Skip to content

[Checkpoint Email] Add agentless deployment #15450

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Sep 26, 2025
Merged

[Checkpoint Email] Add agentless deployment #15450

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
1e378e8
[Tenable SC] Add agentless deployment
moxarth-rathod Sep 24, 2025
50017b0
Add PR link in changelog
moxarth-rathod Sep 24, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions packages/checkpoint_email/_dev/build/docs/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,12 @@ Check Point's [Harmony Email & Collaboration](https://www.checkpoint.com/harmony

The Check Point Harmony Email & Collaboration integration collects security event logs using REST API.

## Agentless Enabled Integration

Agentless integrations allow you to collect data without having to manage Elastic Agent in your cloud. They make manual agent deployment unnecessary, so you can focus on your data instead of the agent that collects it. For more information, refer to [Agentless integrations](https://www.elastic.co/guide/en/serverless/current/security-agentless-integrations.html) and the [Agentless integrations FAQ](https://www.elastic.co/guide/en/serverless/current/agentless-integration-troubleshooting.html).

Agentless deployments are only supported in Elastic Serverless and Elastic Cloud environments. This functionality is in beta and is subject to change. Beta features are not subject to the support SLA of official GA features.

## Data streams

This integration collects the following logs:
Expand Down
5 changes: 5 additions & 0 deletions packages/checkpoint_email/changelog.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "1.3.0"
changes:
- description: Enable Agentless deployment.
type: enhancement
link: https://github.com/elastic/integrations/pull/15450
- version: "1.2.0"
changes:
- description: Populate additional ECS fields for the event types `phishing`, `spam`, and `malicious_url`.
Expand Down
11 changes: 11 additions & 0 deletions packages/checkpoint_email/data_stream/event/elasticsearch/ingest_pipeline/default.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,17 @@ processors:
field: ecs.version
tag: set_ecs_version
value: 8.17.0
- remove:
field:
- organization
- division
- team
ignore_missing: true
if: ctx.organization instanceof String && ctx.division instanceof String && ctx.team instanceof String
tag: remove_agentless_tags
description: >-
Removes the fields added by Agentless as metadata,
as they can collide with ECS fields.
- terminate:
tag: data_collection_error
if: ctx.error?.message != null && ctx.message == null && ctx.event?.original == null
Expand Down
6 changes: 6 additions & 0 deletions packages/checkpoint_email/docs/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,12 @@ Check Point's [Harmony Email & Collaboration](https://www.checkpoint.com/harmony

The Check Point Harmony Email & Collaboration integration collects security event logs using REST API.

## Agentless Enabled Integration

Agentless integrations allow you to collect data without having to manage Elastic Agent in your cloud. They make manual agent deployment unnecessary, so you can focus on your data instead of the agent that collects it. For more information, refer to [Agentless integrations](https://www.elastic.co/guide/en/serverless/current/security-agentless-integrations.html) and the [Agentless integrations FAQ](https://www.elastic.co/guide/en/serverless/current/agentless-integration-troubleshooting.html).

Agentless deployments are only supported in Elastic Serverless and Elastic Cloud environments. This functionality is in beta and is subject to change. Beta features are not subject to the support SLA of official GA features.

## Data streams

This integration collects the following logs:
Expand Down
14 changes: 11 additions & 3 deletions packages/checkpoint_email/manifest.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
format_version: 3.4.0
format_version: 3.3.2
name: checkpoint_email
title: Check Point Harmony Email & Collaboration
version: "1.2.0"
version: "1.3.0"
description: Collect logs from Check Point Harmony Email & Collaboration with Elastic Agent.
type: integration
categories:
Expand All @@ -10,7 +10,7 @@ categories:
- email_security
conditions:
kibana:
version: "^8.16.0 || ^9.0.0"
version: "^8.18.0 || ^9.0.0"
elastic:
subscription: basic
screenshots:
Expand All @@ -27,6 +27,14 @@ policy_templates:
- name: checkpoint_email
title: Check Point Harmony Email & Collaboration logs
description: Collect Check Point Harmony Email & Collaboration logs.
deployment_modes:
default:
enabled: true
agentless:
enabled: true
organization: security
division: engineering
team: security-service-integrations
inputs:
- type: cel
title: Collect Check Point Harmony Email & Collaboration logs via API
Expand Down