{ti_eclectiqiq,ti_opencti,ti_threatconnect}: Update error.message field mapping as per ECS inside Threat Intel destination indices.

packages/ti_eclecticiq/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.4.1"
+  changes:
+    - description: Update `error.message` field mapping as per ECS inside transform destination indices.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/14290
 - version: "1.4.0"
   changes:
     - description: Update Kibana constraint to support 9.0.0.

packages/ti_eclecticiq/elasticsearch/transform/latest_ioc/fields/ecs.yml

@@ -4,6 +4,8 @@
   name: message
 - external: ecs
   name: tags
+- external: ecs
+  name: error.message
 - external: ecs
   name: event.url
 - external: ecs

packages/ti_eclecticiq/elasticsearch/transform/latest_ioc/transform.yml

@@ -8,7 +8,7 @@ source:
 # us that ability in order to prevent having duplicate IoC data and prevent query
 # time field type conflicts.
 dest:
-  index: "logs-ti_eclecticiq_latest.threat-3"
+  index: "logs-ti_eclecticiq_latest.threat-4"
 latest:
   unique_key:
     - event.dataset
@@ -28,4 +28,4 @@ _meta:
   managed: true
   # Bump this version to delete, reinstall, and restart the transform during package.
   # Version bump is needed if there is any code change in transform.
-  fleet_transform_version: 0.3.0
+  fleet_transform_version: 0.4.0

packages/ti_eclecticiq/manifest.yml

@@ -1,7 +1,7 @@
 format_version: 3.0.3
 name: ti_eclecticiq
 title: EclecticIQ
-version: "1.4.0"
+version: "1.4.1"
 description: Ingest threat intelligence from EclecticIQ with Elastic Agent
 type: integration
 categories:

packages/ti_opencti/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.6.1"
+  changes:
+    - description: Update `error.message` field mapping as per ECS inside transform destination indices.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/14290
 - version: "2.6.0"
   changes:
     - description: Update Kibana constraint to support 9.0.0.

packages/ti_opencti/elasticsearch/transform/latest_ioc/fields/ecs.yml

@@ -49,6 +49,8 @@
 # External ECS defintions, required by the transform
 - external: ecs
   name: ecs.version
+- external: ecs
+  name: error.message
 - external: ecs
   name: event.agent_id_status
 - external: ecs

packages/ti_opencti/elasticsearch/transform/latest_ioc/transform.yml

@@ -10,7 +10,7 @@ source:
 # that ability in order to prevent having duplicate IoC data and prevent query
 # time field type conflicts.
 dest:
-  index: "logs-ti_opencti_latest.dest_indicator-3"
+  index: "logs-ti_opencti_latest.dest_indicator-4"
   aliases:
     - alias: "logs-ti_opencti_latest.indicator"
       move_on_creation: true
@@ -34,4 +34,4 @@ _meta:
   managed: true
   # Bump this version to delete, reinstall, and restart the transform during
   # package installation.
-  fleet_transform_version: 0.3.0
+  fleet_transform_version: 0.4.0

packages/ti_opencti/manifest.yml

@@ -1,7 +1,7 @@
 format_version: "3.0.2"
 name: ti_opencti
 title: OpenCTI
-version: "2.6.0"
+version: "2.6.1"
 description: "Ingest threat intelligence indicators from OpenCTI with Elastic Agent."
 type: integration
 source:

packages/ti_threatconnect/changelog.yml

@@ -1,5 +1,10 @@
 # newer versions go on top
 # WARNING: this version number needs to be kept up to date in the transform!
+- version: "1.10.1"
+  changes:
+    - description: Update `error.message` field mapping as per ECS inside transform destination indices.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/14290
 - version: "1.10.0"
   changes:
     - description: Remove duplicated installation instructions from the documentation

packages/ti_threatconnect/elasticsearch/transform/latest/fields/ecs.yml

@@ -4,6 +4,8 @@
   type: keyword
 - name: email.to.address
   type: keyword
+- name: error.message
+  external: ecs
 - name: event.category
   type: keyword
 - name: event.id

packages/ti_threatconnect/elasticsearch/transform/latest/transform.yml

@@ -9,8 +9,8 @@ source:
 # us that ability in order to prevent having duplicate IoC data and prevent query
 # time field type conflicts.
 dest:
-  index: "logs-ti_threatconnect_latest.dest_indicator-7"
-  pipeline: "1.10.0-tactics_compatibility"
+  index: "logs-ti_threatconnect_latest.dest_indicator-8"
+  pipeline: "1.10.1-tactics_compatibility"
   aliases:
     - alias: "logs-ti_threatconnect_latest.indicator"
       move_on_creation: true
@@ -33,4 +33,4 @@ _meta:
   managed: true
   # Bump this version to delete, reinstall, and restart the transform during package.
   # Version bump is needed if there is any code change in transform.
-  fleet_transform_version: 0.7.0
+  fleet_transform_version: 0.8.0

packages/ti_threatconnect/manifest.yml

@@ -2,7 +2,7 @@
 format_version: 3.0.3
 name: ti_threatconnect
 title: ThreatConnect
-version: "1.10.0"
+version: "1.10.1"
 description: Collects Indicators from ThreatConnect using the Elastic Agent and saves them as logs inside Elastic
 type: integration
 categories: