217 Pull requests merged by 63 people

• GA microsoft_dnsserver integration

  #11269 merged Sep 27, 2024

• [checkpoint] Drop support for EOL OS version R80.X

  #11263 merged Sep 27, 2024

• Migrate security service packages to GA

  #11210 merged Sep 27, 2024

• [vSphere] Add SSL/TLS support for tcp input in log data stream

  #11061 merged Sep 27, 2024

• Add related.entity to cloudtrail integration

  #11115 merged Sep 27, 2024

• f5_bigip: url decode user agent strings

  #11222 merged Sep 27, 2024

• Rename the ingestion-team

  #11228 merged Sep 27, 2024

• [carbon_black_cloud] Fix alert_v7 CEL pagination logic

  #11259 merged Sep 27, 2024

• [cisco_ftd] Fix parsing issues with message IDs 210007, 305013, and 302023

  #11257 merged Sep 26, 2024

• [AWS] Update integration name to Amazon Bedrock

  #11256 merged Sep 26, 2024

• [vSphere] Release new integration version.

  #11255 merged Sep 26, 2024

• [vSphere] Update README and fix Resourcepool datastream TSDB

  #11242 merged Sep 26, 2024

• [Azure docs] Clarify generic vs specialized integrations

  #11232 merged Sep 26, 2024

• [google_workspace]: Remove link to unpublished security-labs blog from README.

  #11216 merged Sep 26, 2024

• Update tests using journalctl tool to start a custom independent agent

  #11186 merged Sep 26, 2024

• [ti_*] Fix labels.is_ioc_transform_source values

  #11231 merged Sep 26, 2024

• [Kubernetes] Fix Overview dashboard Kibana id

  #11243 merged Sep 26, 2024

• forgerock: fix handling of query time ranges

  #11240 merged Sep 26, 2024

• carbon_black_cloud: fix timestamp type when using cursor value

  #11221 merged Sep 26, 2024

• Add condition field to Keycloak log datastream

  #11213 merged Sep 26, 2024

• qualys_vmdr: retain event.original as json

  #11248 merged Sep 26, 2024

• [Azure] Application Gateway WAF: add event.reason

  #10007 merged Sep 25, 2024

• [CI] Update find oldest supported script

  #11227 merged Sep 25, 2024

• [vSphere] Filter alerts and warnings from triggered alarms.

  #11230 merged Sep 25, 2024

• o365,sentinel_one_cloud_funnel,sysmon_linux,system,windows: tighten ipv4 extraction

  #11052 merged Sep 25, 2024

• [pfsense] Add SNORT log processing

  #11182 merged Sep 24, 2024

• [fortinet_fortimanager] Add more ECS fields mappings

  #11237 merged Sep 24, 2024

• [squid] Add dashboard, improve documentation, GA integration

  #11145 merged Sep 24, 2024

• [vSphere][network] fix issue with TSDB network name

  #11229 merged Sep 24, 2024

• Docker: bump package-spec version to 3.2.2

  #11196 merged Sep 24, 2024

• [Kubernetes] Use filestream fingerprint mode by default for container_logs datastream

  #11212 merged Sep 24, 2024

• [automation] Update packages in .github/ISSUE_TEMPLATE/integration_bug.yml

  #11223 merged Sep 24, 2024

• all: fix sample_event.json final newlines

  #11174 merged Sep 23, 2024

• [netflow]: Append all ip addresses found to the related.ip field.

  #11193 merged Sep 23, 2024

• cisco_aironet: add ECS mapping for destination.port

  #11103 merged Sep 23, 2024

• [vSphere][network] Create network datastream

  #10993 merged Sep 23, 2024

• [automation] Update packages in .github/ISSUE_TEMPLATE/integration_bug.yml

  #11206 merged Sep 23, 2024

• Remove event.original removal processors (integrations AWS & Azure)

  #10888 merged Sep 23, 2024

• [vSphere][datastorecluster] Add new Datastream Datastore Cluster

  #11089 merged Sep 22, 2024

• [crowdstrike] Add Support of IDP and EPP Alert Fields

  #11135 merged Sep 20, 2024

• [kubernetes OTEL] Add kubernetes OTEL package

  #11137 merged Sep 20, 2024

• azure storage account: fix capacity and count metrics visualizations in the all dashboards

  #11120 merged Sep 20, 2024

• [vSphere][virtualmachine] Add support for additional metrics

  #10942 merged Sep 20, 2024

• [automation] Update packages in .github/ISSUE_TEMPLATE/integration_bug.yml

  #11194 merged Sep 20, 2024

• carbon_black_cloud: ensure alert search range is a valid temporal ordering

  #11149 merged Sep 19, 2024

• Update README for packages with ML Modules to ensure naming is consistent

  #11165 merged Sep 19, 2024

• [vSphere] Add new resourcepool datatastream

  #10996 merged Sep 19, 2024

• [stormshield] Fix timestamp fields, move stormshield.msg to message

  #11177 merged Sep 19, 2024

• [vSphere] Add new cluster datatastream

  #10949 merged Sep 19, 2024

• [Cloud Security] add misconfiguration latest transform to Wiz integration

  #10965 merged Sep 19, 2024

• [vSphere][datastore] Add support for additional metrics

  #10911 merged Sep 19, 2024

• [vSphere][host] Add support for new metrics in Host datastream

  #10894 merged Sep 19, 2024

• Rename AWS Bedrock integration as Amazon Bedrock

  #11184 merged Sep 19, 2024

• [CI] Add support for running tests with stack 9.0.0

  #11138 merged Sep 19, 2024

• azure metrics: add list of supported databases and namespaces

  #11118 merged Sep 19, 2024

• Update the Custom Logs integration to package spec V3.1.5

  #11181 merged Sep 19, 2024

• crowdstrike: temporarily reinstate fields/ecs.yml

  #11147 merged Sep 19, 2024

• [automation] Update packages in .github/ISSUE_TEMPLATE/integration_bug.yml

  #11183 merged Sep 19, 2024

• GA Deployment and Devices integrations

  #11157 merged Sep 18, 2024

• [Cloud Security][Asset Inventory] update manifest and changelog

  #11173 merged Sep 18, 2024

• [Cloud Security][Asset Inventory] Add template variables to all input streams

  #11167 merged Sep 18, 2024

• system: add ECS field host.os.version

  #11106 merged Sep 18, 2024

• [automation] Update packages in .github/ISSUE_TEMPLATE/integration_bug.yml

  #11166 merged Sep 18, 2024

• Initial release of Custom Threat Intelligence

  #11066 merged Sep 18, 2024

• vsphere: Add support for processors in datastore, host and virtualmachine

  #10664 merged Sep 18, 2024

• [PostgreSQL] Enhance grok pattern

  #10412 merged Sep 18, 2024

• Initial Release of Sysdig Secure Integration

  #10841 merged Sep 17, 2024

• [Security Rules] Update security rules package to v8.15.5

  #11156 merged Sep 17, 2024

• [Security Rules] Update security rules package to v8.14.11

  #11155 merged Sep 17, 2024

• [Security Rules] Update security rules package to v8.13.17

  #11154 merged Sep 17, 2024

• [Security Rules] Update security rules package to v8.12.22

  #11153 merged Sep 17, 2024

• [osquery_manager] Upgrade osquery to 5.13.1

  #11146 merged Sep 17, 2024

• [Security Rules] Update security rules package to v8.12.22-beta.1

  #11139 merged Sep 17, 2024

• [CI] [backport-security_detection_engine-8.12] Remove mage install deps

  #11152 merged Sep 17, 2024

• [CI] Remove dependencies from with_mage

  #11143 merged Sep 17, 2024

• graphactivitylogs: Fix client|source.geo.location mapping

  #11102 merged Sep 17, 2024

• [CI] Update updatecli configuration for 8.x SNAPSHOT

  #11129 merged Sep 17, 2024

• Bump github.com/cli/go-gh/v2 from 2.9.0 to 2.10.0

  #11136 merged Sep 17, 2024

• [automation] Update packages in .github/ISSUE_TEMPLATE/integration_bug.yml

  #11151 merged Sep 17, 2024

• cloudflare_logpush: retain firewall event zone names

  #11132 merged Sep 16, 2024

• crowdstrike: map command line fields as multi-fields with match_only_text

  #11012 merged Sep 16, 2024

• [pfsense] Fix firewall ICMPv6 message parsing error

  #11144 merged Sep 16, 2024

• Elastic connector integration

  #10898 merged Sep 16, 2024

• [Security Rules] Update security rules package to v8.14.11-beta.1

  #11141 merged Sep 16, 2024

• [Security Rules] Update security rules package to v8.15.5-beta.1

  #11142 merged Sep 16, 2024

• [Security Rules] Update security rules package to v8.13.17-beta.1

  #11140 merged Sep 16, 2024

• Switch to PAT generated token

  #10614 merged Sep 16, 2024

• add changelog entry from backported 1.8.1 version of Wiz

  #11127 merged Sep 16, 2024

• [Cloud Security][Asset Inventory] Restore Azure and GCP streams for ^8.16

  #11125 merged Sep 16, 2024

• [CI] Fix script that retrieves oldest supported version

  #11126 merged Sep 16, 2024

• add missing fields gcp audit logs

  #10886 merged Sep 16, 2024

• Set vulnerability ECS field based on Qualys data

  #11100 merged Sep 16, 2024

• m365_defender: fix assignment of windows os identity and posix hosts

  #10953 merged Sep 16, 2024

• [automation] Update packages in .github/ISSUE_TEMPLATE/integration_bug.yml

  #11134 merged Sep 16, 2024

• [jamf_pro] Various minor improvements and fixes

  #11065 merged Sep 15, 2024

• crowdstrike: fix mapping for assessment events and aip handling

  #11023 merged Sep 13, 2024

• [New Integration] ProxySG

  #10459 merged Sep 13, 2024

• google_scc: fix field name typo

  #11053 merged Sep 13, 2024

• fix 'got types.Null, expected iterable type' error

  #11124 merged Sep 13, 2024

• entityanalytics_okta: map group fields and add test infrastructure

  #10973 merged Sep 13, 2024

• Update changelog and manifest for 10984

  #11123 merged Sep 13, 2024

• cyberarkpas: improve efficiency of event.duration calculation

  #11011 merged Sep 13, 2024

• claroty_ctd: fix replacement configuration

  #11093 merged Sep 13, 2024

• tenable_io: fix flakey test and timestamp handling

  #10940 merged Sep 13, 2024

• [Cloud Security] fix 'got types.Null, expected iterable type' error

  #11098 merged Sep 13, 2024

• [DOCS] Add new section on Azure Functions hosting plans

  #10984 merged Sep 13, 2024

• [citrix_adc] Improve handling of SSLVPN Message

  #11121 merged Sep 12, 2024

• [updatecli] Update 7.x snapshot to 7.17.25-SNAPSHOT

  #11107 merged Sep 12, 2024

• Fix powershell error on events 40961 and 40962

  #10792 merged Sep 12, 2024

• Bump github.com/elastic/package-registry from 1.24.1 to 1.25.0

  #11097 merged Sep 12, 2024

• Add Latest Transform - Wiz Vulnerabilities

  #10895 merged Sep 12, 2024

• [Citrix ADC] Update code-owner for logs and metrics data stream

  #11064 merged Sep 12, 2024

• [Enhancement] Improve S1 Cloud Funnel Process Events compatibility

  #11019 merged Sep 11, 2024

• entityanalytics_entra_id: add support for request trace logging

  #10765 merged Sep 11, 2024

• sentinel_one: document alert data stream environment limitation

  #11036 merged Sep 11, 2024

• aws_bedrock: support newer guardrails data structure

  #11021 merged Sep 11, 2024

• [Cloud Security] change secret value for gcp json blob to true

  #10479 merged Sep 11, 2024

• mergify: replace queue action for queue_rules

  #11095 merged Sep 11, 2024

• [falco] Adjust Falco events to work with External Alerts rule

  #11051 merged Sep 11, 2024

• [Cloudflare Logpush] Support JA4 fields for HTTP requests

  #10991 merged Sep 11, 2024

• [ti_crowdstrike] Fix intel pagination bug due to cursor formatting

  #11063 merged Sep 11, 2024

• [Santa] Add support for team ID field

  #11048 merged Sep 11, 2024

• [Cloud Security][Assets Inventory] Remove GCP/Azure for kibana 8.15.0

  #11091 merged Sep 11, 2024

• [automation] Update packages in .github/ISSUE_TEMPLATE/integration_bug.yml

  #11070 merged Sep 11, 2024

• [google_workspace] handle json.id.time missing

  #11068 merged Sep 11, 2024

• [carbon_black_cloud] Return full state in CEL program results

  #11046 merged Sep 10, 2024

• Initial Release of Jamf Pro Integration

  #10470 merged Sep 10, 2024

• Enable creation of issues in LogsDB daily

  #11047 merged Sep 10, 2024

• Bump github.com/elastic/elastic-package from 0.103.0 to 0.104.0

  #11057 merged Sep 10, 2024

• Bump golang.org/x/tools from 0.24.0 to 0.25.0

  #11058 merged Sep 10, 2024

• [squid] Enhance mappings and add geoip enrichments

  #10992 merged Sep 10, 2024

• [Cloud Security][Assets Inventory] Add GCP policy template

  #10976 merged Sep 10, 2024

• Provide support of configuring ignore_older events in apache access-logs

  #10809 merged Sep 10, 2024

• [prometheus] [collector] Add missing ssl params

  #10840 merged Sep 10, 2024

• [Kubernetes] Add both pod.{cpu,memory}.usage.node.pct and pod.{cpu,memory}.usage.limit.pct metrics to the Overview dashboard

  #10593 merged Sep 10, 2024

• Fix AWS cloudfront log parsing

  #10216 merged Sep 10, 2024

• bitdefender: ensure remediation actions are correlated with their file paths

  #11013 merged Sep 10, 2024

• [fortinet_fortigate] Fix TLS parsing bug

  #11033 merged Sep 9, 2024

• Bump updatecli/updatecli-action from 2.66.0 to 2.67.0

  #11044 merged Sep 9, 2024

• [checkpoint] Improve normalization of user.name field

  #10896 merged Sep 9, 2024

• Add link to public docs from README

  #11045 merged Sep 9, 2024

• [Cloud Security] add observer.vendor field mappings

  #11030 merged Sep 9, 2024

• add PR link to 1.10.1 changelog

  #11042 merged Sep 9, 2024

• [Cloud Security] add backported 1.10.1 version changelog entry to main

  #11041 merged Sep 9, 2024

• [zscaler_zia] Improve data processing in the web pipeline

  #10968 merged Sep 9, 2024

• [proofpoint_on_demand] Adapt definitions of nested subfields

  #11031 merged Sep 9, 2024

• Fix IPv6 cleanup

  #10801 merged Sep 9, 2024

• [Cloud Security] Add host name to Wiz vulnerability data stream

  #10997 merged Sep 9, 2024

• [Cloud Security ]add observer.vendor to cloud_security_posture package version 1.10

  #11017 merged Sep 9, 2024

• f5_bigip: Fix ASM script processor when event.original is absent.

  #11027 merged Sep 9, 2024

• [automation] Update packages in .github/ISSUE_TEMPLATE/integration_bug.yml

  #11037 merged Sep 9, 2024

• [symantec_endpoint_security] Fix null check conditions

  #11029 merged Sep 8, 2024

• [CI] Fix call to testsreporter check

  #11028 merged Sep 6, 2024

• Refactor testsreporter tool

  #11026 merged Sep 6, 2024

• Fix skipping Authentication Pipeline in panw panos Integration

  #10803 merged Sep 6, 2024

• Adapt definitions of nested subfields to current Fleet implementation

  #11016 merged Sep 6, 2024

• [Cloud Security] add observer.vendor to cloud_security_posture

  #10945 merged Sep 6, 2024

• [automation] Update packages in .github/ISSUE_TEMPLATE/integration_bug.yml

  #11024 merged Sep 6, 2024

• [first_epss] New integration

  #10758 merged Sep 6, 2024

• [claroty_ctd] Initial release of the Claroty CTD

  #10737 merged Sep 5, 2024

• [cisco_ios] Handle timestamp starting with the year such as 'yyyy MMM d HH:mm:ss.SSS z'

  #10916 merged Sep 5, 2024

• Bump github.com/elastic/elastic-package from 0.102.0 to 0.103.0

  #11006 merged Sep 5, 2024

• [CI] Enable wolfi images in CI except weekly builds

  #10969 merged Sep 5, 2024

• Update packages to use Elastic Agent images based on Ubuntu

  #11007 merged Sep 5, 2024

• Fix missing field in transforms of ti packages

  #11008 merged Sep 5, 2024

• [Exchange Server] Add conditional override when from address differs from sender address & minor enhancements

  #11002 merged Sep 5, 2024

• [jamf_protect] Set host.name, improve dashboards

  #10931 merged Sep 5, 2024

• [cisco_ios] Remove pipeline test files

  #11010 merged Sep 4, 2024

• infoblox_nios: fix handling of MARK log entries

  #10925 merged Sep 4, 2024

• entityanalytics_ad: format SID and GUID in canonical formats

  #10923 merged Sep 4, 2024

• Bump github.com/elastic/package-registry from 1.24.0 to 1.24.1

  #11004 merged Sep 4, 2024

• Add daily build with logsdb enabled

  #11001 merged Sep 4, 2024

• [ti_mandiant_advantage] Add optional extra fields

  #10957 merged Sep 4, 2024

• Defender answers bug

  #10947 merged Sep 4, 2024

• [oracle] Add support to run system tests with Elastic Agent images based on Wolfi

  #10943 merged Sep 4, 2024

• [AWS Bedrock] Add Field to hold LLM text model response value in human readable format for selected LLM models

  #10939 merged Sep 4, 2024

• gitlab: make path configuration consistent

  #10994 merged Sep 4, 2024

• [abnormal_security] Update data-collection to handle empty threats

  #10986 merged Sep 4, 2024

• [qualys_vmdr] Rename and convert fields. Lower case cloud.provider

  #10966 merged Sep 3, 2024

• Update windows integration package spec to v3

  #10781 merged Sep 3, 2024

• [Security Rules] Update security rules package to v8.15.4

  #10990 merged Sep 3, 2024

• [Security Rules] Update security rules package to v8.14.10

  #10989 merged Sep 3, 2024

• [Security Rules] Update security rules package to v8.13.16

  #10988 merged Sep 3, 2024

• [Security Rules] Update security rules package to v8.12.21

  #10987 merged Sep 3, 2024

• [Security Rules] Update security rules package to v8.15.4-beta.1

  #10983 merged Sep 3, 2024

• [Security Rules] Update security rules package to v8.14.10-beta.1

  #10981 merged Sep 3, 2024

• [Security Rules] Update security rules package to v8.13.16-beta.1

  #10980 merged Sep 3, 2024

• [Security Rules] Update security rules package to v8.12.21-beta.1

  #10982 merged Sep 3, 2024

• Remove event.original removal processors (integrations B* to C*)

  #10897 merged Sep 3, 2024

• [Cloud Security] Deprecate vulnerability data views

  #10913 merged Sep 3, 2024

• [Nginx_ingress_controller] fix nginx_ingress_controller.access.remote_ip_list field mapping

  #10921 merged Sep 2, 2024

• [automation] Update packages in .github/ISSUE_TEMPLATE/integration_bug.yml

  #10954 merged Sep 2, 2024

• jamf_protect: fix up dashboard filters

  #10927 merged Sep 1, 2024

• [cisco_ios] Fix CISCO-IOS integration failed to parse logs coming from different application versions

  #10948 merged Aug 30, 2024

• Zeek known certs grok fix

  #10793 merged Aug 30, 2024

• Adding missing fields in the status metricset of the kibana integration

  #10944 merged Aug 30, 2024

• Add event.module to network_traffic integration

  #10800 merged Aug 30, 2024

• [m365_defender] Fix dashboard filters to look for correct event.severity values.

  #10810 merged Aug 30, 2024

• [Cloud Security] Add Cloud Configuration Finding dashboard screenshot reference to the manifest

  #10936 merged Aug 30, 2024

• packages/microsoft_sqlserver: Update documentation

  #10915 merged Aug 30, 2024

• packages/microsoft_sqlserver: Fix HEALTHCHECK

  #10899 merged Aug 30, 2024

• [CI] Enable updatecli targets for weekly pipeline

  #10932 merged Aug 30, 2024

• wiz: fix result.evaluation to be lowercased in cloud_configuration_finding

  #10914 merged Aug 30, 2024

• [authentik] Initial release of the authentik

  #10851 merged Aug 30, 2024

• [citrix-adc logs]: Add native_timestamp format

  #10928 merged Aug 30, 2024

• okta: allow user configuration of debug_data flattened use

  #9868 merged Aug 29, 2024

• [automation] Update packages in .github/ISSUE_TEMPLATE/integration_bug.yml

  #10935 merged Aug 29, 2024

• [ci] automate updates to .github/ISSUE_TEMPLATE/integration_bug.yml

  #10924 merged Aug 29, 2024

• [sublime_security] Initial release of the sublime security

  #10805 merged Aug 29, 2024

• gigamon: Update package description and cleanup

  #10879 merged Aug 29, 2024

• [CI] Add weekly job to test packages with Ubuntu Elastic Agent docker image

  #10844 merged Aug 29, 2024

• [citrix_adc] Handle time zone parsing in sslvpn_and_aaatm_feature pipeline

  #10846 merged Aug 28, 2024

• [k8s Integratiion] Adding container.id as filter of Cluster Overview and removing median filter occurencies

  #10893 merged Aug 28, 2024

• [squid] Rewrite squid integration

  #10882 merged Aug 28, 2024

• [Crowdstrike] Fix handling of event.created and timestamp fields for FDR events

  #10862 merged Aug 28, 2024

• Update Wiz vuln data stream for CDR

  #10892 merged Aug 28, 2024

• zscaler_zia: Remove department field and fix parsing errors in web logs

  #10874 merged Aug 28, 2024

53 Pull requests opened by 35 people

• [Draft] K8s otel overview dashboard

  #10910 opened Aug 28, 2024

• [cisco_asa] Fix Event code 106023 - Source/Destination IP not being parsed into respective source.ip or destination.ip field when interface nameif has a full colon (:)

  #10917 opened Aug 28, 2024

• Enhancement: Rename Desconnections to Disconnections

  #10934 opened Aug 29, 2024

• Enhancement: Add visualizations for data tier capacity

  #10937 opened Aug 29, 2024

• [Logstash] Add guard against missing elements in `codec` payload

  #10938 opened Aug 29, 2024

• entityanalytics_ad: expose attribute selection configuration

  #10955 opened Sep 2, 2024

• [Enhancement] Improve Sysmon Library Events compatibility

  #10967 opened Sep 2, 2024

• Enhancement - Endace Integration v0.1.0

  #10995 opened Sep 4, 2024

• Test elastic-package#2081 - DO NOT MERGE

  #11009 opened Sep 4, 2024

• [Enhancement] Add ".caseless" fields to MDE process events

  #11020 opened Sep 5, 2024

• [netflow] add workers option

  #11025 opened Sep 6, 2024

• Test elastic-package#2063 - DO NOT MERGE

  #11032 opened Sep 6, 2024

• Test elastic-package#2090 - DO NOT MERGE

  #11043 opened Sep 9, 2024

• Test PR - trigger sonar - Do not merge

  #11054 opened Sep 10, 2024

• Test elastic-package#2087 - DO NOT MERGE

  #11055 opened Sep 10, 2024

• Populate missing community_id attributes for Cisco and Sophos devices

  #11067 opened Sep 10, 2024

• Cisco Meraki metrics package [WIP]

  #11069 opened Sep 10, 2024

• [panw_metrics] Add Palo Alto Networks metrics integration

  #11099 opened Sep 11, 2024

• azure logs: add ECS mapping for event.duration

  #11104 opened Sep 11, 2024

• cisco_aironet: add ECS mapping for event.severity

  #11105 opened Sep 11, 2024

• aws: improve error.message and add event.kind:pipeline_error for pipeline errors

  #11112 opened Sep 12, 2024

• [okta] Enable Agentless deployment

  #11116 opened Sep 12, 2024

• Add a Caveats section to the ecs@mappings migration guide

  #11148 opened Sep 16, 2024

• aws.securityhub_findings: Improve support for CDR

  #11158 opened Sep 17, 2024

• Sysdig Compliance Data Streams

  #11162 opened Sep 17, 2024

• [TEST] Remove empty line in README

  #11170 opened Sep 18, 2024

• [Kubernetes] Include kubeadm parameter

  #11187 opened Sep 19, 2024

• [cisco_asa] Remove test for missing message_id

  #11191 opened Sep 19, 2024

• [cisco_ftd] Fix grok failure with username with spaces on ftd messageID.

  #11198 opened Sep 20, 2024

• [Cisco Duo] Integration updates

  #11200 opened Sep 20, 2024

• Feature 5255 aruba qcorp

  #11201 opened Sep 20, 2024

• [custom_ti] Add support for basic authentication

  #11202 opened Sep 20, 2024

• [Cloud Security] Added deployment_mode and properties CSPM, Elastic Connector

  #11203 opened Sep 20, 2024

• [New Integration] Envoyproxy

  #11215 opened Sep 23, 2024

• Add in technique.name field to the transform. Remove milliseconds from TQL query.

  #11217 opened Sep 23, 2024

• forgerock: fix handling of idm_core object payloads

  #11219 opened Sep 23, 2024

• GCP Vertex AI LLM Integration

  #11225 opened Sep 24, 2024

• Add related.entity field to azure activitylogs default ingest pipeline

  #11233 opened Sep 24, 2024

• [GitLab] Add sidekiq and pages datastreams

  #11234 opened Sep 24, 2024

• [Cloud Security] enable asset inventory package to support agentless

  #11238 opened Sep 24, 2024

• Add aws.firehose.arn, aws.firehose.request_id and aws.metrics_names_fingerprint fields

  #11239 opened Sep 24, 2024

• [AWS Bedrock] Editing for GA

  #11244 opened Sep 25, 2024

• Cloudtrail add origin and target

  #11245 opened Sep 25, 2024

• [Elastic Agent] Add data retention policy of 30d to all data streams

  #11246 opened Sep 25, 2024

• [POC] Deployment mode for CSPM

  #11247 opened Sep 25, 2024

• [windows] Windows Defender Data stream overhaul to GA

  #11249 opened Sep 25, 2024

• [Cloud Security][Cloud Security Posture] Update kibana condition

  #11252 opened Sep 26, 2024

• [POC] Nginx otel integration with OTEL Templates

  #11253 opened Sep 26, 2024

• [Salesforce] Editing for GA

  #11254 opened Sep 26, 2024

• [citrix_adc] Make date/time format configurable

  #11258 opened Sep 26, 2024

• Remove major snapshots check find oldest script

  #11265 opened Sep 27, 2024

• [Elastic Connectors] Add index name as input var

  #11267 opened Sep 27, 2024

• [Cloud Security] Updating the CSPM integration with deployment_mode and secrets

  #11271 opened Sep 27, 2024

105 Issues closed by 33 people

• Migrate security service integrations to GA

  #11197 closed Sep 27, 2024

• F5 BIG-IP - url decode user_agent fields

  #11211 closed Sep 27, 2024

• Pipeline Errors Daily

  #10478 closed Sep 26, 2024

• [ti_*] IOC transform destinations incorrectly marked as sources

  #11208 closed Sep 26, 2024

• [Kubernetes]: Overview dashboard id changed

  #11241 closed Sep 26, 2024

• [forgerock]: agent does not keep time stamp ranges within API requirements

  #11220 closed Sep 26, 2024

• [Azure] Update sanitization logic

  #10089 closed Sep 26, 2024

• Duplication of Categories

  #5755 closed Sep 25, 2024

• [pfSense] SNORT log processing

  #10558 closed Sep 24, 2024

• GA Security Integrations for Deployment and Devices

  #11005 closed Sep 24, 2024

• [squid] Follow up items for Squid rewrite

  #10920 closed Sep 24, 2024

• [Azure docs] Add firewall documentation for azure-eventhub based integrations

  #9157 closed Sep 24, 2024

• [Keycloak] Integration missing GeoIP processor

  #11179 closed Sep 24, 2024

• [iptables.log] Ingest pipeline errors for SPT=0 or DPT=0

  #10095 closed Sep 24, 2024

• [fortinet_fortigate]: pipeline-error cannot access method/field from a null def reference

  #10912 closed Sep 24, 2024

• Field formats specified in package not being applied in data view

  #2886 closed Sep 24, 2024

• NetFlow Records Integration: Append Network Address Translation IP fields to related.ip

  #9202 closed Sep 23, 2024

• [panw] System tests using Logstash for ingest only write one event per data stream

  #8530 closed Sep 23, 2024

• [f5][ASM] HTTP endpoint messages end up under json field

  #10543 closed Sep 19, 2024

• [Zscaler] Sandbox Report Support

  #9958 closed Sep 19, 2024

• [Zscaler] Audit log support

  #9959 closed Sep 19, 2024

• Update log integration to 3.0 format

  #11176 closed Sep 19, 2024

• File Integrity Integration - Can't save .SLDASM file from Solidworks to a monitored path

  #6371 closed Sep 18, 2024

• [fortinet_fortigate] Adjust firewall field names to match ECS guidelines

  #10475 closed Sep 18, 2024

• Service Bringup for Integrations Test Environment

  #5489 closed Sep 18, 2024

• Custom Threat Intelligence Package

  #4710 closed Sep 18, 2024

• [PostgreSQL] Grok pattern Failure

  #9568 closed Sep 18, 2024

• [O11y][PostgreSQL] Grok failure due to custom logs

  #10779 closed Sep 18, 2024

• [Cloudflare Logpush]: Firewall_event datastream is missing the cloudflare zone field

  #11113 closed Sep 16, 2024

• [Crowdstrike FDR] The Field crowdstrike.CommandHistory should be explicitly mapped as both keyword and match_only_text

  #10946 closed Sep 16, 2024

• [pfSense] Firewall ICMPv6 message parsing error

  #10687 closed Sep 16, 2024

• [Proposal] Fleet Go Client

  #800 closed Sep 16, 2024

• Integrations using (deprecated)log input

  #5578 closed Sep 16, 2024

• [crowdstrike.fdr]: Handle empty string in crowdstrike.aip

  #11050 closed Sep 13, 2024

• [crowdstrike.fdr]: Handle ZeroTrustHostAssessment event type

  #11022 closed Sep 13, 2024

• [New Integration] Blue Coat ProxySG

  #9511 closed Sep 13, 2024

• [New Integration] Service Now CMDB

  #11122 closed Sep 13, 2024

• [entityanalytics_okta.user] Add mappings for group metadata

  #10096 closed Sep 13, 2024

• [CyberArk PAS] `logs-cyberarkpas.audit` Script for converting field to duration is slow

  #8307 closed Sep 13, 2024

• [Stack 8.16.0-SNAPSHOT] [claroty_ctd] Failing test daily: system test: udp in claroty_ctd.event

  #11035 closed Sep 13, 2024

• [Stack 8.16.0-SNAPSHOT] [claroty_ctd] Failing test daily: system test: tcp in claroty_ctd.event

  #11034 closed Sep 13, 2024

• [Stack 8.15.0-SNAPSHOT] [tenable_io] Failing test daily: system test: (elastic-agent logs) in tenable_io.plugin

  #10370 closed Sep 13, 2024

• [Stack 8.16.0-SNAPSHOT] [tenable_io] Failing test daily: system test: (elastic-agent logs - default) in tenable_io.plugin

  #10626 closed Sep 13, 2024

• [Azure docs] Document hosting plans for Azure Functions metrics

  #9010 closed Sep 13, 2024

• [Windows]: Powershell Operational events pipeline_error

  #10891 closed Sep 12, 2024

• entityanalytics_{okta,entra_id} - Add request tracer config option for 8.15

  #10498 closed Sep 11, 2024

• [SentinelOne]: sentinel_one.alerts dataset not supported by on-premise console

  #11015 closed Sep 11, 2024

• [AWS Bedrock]: Field Mapping Issues

  #11014 closed Sep 11, 2024

• [New Integration] Jamf Pro

  #10026 closed Sep 10, 2024

• [Squid Proxy]: Parsing Regression noticed on version 0.20.0

  #10951 closed Sep 10, 2024

• [Custom STIX]Create dashboards to visualize ingested STIX data, add documentation and verify compatibility with indicator match rules

  #10734 closed Sep 10, 2024

• [Kubernetes] Cluster overview dashboard: fix `Top CPU intensive pods` and `Top memory intensive pods` charts

  #10522 closed Sep 10, 2024

• [SLO] POC SLOs with Nginx Integration

  #10467 closed Sep 10, 2024

• [Check Point] Improve normalisation of user.name field

  #10191 closed Sep 9, 2024

• [Windows system.security] IPv6 gsub causes invalid IPs

  #9650 closed Sep 9, 2024

• [Stack 8.16.0-SNAPSHOT] [prisma_access] Failing test daily: pipeline test: test-event.json in prisma_access.event

  #10649 closed Sep 9, 2024

• [Qualys VMDR] qualys_vmdr.asset_host_detection.list.is_disabled does not Exist

  #9998 closed Sep 7, 2024

• [Stack 8.15.0-SNAPSHOT] [zscaler_zia] Failing test daily: pipeline test: test-web-http-endpoint.log in zscaler_zia.web

  #10465 closed Sep 6, 2024

• [Stack 8.16.0-SNAPSHOT] [f5_bigip] Failing test daily: pipeline test: test-pipeline-bigip-asm.log in f5_bigip.log

  #10621 closed Sep 6, 2024

• [Stack 8.15.0-SNAPSHOT] [zscaler_zia] Failing test daily: pipeline test: test-web.log in zscaler_zia.web

  #10466 closed Sep 6, 2024

• [Stack 8.16.0-SNAPSHOT] [zscaler_zia] Failing test daily: pipeline test: test-sandbox.log in zscaler_zia.sandbox_report

  #10628 closed Sep 6, 2024

• [cisco_ios]: Grok parser does not match

  #10909 closed Sep 5, 2024

• [zscaler_zia] Regenerating sample event files yields invalid sample events

  #4044 closed Sep 5, 2024

• [Pause] Identify integration fields lists that rely on ordering and duplication

  #10900 closed Sep 5, 2024

• [apache_tomcat] [microsoft_sqlserver] [stan] Errors when testing with Elastic Agent wolfi images

  #10999 closed Sep 5, 2024

• [system_audit] Errors when testing with Elastic Agent wolfi images

  #11000 closed Sep 5, 2024

• [iptables] [journald] Errors when testing with Elastic Agent wolfi images

  #10998 closed Sep 5, 2024

• [AWS] TransitGateway reporting duplicate metrics

  #5458 closed Sep 5, 2024

• [infoblox_nios]: error.messages

  #10918 closed Sep 4, 2024

• [ti_mandiant_advantage] Allow including is_publishable, misp, campaigns, and reports

  #10650 closed Sep 4, 2024

• AWS Cloudwatch is indexing data in the wrong data stream

  #5467 closed Sep 4, 2024

• Integrations bringup for Test Environment

  #5490 closed Sep 4, 2024

• [AWS Bedrock] Add dashboard filter

  #10873 closed Sep 4, 2024

• [AWS Bedrock] Store stream (text) output in a string format.

  #10875 closed Sep 4, 2024

• Stack bringup for Integrations Test Environemnt

  #5488 closed Sep 4, 2024

• GitLab Integration has inconsistent option menus

  #10929 closed Sep 4, 2024

• [Stack 8.16.0-SNAPSHOT] [iptables] Failing test daily: system test: journald in iptables.log

  #10950 closed Sep 4, 2024

• [Serverless observability] [azure_openai] Failing test daily: pipeline test: test-open-ai-gateway.log in azure_openai.logs

  #10486 closed Sep 4, 2024

• [Serverless security] [azure_openai] Failing test daily: pipeline test: test-open-ai-gateway.log in azure_openai.logs

  #10487 closed Sep 4, 2024

• [Stack 8.15.0-SNAPSHOT] [ti_crowdstrike] Failing test daily: system test: (elastic-agent logs) in ti_crowdstrike.intel

  #10371 closed Sep 4, 2024

• [Stack 8.16.0-SNAPSHOT] [ti_crowdstrike] Failing test daily: system test: (elastic-agent logs - default) in ti_crowdstrike.intel

  #10627 closed Sep 4, 2024

• [docs] Document "raw" fields for users who want to apply processors

  #5481 closed Sep 3, 2024

• Migrate `windows` integration to package spec v3

  #10274 closed Sep 3, 2024

• [Network Packet Capture]: No more GeoIP resolution and event.dataset missing

  #10956 closed Sep 3, 2024

• [Stack 8.15.0-SNAPSHOT] [kibana] Failing test daily: system test: default (variant: kibana_8.10.0) in kibana.node_actions

  #10553 closed Sep 3, 2024

• [Jamf Protect]: Dashboard queries not matching data in ES

  #10791 closed Sep 1, 2024

• [Stack 8.16.0-SNAPSHOT] [iptables] Failing test daily: system test: journald in iptables.log

  #10757 closed Aug 30, 2024

• [Stack 8.16.0-SNAPSHOT] [kibana] Failing test daily: system test: default (variant: kibana_8.10.0) in kibana.status

  #10623 closed Aug 30, 2024

• [microsoft_sqlserver] Failing test daily: system test: errorlog in microsoft_sqlserver.log

  #10889 closed Aug 30, 2024

• [New Integration] Authentik

  #10509 closed Aug 30, 2024

• [okta.system] Utilize 'subobjects: false' for debugContext.debugData

  #9863 closed Aug 29, 2024

• [Stack 8.16.0-SNAPSHOT] [crowdstrike] Failing test daily: system test: default in crowdstrike.fdr

  #10905 closed Aug 29, 2024

• [Stack 8.16.0-SNAPSHOT] [crowdstrike] Failing test daily: system test: keep-metadata in crowdstrike.fdr

  #10906 closed Aug 29, 2024

• [Suricata]: TLS Handshake Failure message parsing error

  #10690 closed Aug 29, 2024

• Automate updates to .github/ISSUE_TEMPLATE/integration_bug.yml

  #10565 closed Aug 29, 2024

• [Stack 8.15.0-SNAPSHOT] [f5_bigip] Failing test daily: pipeline test: test-pipeline-bigip-asm.log in f5_bigip.log

  #10501 closed Aug 29, 2024

• [Stack 8.15.0-SNAPSHOT] [cyberarkpas] Failing test daily: system test: tls in cyberarkpas.audit

  #10481 closed Aug 29, 2024

• [Stack 8.15.0-SNAPSHOT] [zscaler_zia] Failing test daily: pipeline test: test-sandbox.log in zscaler_zia.sandbox_report

  #10464 closed Aug 29, 2024

• [Stack 8.15.0-SNAPSHOT] [ti_crowdstrike] Failing test daily: system test: (elastic-agent logs - default) in ti_crowdstrike.intel

  #10570 closed Aug 29, 2024

• [Stack 8.15.0-SNAPSHOT] [tenable_io] Failing test daily: system test: (elastic-agent logs - default) in tenable_io.plugin

  #10485 closed Aug 29, 2024

• [New Integration] Sublime Security

  #10425 closed Aug 29, 2024

• [Stack 8.16.0-SNAPSHOT] [aws] Failing test daily: system test: default in aws.cloudtrail

  #10869 closed Aug 29, 2024

• [Kubernetes]Overview dashboard - total cpu and memory usage are incorrect

  #10887 closed Aug 28, 2024

• [squid] Rewrite Squid integration

  #10770 closed Aug 28, 2024

• [Threat Intelligences Utilities]: Intelligence Dashboard in Elastic Security Broken

  #10612 closed Aug 28, 2024

88 Issues opened by 34 people

• [Elastic Agent] Agent metrics visualizations use wrong minimum interval causing erroneous viz

  #11270 opened Sep 27, 2024

• [Check Point]: No documentation for the file option

  #11268 opened Sep 27, 2024

• [Docs] Discuss deduplication strategies in the Integrations Developer Guide

  #11266 opened Sep 27, 2024

• [Docs] Discuss patterns for ECS vs vendor prefixed fields in the Integrations Developer Guide

  #11264 opened Sep 27, 2024

• [Stack 8.16.0-SNAPSHOT] [apache_spark] Failing test daily: system test: metric (variant: v3.2.0) in apache_spark.executor

  #11262 opened Sep 27, 2024

• It is not possible to zero OAuth2.0 credentials via the fleet UI

  #11261 opened Sep 27, 2024

• [AWS] Support owning account for cross account monitoring

  #11260 opened Sep 26, 2024

• Azure Logs: use one input per agent policy

  #11251 opened Sep 26, 2024

• forgerock: add a specific endpoint emulator for sytem tests

  #11250 opened Sep 26, 2024

• [Cisco ASA]: Deny message not being parsed due to empty access-group

  #11236 opened Sep 24, 2024

• [Akamai] Remove Tech Preview from Datastreams

  #11235 opened Sep 24, 2024

• [Stack 8.16.0-SNAPSHOT] [cyberarkpas] Failing test daily: system test: tcp in cyberarkpas.audit

  #11224 opened Sep 24, 2024

• [GitLab] Add support for other GitLab logs

  #11218 opened Sep 23, 2024

• GA Security Integrations for Windows platform

  #11214 opened Sep 23, 2024

• [Stack 8.16.0-SNAPSHOT] [system] Failing test daily: system test: default in system.process

  #11207 opened Sep 23, 2024

• CrowdStrike integration not working

  #11204 opened Sep 21, 2024

• [Bug] Convert ZScaler dashboards to use links panel

  #11199 opened Sep 20, 2024

• [Enhancement] Scaling options for each integration/data stream

  #11195 opened Sep 20, 2024

• [custom_ti] Add Basic auth to integration

  #11192 opened Sep 19, 2024

• Absence of fields in VMware vSphere Elastic Agent integration?

  #11190 opened Sep 19, 2024

• [System] add support to ignore all "unknown" or "unavailable" filesystems

  #11189 opened Sep 19, 2024

• [System] add nsfs to defaults for filesystem.ignore_types

  #11188 opened Sep 19, 2024

• [AWS Bedrock] Rename Integration as Amazon Bedrock

  #11180 opened Sep 18, 2024

• [New Integration] Check Point Harmony Email & Collaboration

  #11178 opened Sep 18, 2024

• [network_traffic]: Dashboard links are broken when kibana is behind a reverse proxy and `server.basePath` is used

  #11175 opened Sep 18, 2024

• [Azure App Service] Missing azure.subscription_id

  #11172 opened Sep 18, 2024

• [AWS] Update documentation to reference the information related to the applicable charges

  #11171 opened Sep 18, 2024

• [Azure App Service]: Expects JSON object but is unparsed JSON string

  #11169 opened Sep 18, 2024

• [AWS Bedrock] Fix README issues

  #11168 opened Sep 18, 2024

• [New Integration] Microsoft Sentinel

  #11164 opened Sep 17, 2024

• [New Integration] Cloudflare Email Security

  #11163 opened Sep 17, 2024

• [Mimecast]Add support for Brand Exploit Protect alerts

  #11161 opened Sep 17, 2024

• [Mimecast]Add support for Cloud Integrated Logs

  #11160 opened Sep 17, 2024

• [Mimecast] Add support for API 2.0

  #11159 opened Sep 17, 2024

• [LogsDB] [Stack 8.16.0-SNAPSHOT] [system] Failing test daily: system test: default in system.process

  #11131 opened Sep 15, 2024

• [LogsDB] [Stack 8.16.0-SNAPSHOT] [kibana] Failing test daily: system test: default (variant: kibana_8.10.0) in kibana.audit

  #11130 opened Sep 14, 2024

• [Epic] [ServiceNow] New Fleet integration

  #11119 opened Sep 12, 2024

• [PostgeSQL]: Pipeline doesn't take into account log_line_prefix config variable

  #11114 opened Sep 12, 2024

• [Stack 8.16.0-SNAPSHOT] [oracle] Failing test daily: system test: systemstatistics in oracle.system_statistics

  #11111 opened Sep 12, 2024

• [Stack 8.16.0-SNAPSHOT] [oracle] Failing test daily: system test: sysmetric in oracle.sysmetric

  #11110 opened Sep 12, 2024

• [Stack 8.16.0-SNAPSHOT] [oracle] Failing test daily: system test: performance in oracle.performance

  #11109 opened Sep 12, 2024

• [LogsDB] [Stack 8.16.0-SNAPSHOT] [tenable_io] Failing test daily: system test: (elastic-agent logs - default) in tenable_io.plugin

  #11108 opened Sep 12, 2024

• [Docker Integration] New Datastream for Docker Engine API logs

  #11094 opened Sep 11, 2024

• [aws]: guardduty error message is unhelpful

  #11090 opened Sep 11, 2024

• [Stack 8.16.0-SNAPSHOT] [aws] Failing test daily: system test: default in aws.firewall_logs

  #11088 opened Sep 11, 2024

• [LogsDB] [Stack 8.16.0-SNAPSHOT] [vsphere] Failing test daily: system test: default in vsphere.virtualmachine

  #11087 opened Sep 11, 2024

• [LogsDB] [Stack 8.16.0-SNAPSHOT] [vsphere] Failing test daily: system test: default in vsphere.host

  #11086 opened Sep 11, 2024

• [LogsDB] [Stack 8.16.0-SNAPSHOT] [vsphere] Failing test daily: system test: default in vsphere.datastore

  #11085 opened Sep 11, 2024

• [LogsDB] [Stack 8.16.0-SNAPSHOT] [sophos] Failing test daily: pipeline test: test-sophos-xg.log in sophos.xg

  #11084 opened Sep 11, 2024

• [LogsDB] [Stack 8.16.0-SNAPSHOT] [sophos] Failing test daily: pipeline test: test-sophos-18-5-firewall.log in sophos.xg

  #11083 opened Sep 11, 2024

• [LogsDB] [Stack 8.16.0-SNAPSHOT] [oracle] Failing test daily: system test: systemstatistics in oracle.system_statistics

  #11082 opened Sep 11, 2024

• [LogsDB] [Stack 8.16.0-SNAPSHOT] [oracle] Failing test daily: system test: sysmetric in oracle.sysmetric

  #11081 opened Sep 11, 2024

• [LogsDB] [Stack 8.16.0-SNAPSHOT] [oracle] Failing test daily: system test: performance in oracle.performance

  #11080 opened Sep 11, 2024

• [LogsDB] [Stack 8.16.0-SNAPSHOT] [oracle] Failing test daily: system test: memory in oracle.memory

  #11079 opened Sep 11, 2024

• [LogsDB] [Stack 8.16.0-SNAPSHOT] [oracle] Failing test daily: system test: tablespace in oracle.tablespace

  #11078 opened Sep 11, 2024

• [LogsDB] [Stack 8.16.0-SNAPSHOT] [mongodb_atlas] Failing test daily: system test: (elastic-agent logs - default) in mongodb_atlas.process

  #11077 opened Sep 11, 2024

• [LogsDB] [Stack 8.16.0-SNAPSHOT] [mongodb_atlas] Failing test daily: system test: (elastic-agent logs - default) in mongodb_atlas.hardware

  #11076 opened Sep 11, 2024

• [LogsDB] [Stack 8.16.0-SNAPSHOT] [cyberarkpas] Failing test daily: system test: tls in cyberarkpas.audit

  #11075 opened Sep 11, 2024

• [LogsDB] [Stack 8.16.0-SNAPSHOT] [claroty_ctd] Failing test daily: system test: udp in claroty_ctd.event

  #11074 opened Sep 11, 2024

• [LogsDB] [Stack 8.16.0-SNAPSHOT] [claroty_ctd] Failing test daily: system test: tcp in claroty_ctd.event

  #11073 opened Sep 11, 2024

• [LogsDB] [Stack 8.16.0-SNAPSHOT] [cisco_ios] Failing test daily: pipeline test: test-cisco-ios.log in cisco_ios.log

  #11072 opened Sep 11, 2024

• [LogsDB] [Stack 8.16.0-SNAPSHOT] [cisco_ios] Failing test daily: pipeline test: test-asr920.log in cisco_ios.log

  #11071 opened Sep 11, 2024

• [Github]: GitHub Assets/Dashboards are inaccurate due to Github logging convention

  #11062 opened Sep 10, 2024

• [Kubernetes]: Visualization Display errors for Kubernetes Jobs and Cronjobs Dashboards

  #11060 opened Sep 10, 2024

• [vSphere] Add SSL/TLS support

  #11059 opened Sep 10, 2024

• [IAzure Logs]: Integration eats up memory and dies

  #11056 opened Sep 10, 2024

• [Okta] Add a `okta.debug_context.debug_data` keyword field

  #11049 opened Sep 9, 2024

• aws.securityhub_findings: Implement mappings for Cloud Security Workflow

  #11040 opened Sep 9, 2024

• aws.securityhub_findings: Implement transform for Cloud Security Workflow

  #11039 opened Sep 9, 2024

• aws.securityhub_findings: Update datastream to leverage Cloud Security workflows

  #11038 opened Sep 9, 2024

• GA Security Integrations

  #10985 opened Sep 3, 2024

• [Cisco Secure Email Gateway] Supporting AsyncOS v15

  #10979 opened Sep 3, 2024

• [Cisco ISE] Server 3.3 Support

  #10978 opened Sep 3, 2024

• [CheckPoint] Drop support for EOL OS

  #10977 opened Sep 3, 2024

• [Palo Alto Firewall] OS Support Update

  #10975 opened Sep 3, 2024

• [Mimecast] Migrating to API 2.0

  #10974 opened Sep 3, 2024

• [Okta]: Update 2.11.0 - > 2.12.0 fails

  #10972 opened Sep 3, 2024

• [Cisco Duo] Update dashboards and documentation

  #10962 opened Sep 2, 2024

• [Cisco Duo] Add support for Trust Monitor

  #10961 opened Sep 2, 2024

• [Cisco Duo] Add support for Activity Logs

  #10960 opened Sep 2, 2024

• [Cisco Duo] Update data streams to support v2 API

  #10959 opened Sep 2, 2024

• entityanalytics_ad: add configuration for attribute selection

  #10952 opened Sep 1, 2024

• [Docker Integration] Docker info + version

  #10941 opened Aug 30, 2024

• [Stack 8.16.0-SNAPSHOT] [vsphere] Failing test daily: system test: default in vsphere.virtualmachine

  #10926 opened Aug 29, 2024

• [Stack 8.16.0-SNAPSHOT] [sophos] Failing test daily: pipeline test: test-sophos-xg.log in sophos.xg

  #10908 opened Aug 28, 2024

• [Stack 8.16.0-SNAPSHOT] [sophos] Failing test daily: pipeline test: test-sophos-18-5-firewall.log in sophos.xg

  #10907 opened Aug 28, 2024

• [Stack 8.16.0-SNAPSHOT] [cisco_ios] Failing test daily: pipeline test: test-cisco-ios.log in cisco_ios.log

  #10904 opened Aug 28, 2024

• [Stack 8.16.0-SNAPSHOT] [cisco_ios] Failing test daily: pipeline test: test-asr920.log in cisco_ios.log

  #10903 opened Aug 28, 2024

131 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• [tychon] New integration

  #10811 commented on Sep 27, 2024 • 123 new comments

• [Check Point Harmony Endpoint] New Integration - WIP

  #10780 commented on Sep 27, 2024 • 53 new comments

• [Amazon Security Lake] - OCSF v1.1 update with major refactor & adding support for dynamic template and mappings & system tests

  #10405 commented on Sep 26, 2024 • 35 new comments

• [Prometheus] Added dynamic_<dataset|namespace> settings to prometheus datasets

  #10592 commented on Sep 25, 2024 • 2 new comments

• [auditd]: ENRICHED ascii character separation not working

  #10852 commented on Sep 19, 2024 • 0 new comments

• Fix kv parsing in auditd integration to properly support quoted values.

  #10333 commented on Sep 19, 2024 • 0 new comments

• [O11y][Docker] Update format in table visualization

  #7915 commented on Sep 20, 2024 • 0 new comments

• [cisco_ftd]: Can't Grok Username with spaces on ftd messageID 113039

  #10721 commented on Sep 20, 2024 • 0 new comments

• [New Integration] Check Point Harmony Endpoint

  #10168 commented on Sep 20, 2024 • 0 new comments

• [M365 Defender] - Add a new data stream to support vulnerability logs

  #7482 commented on Sep 21, 2024 • 0 new comments

• Two "metrics" columns are displayed for linux integration on Agent details page.

  #881 commented on Sep 21, 2024 • 0 new comments

• Elastic-Agent: Microsoft SQL Server Integration - manage failover in a Microsoft SQL cluster

  #4272 commented on Sep 23, 2024 • 0 new comments

• [Anomali] Support ThreatStream API

  #9610 commented on Sep 23, 2024 • 0 new comments

• [Azure docs] Create a detailed setup guide to show users how to take the most out of Azure Logs

  #9955 commented on Sep 24, 2024 • 0 new comments

• [ci] Add team labels to failing test issues

  #10354 commented on Sep 24, 2024 • 0 new comments

• [Azure docs] Document how to collect any logs using the generic Event Hub integration

  #4581 commented on Sep 25, 2024 • 0 new comments

• Update integration to include hide_in_deployment modes

  #10867 commented on Sep 25, 2024 • 0 new comments

• Move non-ECS fields in Network Packet Capture datastream fields out of root namespace

  #8185 commented on Sep 25, 2024 • 0 new comments

• [New Integration] Vertex AI

  #10856 commented on Sep 25, 2024 • 0 new comments

• Update integration to include deployment mode

  #10847 commented on Sep 25, 2024 • 0 new comments

• [Stack 8.16.0-SNAPSHOT] [vsphere] Failing test daily: system test: default in vsphere.host

  #10857 commented on Sep 19, 2024 • 0 new comments

• [Stack 8.16.0-SNAPSHOT] [vsphere] Failing test daily: system test: default in vsphere.datastore

  #10868 commented on Sep 19, 2024 • 0 new comments

• [Stack 8.16.0-SNAPSHOT] [cloudflare] Failing test daily: system test: default in cloudflare.logpull

  #10619 commented on Sep 19, 2024 • 0 new comments

• [Integration NATS]: Add support for JetStream

  #10748 commented on Sep 18, 2024 • 0 new comments

• [vSphere] Add SSL support

  #10542 commented on Sep 18, 2024 • 0 new comments

• [MySQL] Add support for MariaDB 10.5.X

  #10350 commented on Sep 18, 2024 • 0 new comments

• Add support for redis 7 in the redis integration

  #10199 commented on Sep 18, 2024 • 0 new comments

• Tomcat metrics - Support Prometheus JMX Agent 1.0.1

  #10189 commented on Sep 18, 2024 • 0 new comments

• [O11y][HAProxy] Proposed changes in configuration parameters

  #10157 commented on Sep 18, 2024 • 0 new comments

• Fleet Package Policy API: Error Adding Winlog Integration - Stream Template Not Found

  #9769 commented on Sep 18, 2024 • 0 new comments

• Feature Request: CSPM integration support for gov cloud environments

  #9187 commented on Sep 18, 2024 • 0 new comments

• [cef] decode_cef processor do not respect ECS and more

  #9109 commented on Sep 18, 2024 • 0 new comments

• trendmicro: enhance ecs mappings for `event.category` and `event.type`

  #8631 commented on Sep 18, 2024 • 0 new comments

• [GitHub] How to get `topic` field value for `repo.add_topic` events

  #8369 commented on Sep 18, 2024 • 0 new comments

• cisco_asa: Event code 106023 - Source/Destination IP not being parsed into respective source.ip or destination.ip field when interface nameif has a full colon (:)

  #9184 commented on Aug 28, 2024 • 0 new comments

• [PostgreSQL] Add `condition` setting support

  #10842 commented on Sep 20, 2024 • 0 new comments

• [Azure] Parse response body in Activity logs into its own object

  #10727 commented on Sep 12, 2024 • 0 new comments

• Updated ingest pipeline default.yml to set event category and type

  #10684 commented on Sep 18, 2024 • 0 new comments

• [Oracle] Add extended space metrics

  #10671 commented on Sep 18, 2024 • 0 new comments

• Add sample to use updatecli to update mysql image

  #10652 commented on Sep 1, 2024 • 0 new comments

• [O11y][PostgreSQL] Add SLO to the postgresql package

  #10607 commented on Sep 18, 2024 • 0 new comments

• feat: add tags and processors on GCP Pubsub metrics

  #10560 commented on Sep 22, 2024 • 0 new comments

• [MongoDB Atlas] Disk data stream

  #10555 commented on Aug 30, 2024 • 0 new comments

• Update Cloud Defend integration to include `beta` release tag

  #10541 commented on Aug 29, 2024 • 0 new comments

• docs: remove duplicate message in aws billing integration page

  #10382 commented on Sep 18, 2024 • 0 new comments

• [Draft] Open AI POC

  #10351 commented on Sep 1, 2024 • 0 new comments

• [Logstash] Ready Agent-driven monitoring for GA

  #10316 commented on Sep 18, 2024 • 0 new comments

• [Azure] [OpenAI] Recalculate event.duration

  #10290 commented on Sep 18, 2024 • 0 new comments

• [Nginx] Add SLO's with Nginx Package

  #10269 commented on Sep 18, 2024 • 0 new comments

• akamai: handle input leniently

  #10158 commented on Sep 27, 2024 • 0 new comments

• [Apache Tomcat] Add JDBC Connection Pool's `maxActive` in the ingest pipeline

  #10069 commented on Sep 18, 2024 • 0 new comments

• [Oracle WebLogic] Add Support for parsing default 14c timestamp

  #10047 commented on Sep 7, 2024 • 0 new comments

• Fix JSON Typos on AWS API Gateway Documentation

  #9932 commented on Sep 23, 2024 • 0 new comments

• [System.Security] For Windows, store the split access list and mask values

  #9907 commented on Sep 18, 2024 • 0 new comments

• Enable synthetic source for Elastic-Agent datastreams

  #9826 commented on Sep 19, 2024 • 0 new comments

• [MySQL] Add `condition` setting support

  #9704 commented on Sep 9, 2024 • 0 new comments

• [Kafka integration] Provide a clear guidance for Kafka hosts

  #9260 commented on Sep 18, 2024 • 0 new comments

• [MSSQL] Encode username/password before generating connection string

  #8792 commented on Sep 18, 2024 • 0 new comments

• Feature Request: Allow the option to add a custom input for integrations

  #7889 commented on Sep 27, 2024 • 0 new comments

• [Integration Update] Add Sessions, Policy, Factors and Devices data to Okta Entity Analytics

  #10426 commented on Sep 27, 2024 • 0 new comments

• Incorrect `null` handling in `if` conditions and elsewhere

  #8646 commented on Sep 27, 2024 • 0 new comments

• [Stack 8.16.0-SNAPSHOT] [mongodb_atlas] Failing test daily: system test: (elastic-agent logs - default) in mongodb_atlas.hardware

  #10625 commented on Sep 27, 2024 • 0 new comments

• [Stack 8.16.0-SNAPSHOT] [mongodb_atlas] Failing test daily: system test: (elastic-agent logs - default) in mongodb_atlas.process

  #10624 commented on Sep 27, 2024 • 0 new comments

• [Stack 8.16.0-SNAPSHOT] [cyberarkpas] Failing test daily: system test: tls in cyberarkpas.audit

  #10620 commented on Sep 27, 2024 • 0 new comments

• [Stack 8.16.0-SNAPSHOT] [cloudflare] Failing test daily: system test: cursor in cloudflare.logpull

  #10872 commented on Sep 27, 2024 • 0 new comments

• Make sure that main ECS fields are mapped in the Elastic Agent integration

  #8252 commented on Sep 26, 2024 • 0 new comments

• getting "Provided Grok expressions do not match field value" in the error field when I am sending some AWS Cloudfront logs

  #9334 commented on Sep 3, 2024 • 0 new comments

• Review integrations for timezone offset support in UI

  #6768 commented on Sep 4, 2024 • 0 new comments

• [Meta Issue] Integrations Test Environment

  #5340 commented on Sep 4, 2024 • 0 new comments

• Make event.original available to the custom pipeline

  #7636 commented on Sep 4, 2024 • 0 new comments

• [AWS] Add `custom` variable to all Cloudwatch inputs and at the package level

  #10002 commented on Sep 5, 2024 • 0 new comments

• [Tomcat] Access logs: Missing time to process request field in parsing

  #7584 commented on Sep 7, 2024 • 0 new comments

• [iptables]: not properly parsing VyOS logs

  #10881 commented on Sep 9, 2024 • 0 new comments

• [AWS] Support for reading Cloudwatch logs in Cross Account Observability Setup

  #6611 commented on Sep 10, 2024 • 0 new comments

• GCP GKE integration is broken

  #5127 commented on Sep 10, 2024 • 0 new comments

• [Fortinet Fortigate Traffic]: Wrong calculation of network.bytes

  #10849 commented on Sep 10, 2024 • 0 new comments

• [M365 Defender]: Event dataset pipeline sets `host.os.type` to windows for MacOS devices

  #10680 commented on Sep 11, 2024 • 0 new comments

• Replace logs stream panels with saved searches

  #10516 commented on Sep 12, 2024 • 0 new comments

• [Windows] GUID Translation

  #8959 commented on Sep 12, 2024 • 0 new comments

• Better debugging of Ingest Pipelines in Integrations

  #4150 commented on Sep 12, 2024 • 0 new comments

• [ Kubernetes Audit Logs ] Missing mappings for kubernetes.audit.requestObject.webhooks and kubernetes.audit.responseObject.webhooks objects

  #10081 commented on Sep 12, 2024 • 0 new comments

• [Azure] Add support for ServicePrincipalRiskEvents and RiskyServicePrincipals on the AD Identity Protection Ingest Pipeline.

  #8562 commented on Sep 13, 2024 • 0 new comments

• [Security Detection Engine] Incorrect Indices for "Suspicious Web Browser Sensitive File Access" Rule

  #10901 commented on Aug 28, 2024 • 0 new comments

• [Azure] [Billing] Investigate, document and propose ways to migrate from Usage Details API to Cost Details API

  #4237 commented on Aug 28, 2024 • 0 new comments

• [AWS Usage] Overlapping documents when enabling TSDB - no more dimensions available

  #6783 commented on Aug 28, 2024 • 0 new comments

• [google_workspace] Missing extra filters for `Successful Logins by Compromised Users` panel

  #8745 commented on Aug 29, 2024 • 0 new comments

• aws: guardduty datastream collects duplicated documents

  #8601 commented on Aug 29, 2024 • 0 new comments

• [crowdstrike]: Crowdstrike Falcon Overview Dashboard showing error in observer filter.

  #10819 commented on Aug 29, 2024 • 0 new comments

• [O11y][Oracle WebLogic] Add unit for Deployed Application and ThreadPool data streams

  #7620 commented on Aug 30, 2024 • 0 new comments

• [Logstash]: No assets found and 404 when clicking to other dashboards.

  #10642 commented on Aug 30, 2024 • 0 new comments

• [Windows Integration]: Error installing windows 1.47.0

  #10750 commented on Aug 30, 2024 • 0 new comments

• [O11y] Missing description for tag for logs data streams

  #7634 commented on Aug 31, 2024 • 0 new comments

• [ti_threatq] Fix confidence scoring, scale ingestion, update ECS mappings & dashboard improvements

  #10783 commented on Sep 1, 2024 • 0 new comments

• [Akamai]: Add support for specifying ingest timeline

  #10812 commented on Sep 2, 2024 • 0 new comments

• [Azure] [Database Account Metrics] Add support for more dimensions

  #7511 commented on Sep 2, 2024 • 0 new comments

• [Stack 8.16.0-SNAPSHOT] [kibana] Failing test daily: system test: default (variant: kibana_8.10.0) in kibana.audit

  #10691 commented on Sep 3, 2024 • 0 new comments

• [Stack 8.15.0-SNAPSHOT] [kibana] Failing test daily: system test: default (variant: kibana_8.10.0) in kibana.audit

  #10514 commented on Sep 3, 2024 • 0 new comments

• GCP Billing Metrics does not collect detailed usage information

  #4734 commented on Sep 3, 2024 • 0 new comments

• [Cisco Duo] Integration Updates

  #9609 commented on Sep 13, 2024 • 0 new comments

• HAProxy tcp log format missing in grok patterns

  #6605 commented on Sep 18, 2024 • 0 new comments

• [CSPM] Update documentation and manifest to include supported platforms

  #10108 commented on Sep 18, 2024 • 0 new comments

• AWS Firehose endpoint returning 200 even when ingestion is failing

  #10148 commented on Sep 18, 2024 • 0 new comments

• [Citrix ADC] Syslog messages are not according to documentation

  #10153 commented on Sep 18, 2024 • 0 new comments

• [Logstash] Integration field conflict and outdated documentation

  #10209 commented on Sep 18, 2024 • 0 new comments

• [cribl] reroute to metrics datastreams

  #10700 commented on Sep 18, 2024 • 0 new comments

• [AWS Bedrock] Make AWS Bedrock integration GA

  #10876 commented on Sep 18, 2024 • 0 new comments

• [trendmicro] Upgrade integration would overwrite the integration settings

  #9813 commented on Sep 18, 2024 • 0 new comments

• [cisco ftd] Update to 2.3.0 resets listen ip settings to default

  #3958 commented on Sep 18, 2024 • 0 new comments

• Cisco Secure Email Gateway | Use CEF processor instead of GROK for Consolidated Event logs

  #4738 commented on Sep 18, 2024 • 0 new comments

• Bug: MISP elastic-agent integration don't get any logs in Kibana discover view

  #5684 commented on Sep 18, 2024 • 0 new comments

• [azure_frontdoor] waf ingest pipeline does not parse correctly to ECS Fields

  #7017 commented on Sep 18, 2024 • 0 new comments

• [Tenable.sc] Tweaks to Tenable.sc integration

  #7695 commented on Sep 18, 2024 • 0 new comments

• Delay in log parsing of sonicwall integration In Elasticsearch and kibana

  #8114 commented on Sep 18, 2024 • 0 new comments

• Improve ModSecurity integration documentation

  #8134 commented on Sep 18, 2024 • 0 new comments

• File Integrity Monitoring | User Information - Windows

  #8312 commented on Sep 18, 2024 • 0 new comments

• [ITF] Logs reachability is not there in case of Service Only Usecase

  #7141 commented on Sep 14, 2024 • 0 new comments

• [Kubernetes] Add top level processor `add_fields` for the cluster name usecase

  #10878 commented on Sep 16, 2024 • 0 new comments

• [TI_MISP] Transform logs-ti_misp.latest_ioc can enter on a FAILED state because of mapping conflicts.

  #9360 commented on Sep 16, 2024 • 0 new comments

• [AWS][Enhancement] Review AWS `request_parameters` and `response_elements` Values for Improvements

  #9586 commented on Sep 16, 2024 • 0 new comments

• [tcp]: Line Delimiter input text field does not work for control characters like \r

  #10817 commented on Sep 16, 2024 • 0 new comments

• [Google Workspace] Create Apps Script Integration or Execution Log Ingestion

  #5388 commented on Sep 16, 2024 • 0 new comments

• Verify mapping problems after migrating to ecs@mappings

  #10848 commented on Sep 16, 2024 • 0 new comments

• [Trend Micro Vision One] Adding support for Datalake Pipeline

  #10192 commented on Sep 17, 2024 • 0 new comments

• Incorrect case in Cloudflare Logpush pipeline

  #8737 commented on Sep 17, 2024 • 0 new comments

• [Azure OpenAI][Enhancement] Azure OpenAI Advanced Logging Ingestion

  #10654 commented on Sep 17, 2024 • 0 new comments

• [Netskope] Test ingestion of compressed Netskope cloud storage logs

  #10744 commented on Sep 17, 2024 • 0 new comments

• Support for MacOS Unified Logging

  #6589 commented on Sep 18, 2024 • 0 new comments

• [Stack 8.16.0-SNAPSHOT] [sentinel_one_cloud_funnel] Failing test daily: system test: default in sentinel_one_cloud_funnel.event

  #10808 commented on Sep 18, 2024 • 0 new comments

• [META] [ITF] Scoping and development of test framework for integrations

  #5338 commented on Sep 18, 2024 • 0 new comments

• [stormshield] Follow-up tasks for new integration

  #10114 commented on Sep 18, 2024 • 0 new comments

• Needed improvements around AWS log collection configuration issues

  #5224 commented on Sep 18, 2024 • 0 new comments