Transfer ownership of 17 integrations to integration-experience team#1
Closed
narph wants to merge 2298 commits into
Closed
Transfer ownership of 17 integrations to integration-experience team#1narph wants to merge 2298 commits into
narph wants to merge 2298 commits into
Conversation
[keycloak] Fix destructive shallow merge of JSON data
This stops some top-level metadata being overwritten by partial data
from the JSON object.
Below is a shell script to run tests on the new Painless function
mergeMaps.
---
: "${ES_URL:=https://localhost:9200}"
: "${ES_USER:=elastic}"
: "${ES_PASSWORD:=changeme}"
painless=$(cat <<'PAINLESS'
def mergeMaps(Map map1, Map map2) {
for (def key : map2.keySet()) {
if (!map1.containsKey(key)
|| map1[key] == null
|| map1[key] == ""
|| (map1[key] instanceof Map && map1[key].isEmpty())) {
map1[key] = map2[key];
} else if (map1[key] != map2[key]) {
if (map1[key] instanceof Map && map2[key] instanceof Map) {
map1[key] = mergeMaps(map1[key], map2[key]);
} else if (map1[key] instanceof List) {
def combined = new LinkedHashSet(map1[key]);
if (map2[key] instanceof List) {
combined.addAll(map2[key]);
} else if (map2[key] != null) {
combined.add(map2[key]);
}
map1[key] = new ArrayList(combined);
}
}
}
return map1;
}
def runTests(List tests) {
def results = new ArrayList();
for (def t : tests) {
def got = mergeMaps(t["map1"], t["map2"]);
results.add([
"test": t["name"],
"passed": got.equals(t["expect"]),
"got": got,
"expected": t["expect"]
]);
}
def passed = new ArrayList();
def failed = new ArrayList();
for (def r : results) {
if (r["passed"]) passed.add(r);
else failed.add(r);
}
def result = new LinkedHashMap();
result.put("passed_all", passed.size() == tests.size());
result.put("passed_count", passed.size());
result.put("failed_count", failed.size());
result.put("failed", failed);
return result;
}
def tests = [
[
"name": "fill_missing_key",
"map1": ["a": 1],
"map2": ["b": 2],
"expect": ["a": 1, "b": 2]
],
[
"name": "no_overwrite_non_empty_scalar",
"map1": ["a": 1],
"map2": ["a": 2],
"expect": ["a": 1]
],
[
"name": "overwrite_null_empty_string_empty_map",
"map1": ["n": null, "s": "", "m": [:], "keep": "x"],
"map2": ["n": 5, "s": "hi", "m": ["k": 1], "keep": "y"],
"expect": ["n": 5, "s": "hi", "m": ["k": 1], "keep": "x"]
],
[
"name": "deep_merge_nested_maps",
"map1": ["o": ["x": 1, "y": ""]],
"map2": ["o": ["x": 2, "y": "filled", "z": 3]],
"expect": ["o": ["x": 1, "y": "filled", "z": 3]]
],
[
"name": "list_merge_empty_list_and_dedupe",
"map1": ["l": [], "l2": [1, 2]],
"map2": ["l": 7, "l2": [2, 3, 1]],
"expect": ["l": [7], "l2": [1, 2, 3]]
],
[
"name": "list_merge_does_not_add_null_scalar",
"map1": ["l": [1]],
"map2": ["l": null],
"expect": ["l": [1]]
]
];
runTests(tests);
PAINLESS
)
jq -n --arg src "$painless" '{"script":{"source":$src}}' |
curl -sSk \
-u "${ES_USER}:${ES_PASSWORD}" \
-X POST "${ES_URL}/_scripts/painless/_execute" \
-H 'Content-Type: application/json' \
-d @- |
jq .
Fix README format based on updated elastic-package v0.120.0
* [aws_mq] improve system tests * update readme * new line * add support for legacy awscloudwatch fields * move bash script to file * add audit log system test * update readme * rabbitmq general logs test * update readme * fix comments * bump version * add retention & remove obsolete version & change changelog message * remove region and change to posix
…vice properties (elastic#17528) entityanalytics_entra_id: add toggle for collecting intune-managed device properties The default Graph API device query does not include fields managed by Microsoft Intune (isCompliant, isManaged, deviceCategory, etc.). Previously, users had to manually configure these via the Custom Options YAML field. Add an "Intune Managed Device Properties" toggle that emits the extended select.devices query when enabled, requiring the DeviceManagementManagedDevices.Read.All permission and an active Intune license. The toggle should not be used in conjunction with select.devices in Custom Options, but does not affect other Custom Options settings.
) Arista NG Firewall: fix event.kind value for SessionEvent Changed event.kind from alert to event for SessionEvent logs, since session events are informational network events, not alerts. Fixed event.type being incorrectly set to denied when the blocked field is false — it now correctly maps to allowed.
…17521) Add fingerprint processor to avoid duplicated events.
…gs without any associated user and ip address (elastic#17408) - Add support for access logs with user.domain and event logs without any associated user and ip address --------- Co-authored-by: Maximilian Pohle <maximilian.pohle@sva.de>
…17313) This expands the information on the use-cases supported by the integration, and the data collected. It also reformats the set up instructions to make them easier to follow, and adds common troubleshooting issues. Assisted by Google Gemini
…7496) Update Claude workflows to include additional users from the hosted services team. Signed-off-by: Maurizio Branca <maurizio.branca@elastic.co>
* Update documentation for udp
Replace markdown-based navigation visualization with native Kibana link panels. Each of the 7 main dashboards (Overview, Admin Login, Session Stats, Web Filter, Intrusion Prevention, System Stats, Interface Stats) now has a links panel referencing the other six. Co-authored-by: Cursor <cursoragent@cursor.com>
Update the documentation for Zeek. This update provides additional information on the integration's use-cases, data collected, instructions for setting up the service and integration, and adds common troubleshooting steps. Assisted by Google Gemini
* [modsecurity] Update documentation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Update changelog PR link to elastic#17410 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix Vale linting warnings in modsecurity docs Replace Latin term "via" with "using"/"through" and "see" with "get" per Elastic docs style guide. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Update modsecurity service_info.md with factual corrections - Add ModSecurity v2 for Apache (v2.9.x) to compatibility section - Soften Part K exclusion from "must"/"CRITICAL" to recommendation - Clarify event.original requires preserve_original_event enabled - Fix inconsistent SecAuditLogParts in troubleshooting section Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Regenerate modsecurity docs from corrected knowledge base Reflects factual corrections in service_info.md: - Compatibility section now notes v2 Apache test coverage - Part K exclusion softened to recommendation - Validation step clarifies event.original requires opt-in - Consistent SecAuditLogParts across setup and troubleshooting Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Remove AI disclaimers and fix Vale style violations Remove two Gemini-generated AI disclaimers not present in other integration docs. Replace "via" with "using" per Elastic style guide. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Add validated AI-assisted disclaimer to modsecurity docs Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Use consistent SecAuditLogParts ABFHJZ across docs Align troubleshooting recommendation with setup section. Part H (audit trailer) contains useful action and timing data. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Remove 'Note that' from compatibility section Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Remove self-referential and misplaced links from docs Remove link to this same integration doc page and generic Elastic Agent Troubleshooting link from vendor documentation sections. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix compatibility: list v2 for Apache instead of v3, remove duplicate vendor sections The Apache support was added in PR elastic#3363 for ModSecurity v2 (2.9.x), not v3 with the Apache connector. Updated compatibility to reflect what is actually tested. Removed duplicate vendor resource sections and circular self-referencing links. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Review feedback Co-authored-by: Michael Wolf <michael.wolf@elastic.co> * Rebuild docs to remove generated use-case list Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Michael Wolf <michael.wolf@elastic.co>
* Add SQL Server OTel input package Add SQL Server OpenTelemetry input package (sql_server_input_otel). WHAT: New input package that enables collection of SQL Server metrics using the OpenTelemetry Collector's sqlserverreceiver. The package provides configuration support for the receiver: connection settings (server, port, username, password), instance settings (instance_name, computer_name), collection settings (interval, initial delay), query sample collection, and top query collection. Includes Docker test environment (MSSQL 2019), policy tests, system test (skipped for CI), input template (input.yml.hbs), manifest, docs, and changelog. WHY: To allow users to collect SQL Server metrics via the Elastic Agent with the EDOT Collector using the standard OpenTelemetry SQL Server receiver, with a supported input package. Co-authored-by: Cursor <cursoragent@cursor.com> * Address PR review comments and Vale linting suggestions - Fix Vale linting: replace "in order to" with "to" in README docs - Update changelog link to reference PR elastic#17429 instead of issue elastic#17152 - Add service field to system test config for docker-compose integration - Add CODEOWNERS entry for sql_server_input_otel package (@elastic/ecosystem) Co-authored-by: Tere <teresaromero@users.noreply.github.com> * Enhance SQL Server OpenTelemetry input package - Updated the description to include log collection capabilities. - Bumped Kibana version requirement from 9.2.0 to 9.4.0. - Added configuration options for enabling query sample and top query events. - Updated policy templates and test configurations to support new log event features. - Enhanced documentation to reflect the new log collection capabilities. Co-authored-by: Tere <teresaromero@users.noreply.github.com> * Enhance SQL Server OpenTelemetry input package with log support - Added dynamic signal types to the manifest for improved configuration. - Updated policy tests to include new log statement configurations for SQL Server metrics. - Enhanced expected output permissions to accommodate log collection capabilities. Co-authored-by: Tere <teresaromero@users.noreply.github.com> * Update SQL Server OpenTelemetry input package manifest to version 3.6.0 * Enhance SQL Server OpenTelemetry input package with new configuration options and documentation updates - Updated manifest to include additional settings for query sample and top query collection, specifying their applicability. - Added metrics configuration options to the input YAML template. - Expanded documentation to detail the new log event types and their configurations. - Introduced expected test files for scenarios with metrics enabled. * Enhance SQL Server Input integration by updating manifest and documentation. Updated policy templates to include new 'datasource' field for connection strings, improved descriptions for connection settings, and added resource attributes configuration. Updated README to reflect new features and known limitations regarding resource attributes. Adjusted Dockerfile healthcheck command for better error handling. Added new test cases for datasource configuration and default variables. * Add SQL Server Input workload and initialization scripts - Introduced `init.sh` for database setup and initialization. - Added `workload.sh` for generating database workload. - Updated `Dockerfile` to include new scripts and modified healthcheck logic. - Enhanced `docker-compose.yml` to define a new service for workload generation with health checks. - Created `test-logs-config.yml` for system testing with relevant configurations. * Update SQL Server Input documentation to clarify log event settings. Changed wording from "disabled by default" to "turned off by default" for better clarity. * Update SQL Server Input expected test files to swap metrics and logs configurations. Adjusted component IDs for logs and metrics to ensure correct mapping in policy templates. * Update sample_event.json for SQL Server Input * Update SQL Server Input manifest and documentation. Added a 'secret' field in the manifest with a note on future changes regarding secret handling. Clarified connection requirements in the README to specify the use of either individual connection settings or a datasource connection string. * Update test-logs-config.yml to increase minimum count for assertions from 1 to 10, enhancing test coverage for SQL Server Input. --------- Co-authored-by: Cursor <cursoragent@cursor.com> Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com> Co-authored-by: Tere <teresaromero@users.noreply.github.com>
…elastic#17411) beyondinsight_password_safe: handle optional password in authentication The BeyondInsight API does not always require a password for authentication. The password will be null when it is not supplied. Whether one is needed depends on the "User Password Required" setting on the API registration in BeyondInsight. When no password was configured, the integration failed because it assumed the password field was always present in state. ref: https://docs.beyondtrust.com/bips/docs/bi-cloud-configure-api
…d controls show correct data (elastic#17574) Add data_stream.dataset at the dashboard level so Kibana controls inherit the filter and return correct results instead of querying all logs-*.
m365_defender: add support for behavior and message tables This extends the integration to handle BehaviorInfo, BehaviorEntities, MessageEvents, MessageUrlInfo, and MessagePostDeliveryEvents tables from the Microsoft 365 Defender Advanced Hunting API, enabling richer threat detection and email security monitoring. Test logs were generated based on documentation. API documentation: - MessageEvents: https://learn.microsoft.com/en-us/defender-xdr/advanced-hunting-messageevents-table - BehaviorInfo: https://docs.azure.cn/en-us/azure-monitor/reference/tables/behaviorinfo - Advanced Hunting API: https://learn.microsoft.com/en-us/defender-endpoint/api/run-advanced-query-api
…es (elastic#17540) o365: fix stale content types persisting in cursor after config changes Fix a bug where the O365 audit integration remains DEGRADED after changing content_types in the configuration, continuing to make API requests with the removed content types. When the CEL program generates listing URLs, the content type is embedded in the URL query string and stored in cursor.todo_links, which is persisted to disk. After a configuration change and agent restart, these stale links are fetched before any new work is generated, producing the error: "AF20020: The specified content type is not valid" from the API and keeping the integration in a DEGRADED state. The fix filters cursor.todo_links and cursor.todo_content on every evaluation, discarding any entries that reference content types no longer present in the configuration. Additionally, todo_types is now reconciled against the current config on every evaluation to guard against the same issue mid-cycle without a restart.
…ic#17580) Made with ❤️️ by updatecli Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
…is no longer published to EPR (elastic#17576)
* initial * big push * Update changelog * fix readme according to vale linting * update after lint and build * CodeOwners * Remove unecessary metricbeat * Bump version because of Kibana Dashboard * Now it all should work locally elastic-package test worked without any issue * fix * Added more dimensions to cover all possible situations
…astic#17579) Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl) from 1.6.1 to 1.6.3. - [Release notes](https://github.com/cloudflare/circl/releases) - [Commits](cloudflare/circl@v1.6.1...v1.6.3) --- updated-dependencies: - dependency-name: github.com/cloudflare/circl dependency-version: 1.6.3 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ailbox (elastic#17869) Rewrite the CEL collection program for the ai_security_mailbox data stream to defer items with judgementStatus "Scanning" instead of ingesting them immediately. Scanning items are held in a persistent cursor list and re-checked on each collection cycle. Once the status resolves, the item is published normally. Items that remain Scanning beyond a configurable timeout (default 168h) are published as-is. This prevents the collection cursor from advancing past unclassified events that would otherwise never be revisited. Adds script tests covering both the filtering behaviour and the timeout expiry path.
…gle blob failure Fix the vulnerability data stream so a single blob failure no longer clears the entire download work list and stops processing. The CEL program now checks for a zero-byte response body before attempting gzip decode and skips that blob while continuing with the rest of the list. On gzip decode errors (e.g. blob still copying or transient TCP issues), it now advances the work list with tail(state.work_list) and sets want_more from the remaining list instead of clearing work_list and setting want_more to false. A retry-at-end path is used for empty-body responses so a blob can be retried later. Only confirmed 403 signature-invalid responses still clear the work list and stop further downloads.
…rkflow (elastic#18053) Use upload-artifact@v7 / download-artifact@v8 for cross-workflow signaling. Validation workflow uploads a "docs-validation-failed" artifact with the PR number when docs-builder finds errors. Notification workflow downloads it and posts a comment. - Validation workflow: contents: read only, continue-on-error: true - Notification workflow: permissions at job level (pull-requests: write, actions: read), runs via workflow_run in base branch context - Artifact confirmed uploaded in test PR elastic#18049 Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* add AKS support * clarify DaemonSet specification * add kernel requirements
…stic#18071) Bumps [github.com/magefile/mage](https://github.com/magefile/mage) from 1.16.1 to 1.17.0. - [Release notes](https://github.com/magefile/mage/releases) - [Commits](magefile/mage@v1.16.1...v1.17.0) --- updated-dependencies: - dependency-name: github.com/magefile/mage dependency-version: 1.17.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…tic#18080) * [Security Rules] Update security rules package to v9.3.7-beta.1 * Add changelog entry for 9.3.7-beta.1
* [Security Rules] Update security rules package to v9.3.7 * Add changelog entry for 9.3.7
…icro_vision_one}: Add script tests (elastic#17928) Add script tests for 6 integrations Add script tests covering auth failures, server errors, and recovery for all data streams in the following integrations: crowdstrike (3 data streams) - alert: HTTP 401 non-200 → error event with error.code="401" and error.message referencing the alerts endpoint (unauthorized.txt); HTTP 200 with body.errors[403] → error event with "Access denied" (api_error_response.txt, pre-existing) - host: HTTP 200 with body.errors[403] on /devices/combined/devices/v1 → error event, no host data docs - vulnerability: HTTP 200 with body.errors[403] on /spotlight/combined/vulnerabilities/v1 → error event, no vulnerability data docs sentinel_one (11 data streams) - CEL (threat_event, unified_alert, application, application_risk): assert error events are indexed on 401/403; verify error.code and error.message before asserting recovery - httpjson (threat, group, activity, agent): verify data collection recovers after 401/503 by asserting eventual document arrival m365_defender (3 data streams) - incident, alert (httpjson): assert recovery from 403 and 429 (with Retry-After header) - vulnerability (CEL): assert error events indexed on 401 and 403 during token and export API requests ti_abusech (6 data streams) - ja3_fingerprints, sslblacklist (GET, no auth): assert error event indexed on 503 - malwarebazaar, threatfox, url, malware (POST/GET with auth key): assert no documents collected when an invalid auth key is configured ti_anomali (1 data stream) - intelligence (CEL): assert error event indexed on invalid credentials trend_micro_vision_one (6 data streams) - Fix CEL programs' handling of missing state fields for endpoint_activity and network_activity data streams. - alert, audit, detection (httpjson): assert recovery after 401 - endpoint_activity, network_activity (CEL): assert error event indexed on 401 - telemetry (CEL): assert error event indexed when GET /v3.0/datalake/dataPipelines returns 401 on first run
…nd Vulnerability data streams (elastic#18000) The initial release includes Alert, Indicator and vulnerability data stream and associated dashboard. Flashpoint fields are mapped to their corresponding ECS fields where possible. Test samples were derived from live data samples, which were subsequently sanitized.
…7759) With this PR, fields in APM Server logs will be indexed even if they are not explicitly defined in apm_server_logs.
* Update JWT Bearer procedure * Update changelog and manifest * Update packages/salesforce/_dev/build/docs/README.md Co-authored-by: Edu González de la Herrán <25320357+eedugon@users.noreply.github.com> * Update packages/salesforce/_dev/build/docs/README.md Co-authored-by: Edu González de la Herrán <25320357+eedugon@users.noreply.github.com> * Update packages/salesforce/_dev/build/docs/README.md Co-authored-by: Edu González de la Herrán <25320357+eedugon@users.noreply.github.com> * Integrate feedback from reviewer * Update packages/salesforce/_dev/build/docs/README.md Co-authored-by: subham sarkar <sarkar.subhams2@gmail.com> * Update packages/salesforce/docs/README.md Co-authored-by: subham sarkar <sarkar.subhams2@gmail.com> --------- Co-authored-by: Edu González de la Herrán <25320357+eedugon@users.noreply.github.com> Co-authored-by: subham sarkar <sarkar.subhams2@gmail.com>
…tination indices (elastic#18103) fix data_stream.namespace field type in transform destination indices The data_stream.namespace field in the latest_intel and latest_ioc transform destination indices was mapped as constant_keyword. This is incorrect because these transforms consume data from all namespaces (logs-ti_crowdstrike.*-*), meaning documents with different namespace values are merged into the same destination index. Elasticsearch silently drops or ignores values that differ from the constant, leading to incorrect field values in the destination index. Per the Fleet Package Code Review guidelines[1]: If your transform consumes data from multiple data streams, avoid using constant_keyword in the transform's mappings if it results in documents with varying values being merged into the destination index. For instance, use a keyword type instead of constant_keyword for fields like data_stream.dataset. Changed the type to keyword in both transform field definitions. As this is a mapping change, the destination index versions and fleet_transform_version values have been bumped to trigger recreation of the transform and its destination index on upgrade. [1] https://github.com/elastic/integrations/wiki/Fleet-Package-Code-Review-Comments#optimizing-indices-using-constant-keyword-fields
…17878) tenable_io: drop empty events in vulnerability data stream The CEL program emits empty events ([{}]) on two fallback paths, causing the error field [original] not present as part of path [event.original]. Add a drop-event processor in CEL to discard empty events.
…ic#18112) Made with ❤️️ by updatecli Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* [azure_application_insights] add client secret * add pr link * update agent config * bump kibana version * update readme and kibana.version * build readme * add -next flag * update auth_type description * update docs
… ES|QL LOOKUP JOIN (elastic#17877) Add Elasticsearch transform and ingest pipeline to maintain a host-metadata lookup index from FDR aidmaster events. Enables enriching FDR events at query time with ES|QL LOOKUP JOIN on host.id. - Add transform latest_aidmaster - Add ingest pipeline aidmaster_lookup_namespaced to shape lookup docs - Document usage in integration README Ref: security-integrations/rfcs/2026/2026-02-20-729-crowdstrike-fdr-query-time-lookup-join-enrichment.md
…ents (elastic#17931) * feat(windows,system): populate registry.path for Security registry events Map ECS registry.path from winlog.event_data.ObjectName for event 4657 and for 4656/4658/4660/4661/4662/4663 when ObjectType is Key so file and AD objects are not mapped. Bump windows integration to 3.7.0 and system integration to 2.14.0. * chore: point changelogs to integrations PR * fix(windows,system): also map registry.path when ObjectName has \REGISTRY\ prefix For generic object event IDs, treat as registry when ObjectType is Key or ObjectName starts with the NT object-manager prefix (case-insensitive).
* unifiedlogs: wire data_stream.dataset in input template * chore(unifiedlogs): bump to 0.4.1 and changelog for data_stream.dataset template * test(unifiedlogs): add policy tests and data_stream.dataset manifest var - Policy tests for default (unifiedlogs.generic) and custom (elastic_agent.test) datasets - Expose data_stream.dataset in manifest for Fleet (aligned with filestream/cel) - Bump package to 0.4.2 * fix tests
… & ObjectDN (elastic#17921) * Enhance Windows/system security: args_count (4688), 5136 reason & ObjectDN - Add process.args_count for event 4688 (elastic#14767) - Map OperationType to event.reason for event 5136 (elastic#15308) - Parse ObjectDN for 5136 into user.target/group/host by ObjectClass (elastic#16965) Keep windows.forwarded and system.security pipelines in sync. * Add PR link to changelog entries * refactor: use processor if for 5136 ObjectDN script guard * fix: robust CN parsing for 5136 ObjectDN * chore: drop 5136 CN bugfix changelog entry * chore(system,windows): bump versions for elastic#17921; split changelog from elastic#17931 - system 2.15.0, windows 3.8.0 - Changelog: 17921 entries under new versions; 17931 remains on 2.14.0 / 3.7.0
* network_traffic: accept ECS flow.final fields in flows dashboards When map_to_ecs is enabled, flow fields are renamed under network_traffic.flow. Update the flows dashboards to include final flow events for both legacy and ECS-mapped documents. Made-with: Cursor * network_traffic: fix flows dashboards filters for Kibana 9.x Use the actual logs-network_traffic.* data view id in panel filters so Lens can resolve fields correctly. Also update the ECS flows dashboard to use network_traffic.flow.id for unique flow counts. Made-with: Cursor * network_traffic: bump version for flows dashboard fixes Made-with: Cursor * network_traffic: add changelog link for 1.34.1 Made-with: Cursor
* Update Crible readme * Update manifest and changelog * Update packages/cribl/changelog.yml Co-authored-by: Dan Kortschak <dan.kortschak@elastic.co> --------- Co-authored-by: Dan Kortschak <dan.kortschak@elastic.co>
…lastic#18125) Bumps [updatecli/updatecli-action](https://github.com/updatecli/updatecli-action) from 2.100.0 to 3.0.0. - [Release notes](https://github.com/updatecli/updatecli-action/releases) - [Commits](updatecli/updatecli-action@4b17f4e...2cc8e6d) --- updated-dependencies: - dependency-name: updatecli/updatecli-action dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
) Moves docs CI/CD from elastic/docs-builder to elastic/docs-actions. Part of elastic/docs-eng-team#474
…astic#17729) * filter dashboards with profilingmetricsconnector.otel data stream * update PR number
…egration-experience Move CODEOWNERS entries for barracuda, barracuda_cloudgen_firewall, cisco_meraki, cisco_umbrella, corelight, cribl, f5_bigip, falco, fireeye, forcepoint_web, gigamon, infoblox_nios, infoblox_threat_defense, prisma_access, pulse_connect_secure, symantec_endpoint, and threat_map from @elastic/security-service-integrations to @elastic/integration-experience. Made-with: Cursor
Update the owner.github field from elastic/security-service-integrations to elastic/integration-experience in the manifest.yml of each transferred integration package, consistent with the CODEOWNERS change. Made-with: Cursor
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
@elastic/security-service-integrationsto@elastic/integration-experience.github/CODEOWNERSand each package'smanifest.yml(owner.githubfield)Affected integrations
Changes
.github/CODEOWNERS— Updated 17 package entries from@elastic/security-service-integrations→@elastic/integration-experiencepackages/*/manifest.yml— Updatedowner.githubfromelastic/security-service-integrations→elastic/integration-experiencein all 17 packagesTest plan
Made with Cursor