ftd] Fix parsing issues with message IDs 210007, 305013, and 302023

  #11257 merged Sep 26, 2024

• [AWS] Update integration name to Amazon Bedrock

  #11256 merged Sep 26, 2024

• [vSphere] Release new integration version.

  #11255 merged Sep 26, 2024

• [vSphere] Update README and fix Resourcepool datastream TSDB

  #11242 merged Sep 26, 2024

• [Azure docs] Clarify generic vs specialized integrations

  #11232 merged Sep 26, 2024

• [google_workspace]: Remove link to unpublished security-labs blog from README.

  #11216 merged Sep 26, 2024

• Update tests using journalctl tool to start a custom independent agent

  #11186 merged Sep 26, 2024

• [ti_*] Fix labels.is_ioc_transform_source values

  #11231 merged Sep 26, 2024

• [Kubernetes] Fix Overview dashboard Kibana id

  #11243 merged Sep 26, 2024

• forgerock: fix handling of query time ranges

  #11240 merged Sep 26, 2024

• carbon_black_cloud: fix timestamp type when using cursor value

  #11221 merged Sep 26, 2024

• Add condition field to Keycloak log datastream

  #11213 merged Sep 26, 2024

• qualys_vmdr: retain event.original as json

  #11248 merged Sep 26, 2024

• [Azure] Application Gateway WAF: add event.reason

  #10007 merged Sep 25, 2024

• [CI] Update find oldest supported script

  #11227 merged Sep 25, 2024

• [vSphere] Filter alerts and warnings from triggered alarms.

  #11230 merged Sep 25, 2024

• o365,sentinel_one_cloud_funnel,sysmon_linux,system,windows: tighten ipv4 extraction

  #11052 merged Sep 25, 2024

• [pfsense] Add SNORT log processing

  #11182 merged Sep 24, 2024

• [fortinet_fortimanager] Add more ECS fields mappings

  #11237 merged Sep 24, 2024

• [squid] Add dashboard, improve documentation, GA integration

  #11145 merged Sep 24, 2024

• [vSphere][network] fix issue with TSDB network name

  #11229 merged Sep 24, 2024

• Docker: bump package-spec version to 3.2.2

  #11196 merged Sep 24, 2024

• [Kubernetes] Use filestream fingerprint mode by default for container_logs datastream

  #11212 merged Sep 24, 2024

• [automation] Update packages in .github/ISSUE_TEMPLATE/integration_bug.yml

  #11223 merged Sep 24, 2024

• all: fix sample_event.json final newlines

  #11174 merged Sep 23, 2024

• [netflow]: Append all ip addresses found to the related.ip field.

  #11193 merged Sep 23, 2024

• cisco_aironet: add ECS mapping for destination.port

  #11103 merged Sep 23, 2024

• [vSphere][network] Create network datastream

  #10993 merged Sep 23, 2024

• [automation] Update packages in .github/ISSUE_TEMPLATE/integration_bug.yml

  #11206 merged Sep 23, 2024

• Remove event.original removal processors (integrations AWS & Azure)

  #10888 merged Sep 23, 2024

• [vSphere][datastorecluster] Add new Datastream Datastore Cluster

  #11089 merged Sep 22, 2024

19 Pull requests opened by 15 people

• [New Integration] Envoyproxy

  #11215 opened Sep 23, 2024

• Add in technique.name field to the transform. Remove milliseconds from TQL query.

  #11217 opened Sep 23, 2024

• forgerock: fix handling of idm_core object payloads

  #11219 opened Sep 23, 2024

• GCP Vertex AI LLM Integration

  #11225 opened Sep 24, 2024

• Add related.entity field to azure activitylogs default ingest pipeline

  #11233 opened Sep 24, 2024

• [GitLab] Add sidekiq and pages datastreams

  #11234 opened Sep 24, 2024

• [Cloud Security] enable asset inventory package to support agentless

  #11238 opened Sep 24, 2024

• Add aws.firehose.arn, aws.firehose.request_id and aws.metrics_names_fingerprint fields

  #11239 opened Sep 24, 2024

• [AWS Bedrock] Editing for GA

  #11244 opened Sep 25, 2024

• Cloudtrail add origin and target

  #11245 opened Sep 25, 2024

• [Elastic Agent] Add data retention policy of 30d to all data streams

  #11246 opened Sep 25, 2024

• [POC] Deployment mode for CSPM

  #11247 opened Sep 25, 2024

• [windows] Windows Defender Data stream overhaul to GA

  #11249 opened Sep 25, 2024

• [Cloud Security][Cloud Security Posture] Update kibana condition

  #11252 opened Sep 26, 2024

• [POC] Nginx otel integration with OTEL Templates

  #11253 opened Sep 26, 2024

• [Salesforce] Editing for GA

  #11254 opened Sep 26, 2024

• [citrix_adc] Make date/time format configurable

  #11258 opened Sep 26, 2024

• Remove major snapshots check find oldest script

  #11265 opened Sep 27, 2024

• [Elastic Connectors] Add index name as input var

  #11267 opened Sep 27, 2024

18 Issues closed by 12 people

• Migrate security service integrations to GA

  #11197 closed Sep 27, 2024

• F5 BIG-IP - url decode user_agent fields

  #11211 closed Sep 27, 2024

• Pipeline Errors Daily

  #10478 closed Sep 26, 2024

• [ti_*] IOC transform destinations incorrectly marked as sources

  #11208 closed Sep 26, 2024

• [Kubernetes]: Overview dashboard id changed

  #11241 closed Sep 26, 2024

• [forgerock]: agent does not keep time stamp ranges within API requirements

  #11220 closed Sep 26, 2024

• [Azure] Update sanitization logic

  #10089 closed Sep 26, 2024

• Duplication of Categories

  #5755 closed Sep 25, 2024

• [pfSense] SNORT log processing

  #10558 closed Sep 24, 2024

• GA Security Integrations for Deployment and Devices

  #11005 closed Sep 24, 2024

• [squid] Follow up items for Squid rewrite

  #10920 closed Sep 24, 2024

• [Azure docs] Add firewall documentation for azure-eventhub based integrations

  #9157 closed Sep 24, 2024

• [Keycloak] Integration missing GeoIP processor

  #11179 closed Sep 24, 2024

• [iptables.log] Ingest pipeline errors for SPT=0 or DPT=0

  #10095 closed Sep 24, 2024

• [fortinet_fortigate]: pipeline-error cannot access method/field from a null def reference

  #10912 closed Sep 24, 2024

• Field formats specified in package not being applied in data view

  #2886 closed Sep 24, 2024

• NetFlow Records Integration: Append Network Address Translation IP fields to related.ip

  #9202 closed Sep 23, 2024

• [panw] System tests using Logstash for ingest only write one event per data stream

  #8530 closed Sep 23, 2024

15 Issues opened by 11 people

• [Check Point]: No documentation for the file option

  #11268 opened Sep 27, 2024

• [Docs] Discuss deduplication strategies in the Integrations Developer Guide

  #11266 opened Sep 27, 2024

• [Docs] Discuss patterns for ECS vs vendor prefixed fields in the Integrations Developer Guide

  #11264 opened Sep 27, 2024

• [Stack 8.16.0-SNAPSHOT] [apache_spark] Failing test daily: system test: metric (variant: v3.2.0) in apache_spark.executor

  #11262 opened Sep 27, 2024

• It is not possible to zero OAuth2.0 credentials via the fleet UI

  #11261 opened Sep 27, 2024

• [AWS] Support owning account for cross account monitoring

  #11260 opened Sep 26, 2024

• Azure Logs: use one input per agent policy

  #11251 opened Sep 26, 2024

• forgerock: add a specific endpoint emulator for sytem tests

  #11250 opened Sep 26, 2024

• [Cisco ASA]: Deny message not being parsed due to empty access-group

  #11236 opened Sep 24, 2024

• [Akamai] Remove Tech Preview from Datastreams

  #11235 opened Sep 24, 2024

• [Stack 8.16.0-SNAPSHOT] [cyberarkpas] Failing test daily: system test: tcp in cyberarkpas.audit

  #11224 opened Sep 24, 2024

• [GitLab] Add support for other GitLab logs

  #11218 opened Sep 23, 2024

• GA Security Integrations for Windows platform

  #11214 opened Sep 23, 2024

• [Stack 8.16.0-SNAPSHOT] [system] Failing test daily: system test: default in system.process

  #11207 opened Sep 23, 2024

• CrowdStrike integration not working

  #11204 opened Sep 21, 2024

63 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• [Amazon Security Lake] - OCSF v1.1 update with major refactor & adding support for dynamic template and mappings & system tests

  #10405 commented on Sep 26, 2024 • 33 new comments

• aws.securityhub_findings: Improve support for CDR

  #11158 commented on Sep 26, 2024 • 29 new comments

• [tychon] New integration

  #10811 commented on Sep 27, 2024 • 12 new comments

• [Cisco Duo] Integration updates

  #11200 commented on Sep 23, 2024 • 10 new comments

• [cisco_asa] Remove test for missing message_id

  #11191 commented on Sep 23, 2024 • 1 new comment

• cisco_aironet: add ECS mapping for event.severity

  #11105 commented on Sep 23, 2024 • 1 new comment

• feat: add tags and processors on GCP Pubsub metrics

  #10560 commented on Sep 22, 2024 • 0 new comments

• akamai: handle input leniently

  #10158 commented on Sep 27, 2024 • 0 new comments

• Fix JSON Typos on AWS API Gateway Documentation

  #9932 commented on Sep 23, 2024 • 0 new comments

• [Integration Update] Add Sessions, Policy, Factors and Devices data to Okta Entity Analytics

  #10426 commented on Sep 27, 2024 • 0 new comments

• [Enhancement] Scaling options for each integration/data stream

  #11195 commented on Sep 27, 2024 • 0 new comments

• Incorrect `null` handling in `if` conditions and elsewhere

  #8646 commented on Sep 27, 2024 • 0 new comments

• [CheckPoint] Drop support for EOL OS

  #10977 commented on Sep 27, 2024 • 0 new comments

• [Stack 8.16.0-SNAPSHOT] [sophos] Failing test daily: pipeline test: test-sophos-xg.log in sophos.xg

  #10908 commented on Sep 27, 2024 • 0 new comments

• [Stack 8.16.0-SNAPSHOT] [sophos] Failing test daily: pipeline test: test-sophos-18-5-firewall.log in sophos.xg

  #10907 commented on Sep 27, 2024 • 0 new comments

• [Stack 8.16.0-SNAPSHOT] [mongodb_atlas] Failing test daily: system test: (elastic-agent logs - default) in mongodb_atlas.hardware

  #10625 commented on Sep 27, 2024 • 0 new comments

• [Stack 8.16.0-SNAPSHOT] [mongodb_atlas] Failing test daily: system test: (elastic-agent logs - default) in mongodb_atlas.process

  #10624 commented on Sep 27, 2024 • 0 new comments

• [Stack 8.16.0-SNAPSHOT] [cyberarkpas] Failing test daily: system test: tls in cyberarkpas.audit

  #10620 commented on Sep 27, 2024 • 0 new comments

• [M365 Defender] - Add a new data stream to support vulnerability logs

  #7482 commented on Sep 21, 2024 • 0 new comments

• [Prometheus] Added dynamic_<dataset|namespace> settings to prometheus datasets

  #10592 commented on Sep 25, 2024 • 0 new comments

• [Check Point Harmony Endpoint] New Integration - WIP

  #10780 commented on Sep 27, 2024 • 0 new comments

• [cisco_asa] Fix Event code 106023 - Source/Destination IP not being parsed into respective source.ip or destination.ip field when interface nameif has a full colon (:)

  #10917 commented on Sep 26, 2024 • 0 new comments

• Test elastic-package#2087 - DO NOT MERGE

  #11055 commented on Sep 26, 2024 • 0 new comments

• Populate missing community_id attributes for Cisco and Sophos devices

  #11067 commented on Sep 26, 2024 • 0 new comments

• Cisco Meraki metrics package [WIP]

  #11069 commented on Sep 24, 2024 • 0 new comments

• [panw_metrics] Add Palo Alto Networks metrics integration

  #11099 commented on Sep 26, 2024 • 0 new comments

• aws: improve error.message and add event.kind:pipeline_error for pipeline errors

  #11112 commented on Sep 25, 2024 • 0 new comments

• [Kubernetes] Include kubeadm parameter

  #11187 commented on Sep 25, 2024 • 0 new comments

• [cisco_ftd] Fix grok failure with username with spaces on ftd messageID.

  #11198 commented on Sep 23, 2024 • 0 new comments

• Feature 5255 aruba qcorp

  #11201 commented on Sep 20, 2024 • 0 new comments

• [custom_ti] Add support for basic authentication

  #11202 commented on Sep 21, 2024 • 0 new comments

• [Cloud Security] Added deployment_mode and properties CSPM, Elastic Connector

  #11203 commented on Sep 23, 2024 • 0 new comments

• Two "metrics" columns are displayed for linux integration on Agent details page.

  #881 commented on Sep 21, 2024 • 0 new comments

• [custom_ti] Add Basic auth to integration

  #11192 commented on Sep 21, 2024 • 0 new comments

• Elastic-Agent: Microsoft SQL Server Integration - manage failover in a Microsoft SQL cluster

  #4272 commented on Sep 23, 2024 • 0 new comments

• aws.securityhub_findings: Update datastream to leverage Cloud Security workflows

  #11038 commented on Sep 23, 2024 • 0 new comments

• [Anomali] Support ThreatStream API

  #9610 commented on Sep 23, 2024 • 0 new comments

• [Bug] Convert ZScaler dashboards to use links panel

  #11199 commented on Sep 23, 2024 • 0 new comments

• [Azure docs] Create a detailed setup guide to show users how to take the most out of Azure Logs

  #9955 commented on Sep 24, 2024 • 0 new comments

• aws.securityhub_findings: Implement mappings for Cloud Security Workflow

  #11040 commented on Sep 24, 2024 • 0 new comments

• [ci] Add team labels to failing test issues

  #10354 commented on Sep 24, 2024 • 0 new comments

• GA Security Integrations

  #10985 commented on Sep 24, 2024 • 0 new comments

• [Azure docs] Document how to collect any logs using the generic Event Hub integration

  #4581 commented on Sep 25, 2024 • 0 new comments

• [System] add support to ignore all "unknown" or "unavailable" filesystems

  #11189 commented on Sep 25, 2024 • 0 new comments

• Update integration to include hide_in_deployment modes

  #10867 commented on Sep 25, 2024 • 0 new comments

• Move non-ECS fields in Network Packet Capture datastream fields out of root namespace

  #8185 commented on Sep 25, 2024 • 0 new comments

• [IAzure Logs]: Integration eats up memory and dies

  #11056 commented on Sep 25, 2024 • 0 new comments

• [New Integration] Vertex AI

  #10856 commented on Sep 25, 2024 • 0 new comments

• Update integration to include deployment mode

  #10847 commented on Sep 25, 2024 • 0 new comments

• [LogsDB] [Stack 8.16.0-SNAPSHOT] [cisco_ios] Failing test daily: pipeline test: test-asr920.log in cisco_ios.log

  #11071 commented on Sep 26, 2024 • 0 new comments

• [LogsDB] [Stack 8.16.0-SNAPSHOT] [cisco_ios] Failing test daily: pipeline test: test-cisco-ios.log in cisco_ios.log

  #11072 commented on Sep 26, 2024 • 0 new comments

• [LogsDB] [Stack 8.16.0-SNAPSHOT] [cyberarkpas] Failing test daily: system test: tls in cyberarkpas.audit

  #11075 commented on Sep 26, 2024 • 0 new comments

• [LogsDB] [Stack 8.16.0-SNAPSHOT] [kibana] Failing test daily: system test: default (variant: kibana_8.10.0) in kibana.audit

  #11130 commented on Sep 26, 2024 • 0 new comments

• [LogsDB] [Stack 8.16.0-SNAPSHOT] [mongodb_atlas] Failing test daily: system test: (elastic-agent logs - default) in mongodb_atlas.process

  #11077 commented on Sep 26, 2024 • 0 new comments

• [LogsDB] [Stack 8.16.0-SNAPSHOT] [mongodb_atlas] Failing test daily: system test: (elastic-agent logs - default) in mongodb_atlas.hardware

  #11076 commented on Sep 26, 2024 • 0 new comments

• [LogsDB] [Stack 8.16.0-SNAPSHOT] [sophos] Failing test daily: pipeline test: test-sophos-18-5-firewall.log in sophos.xg

  #11083 commented on Sep 26, 2024 • 0 new comments

• [LogsDB] [Stack 8.16.0-SNAPSHOT] [sophos] Failing test daily: pipeline test: test-sophos-xg.log in sophos.xg

  #11084 commented on Sep 26, 2024 • 0 new comments

• [Mimecast]Add support for Brand Exploit Protect alerts

  #11161 commented on Sep 26, 2024 • 0 new comments

• [Mimecast]Add support for Cloud Integrated Logs

  #11160 commented on Sep 26, 2024 • 0 new comments

• Make sure that main ECS fields are mapped in the Elastic Agent integration

  #8252 commented on Sep 26, 2024 • 0 new comments

• [Stack 8.16.0-SNAPSHOT] [cisco_ios] Failing test daily: pipeline test: test-asr920.log in cisco_ios.log

  #10903 commented on Sep 27, 2024 • 0 new comments

• [Stack 8.16.0-SNAPSHOT] [cisco_ios] Failing test daily: pipeline test: test-cisco-ios.log in cisco_ios.log

  #10904 commented on Sep 27, 2024 • 0 new comments

• [Stack 8.16.0-SNAPSHOT] [cloudflare] Failing test daily: system test: cursor in cloudflare.logpull

  #10872 commented on Sep 27, 2024 • 0 new comments