53 Pull requests merged by 25 people

• Billing integration dedup credits & stalling fixes

  #12796 merged Feb 20, 2025

• [Elastic Agent] Extra Elastic Agent metric dashboard fixes

  #12855 merged Feb 20, 2025

• Fix and enhance handling of crowdstrike.DomainName

  #12712 merged Feb 20, 2025

• [Elastic Agent] Updates to Elastic Agent metrics dashboards

  #12793 merged Feb 20, 2025

• [cisco_ftd] Lots of new message support

  #12726 merged Feb 20, 2025

• Update security service integrations packages mappings

  #12624 merged Feb 20, 2025

• Updated description on ssl node in data_stream to be uniform and include links to online documentation for integrations owned by obs-infraobs-integrations

  #12727 merged Feb 20, 2025

• [citrix_adc] Pipeline fixes for parsing errors

  #12774 merged Feb 20, 2025

• [O365] [OneDrive Usage Storage] Fix cel code

  #12849 merged Feb 20, 2025

• Updated description on ssl node in data_stream to be uniform and include links to online documentation for integrations owned by obs-ux-management-team

  #12776 merged Feb 20, 2025

• digital_guardian: fix mapping of dg_alert.alert_wb field and add export profile guid

  #12818 merged Feb 20, 2025

• Make the Filestream integration GA

  #12845 merged Feb 19, 2025

• [Synthetics] Added field for maintenance windows !!

  #12820 merged Feb 19, 2025

• update codeowners to fit with the new O11y ownership

  #12836 merged Feb 19, 2025

• Updated description on ssl node in package level manifest.yml to be uniform and include links to online documentation for integrations owned by security-service-integrations

  #12781 merged Feb 19, 2025

• [cisco_ios] Support additional header format and message type

  #12828 merged Feb 19, 2025

• [ecs] windows platform packages to ecs 8.17

  #12636 merged Feb 19, 2025

• Fixed ingest pipeline used in Elasticsearch transform

  #12757 merged Feb 19, 2025

• Make filestream available in 9.X

  #12837 merged Feb 19, 2025

• auth0: fix event.type and event.category for failed authentication events

  #12816 merged Feb 18, 2025

• jamf_pro: make host.mac format conform to ECS definition

  #12797 merged Feb 18, 2025

• [Elasticsearch][Ingest pipeline] Stop truncating the elasticsearch server log messages

  #12813 merged Feb 18, 2025

• zscaler_zia: update kibana constraint to support 9.0.0

  #12777 merged Feb 18, 2025

• Updated description on ssl node in manifest.yml to be uniform and link to online documentation for integrations owned by sec-windows-platform

  #12772 merged Feb 18, 2025

• Updated description on ssl node in manifest.yml owned by logstash to be uniform with other integrations

  #12775 merged Feb 18, 2025

• Osquery Manager - add support for Kibana 9.0.0

  #12821 merged Feb 18, 2025

• aws: ignore long cloudtrail.{request_parameters,response_elements} fields

  #12755 merged Feb 18, 2025

• [awsfirehose] Avoid using dynamic templates for flattened objects

  #12570 merged Feb 17, 2025

• [Security Rules] Update security rules package to v8.16.8

  #12810 merged Feb 17, 2025

• [Security Rules] Update security rules package to v8.17.6

  #12811 merged Feb 17, 2025

• [Security Rules] Update security rules package to v8.14.23

  #12808 merged Feb 17, 2025

• [Security Rules] Update security rules package to v8.15.17

  #12809 merged Feb 17, 2025

• [Cloud Security] bump versions in cloud security posture integration

  #12565 merged Feb 17, 2025

• [Security Rules] Update security rules package to v8.16.8-beta.1

  #12805 merged Feb 17, 2025

• [Security Rules] Update security rules package to v8.17.6-beta.1

  #12806 merged Feb 17, 2025

• [Security Rules] Update security rules package to v8.15.17-beta.1

  #12804 merged Feb 17, 2025

• [Security Rules] Update security rules package to v8.14.23-beta.1

  #12803 merged Feb 17, 2025

• Enablement & Sanity test run for evoyproxy OBS integration package for 9.0.0

  #12788 merged Feb 17, 2025

• [cisco_meraki_metrics] wrap organization IDs in quotes

  #12769 merged Feb 17, 2025

• AWS Integration enable v9 Kibana support

  #12637 merged Feb 17, 2025

• checkpoint_harmony_endpoint: Fix indentation in forensics CEL program

  #12795 merged Feb 17, 2025

• symantec_endpoint_security: support ISO8601 timestamps

  #12729 merged Feb 16, 2025

• Updated description on ssl node to include links to online documentation for integrations owned by customer-architects

  #12771 merged Feb 15, 2025

• [Amazon Bedrock Guardrails] Update dashboard with policy violation details

  #12787 merged Feb 15, 2025

• AWS Firehose improve integration documentation

  #12732 merged Feb 14, 2025

• [Synthetics] Upgrade synthetic condition for v9.0.0 !!

  #12791 merged Feb 14, 2025

• [linux] Avoid using dynamic templates for flattened objects

  #12575 merged Feb 14, 2025

• Jamf Pro: fix flaky system tests

  #12689 merged Feb 14, 2025

• Enablement & Sanity test run for OpenAi OBS integration package for 9.0.0

  #12766 merged Feb 14, 2025

• [Exchange Server] Fix log.offset mapping type

  #12748 merged Feb 14, 2025

• checkpoint_harmony_endpoint.forensics: Improve error reporting for API requests

  #12778 merged Feb 14, 2025

• mimecast.audit_events: Prevent pageToken from incorrectly reappearing in interval requests

  #12770 merged Feb 14, 2025

• imperva_cloud_waf: fix syntax for error message construction

  #12779 merged Feb 14, 2025

22 Pull requests opened by 13 people

• #10464 Enabling Agentless for the OKTA integration

  #12794 opened Feb 14, 2025

• entityanalytics_okta: split user and device data into their own data streams

  #12798 opened Feb 17, 2025

• [teleport] Ensure to wait for all test docs in system tests

  #12801 opened Feb 17, 2025

• [azure logs] enable azure-eventhub input v2

  #12802 opened Feb 17, 2025

• [AmazonMQ] ActiveMQ metrics dataset of AmazonMQ

  #12807 opened Feb 17, 2025

• [Akamai] Add test logs to integration

  #12812 opened Feb 17, 2025

• [o365_metrics]Update ownership for O365 Metrics integration

  #12814 opened Feb 17, 2025

• snyk: prevent empty-keyed fields in snyk.audit_logs.content.notSupported

  #12817 opened Feb 18, 2025

• prisma_access: handle array PanOSDNSResponse values

  #12819 opened Feb 18, 2025

• [Windows] Add custom conditions support for Perfmon

  #12830 opened Feb 18, 2025

• jamf_pro: normalize jamf_pro.inventory.operating_system.version and os.version to three-part versions

  #12834 opened Feb 19, 2025

• mimecast: set event.kind:alert for appropriate events

  #12835 opened Feb 19, 2025

• packages/openai: Change default bucket_width and improve documentation

  #12838 opened Feb 19, 2025

• [rubrik] Add unmanaged objects datastream

  #12839 opened Feb 19, 2025

• [elasticsearch] Disable transform validation in system tests

  #12840 opened Feb 19, 2025

• Update security service integrations packages transform mappings

  #12841 opened Feb 19, 2025

• Update manifest.yml

  #12843 opened Feb 19, 2025

• [infoblox_nios] Remove event.created from the default pipeline for ECS conformity

  #12844 opened Feb 19, 2025

• Allow empty fields in the exchange integration redux

  #12846 opened Feb 19, 2025

• crowdstrike: deflake test

  #12848 opened Feb 20, 2025

• Initial changes for asset data-stream

  #12850 opened Feb 20, 2025

• [teleport] Update event-groups ingest pipeline to manage cloud fields if already present

  #12851 opened Feb 20, 2025

25 Issues closed by 14 people

• [Stack 9.1.0-SNAPSHOT] [jamf_pro] Failing test daily: system test: (elastic-agent logs - inventory) in jamf_pro.inventory

  #12743 closed Feb 20, 2025

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [jamf_pro] Failing test daily: system test: (elastic-agent logs - inventory) in jamf_pro.inventory

  #12764 closed Feb 20, 2025

• [Stack 8.19.0-SNAPSHOT] [jamf_pro] Failing test daily: system test: (elastic-agent logs - inventory) in jamf_pro.inventory

  #12762 closed Feb 20, 2025

• [elastic_agent] Improvements to the Elastic Agent Metrics Overview dashboard

  #12488 closed Feb 20, 2025

• Documentation changes for SSL node for integrations owned by obs-infraobs-integrations

  #12703 closed Feb 20, 2025

• [Security Integrations] Filestream Support

  #4533 closed Feb 20, 2025

• Documentation changes for SSL node for integrations owned by obs-ux-management-team

  #12709 closed Feb 20, 2025

• [Digital Guardian]: Include export profile in events

  #12437 closed Feb 20, 2025

• [Digital Guardian]: 'alert_wb' field is mapped as integer but values are Yes, No

  #12441 closed Feb 20, 2025

• Documentation changes for package level SSL nodes for integrations owned by security-services-integration

  #12705 closed Feb 19, 2025

• [auth0]: some events are marked as event.type: indicator, without filling any other indicator related fields

  #12622 closed Feb 18, 2025

• [jamf_pro]: log host.mac as RFC 7042 format

  #12747 closed Feb 18, 2025

• [Elasticsearch]: Ingest pipeline created to process Elasticserver logs truncates log messages

  #12501 closed Feb 18, 2025

• tenable_io: Setup Tenable IO data in demo cluster.

  #12825 closed Feb 18, 2025

• [LMD]: Transform asset of the integration turns unavailable after stack upgrade

  #12486 closed Feb 18, 2025

• Documentation changes for SSL node for integrations owned by sec-windows-platform

  #12710 closed Feb 18, 2025

• Documentation changes for SSL node for integrations owned by logstash

  #12707 closed Feb 18, 2025

• [O11y][CEPH] Missing metric_type in fields.yml file

  #7443 closed Feb 17, 2025

• [Stack 9.0.0-SNAPSHOT] failing tests for OBS Non-Cloud Packages

  #12548 closed Feb 17, 2025

• [Meta] Obs-ds-hosted-services Integration enablement for 9.0.0

  #12529 closed Feb 17, 2025

• Documentation Update for SSL node for integrations owned by customer-architects

  #12699 closed Feb 15, 2025

• [Amazon Bedrock] Gudardrails dashboard improvements

  #12786 closed Feb 15, 2025

• [Stack 8.18.0-SNAPSHOT] [jamf_pro] Failing test daily: system test: (elastic-agent logs - inventory) in jamf_pro.inventory

  #12280 closed Feb 14, 2025

• [LogsDB] [Stack 8.18.0-SNAPSHOT] [jamf_pro] Failing test daily: system test: (elastic-agent logs - inventory) in jamf_pro.inventory

  #12278 closed Feb 14, 2025

• [Stack 9.0.0-SNAPSHOT] [jamf_pro] Failing test daily: system test: (elastic-agent logs - inventory) in jamf_pro.inventory

  #12314 closed Feb 14, 2025

17 Issues opened by 14 people

• [Integration Name]: Add capability to set timezone for logs dataset

  #12854 opened Feb 20, 2025

• [filestream]: Support setting `condition`

  #12853 opened Feb 20, 2025

• [CrowdStrike TI]: Indicator column in Security Intelligence not filled

  #12852 opened Feb 20, 2025

• [Elasticsearch]: Elasticsearch use deprecated _source.mode

  #12847 opened Feb 19, 2025

• [Azure Logs]: Sign-In Logs Reporting `none` Where Value Exists

  #12833 opened Feb 19, 2025

• [Microsoft SQL Server]: Update documentation and grok error codes

  #12832 opened Feb 18, 2025

• [windows]: Add support for additional Windows Event Channels

  #12831 opened Feb 18, 2025

• [Windows]: Enable custom conditionals for Perfmon

  #12829 opened Feb 18, 2025

• TenableIO: Implement transform for Cloud Security Workflows

  #12827 opened Feb 18, 2025

• TenableIO: Implement mappings for Cloud Security Workflows

  #12826 opened Feb 18, 2025

• [meta] Update Tenable IO integration to Leverage Native Cloud Security Workflows

  #12823 opened Feb 18, 2025

• Crowdstrike FDR: Scaling host metadata enrichment

  #12822 opened Feb 18, 2025

• [Logstash]: Fail to install 2.6.1 by uploading package

  #12815 opened Feb 17, 2025

• [Azure Logs] Enable azure-eventhub input v2

  #12800 opened Feb 17, 2025

• [jamf_pro]: Normalize macOS version number

  #12799 opened Feb 17, 2025

• Add grok pattern to vSphere Logs datastream

  #12789 opened Feb 14, 2025

• [Stack 9.1.0-SNAPSHOT] [system] Failing test daily: system test: journald in system.auth

  #12785 opened Feb 14, 2025

52 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• [google_secops] Initial release of the google secops

  #12767 commented on Feb 20, 2025 • 36 new comments

• [Nvidia/GPU] Introduce Nvidia GPU Integration

  #12768 commented on Feb 19, 2025 • 23 new comments

• Admin By Request EPM Connector

  #12402 commented on Feb 20, 2025 • 23 new comments

• [AWS S3] Introduce start timestamp and ignore older timespan to AWS S3 based integrations

  #12645 commented on Feb 20, 2025 • 4 new comments

• [Azure OpenAI] Enhance Azure openAI dashboard

  #12739 commented on Feb 20, 2025 • 2 new comments

• [auditd_manager] Update fields and sample_event.json

  #12541 commented on Feb 20, 2025 • 1 new comment

• [Stack 8.19.0-SNAPSHOT] [system] Failing test daily: system test: journald in system.auth

  #12763 commented on Feb 20, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [juniper_junos] Failing test daily: system test: logfile in juniper_junos.log

  #12744 commented on Feb 20, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [juniper_netscreen] Failing test daily: system test: logfile in juniper_netscreen.log

  #12745 commented on Feb 20, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [system] Failing test daily: system test: journald in system.auth

  #12765 commented on Feb 20, 2025 • 0 new comments

• [LogsDB] [Stack 8.18.0-SNAPSHOT] [crowdstrike] Failing test daily: system test: keep-metadata in crowdstrike.fdr

  #12683 commented on Feb 20, 2025 • 0 new comments

• [Epic] Road to Agentless + Security Integrations Release (Phase I)

  #11810 commented on Feb 20, 2025 • 0 new comments

• [m365_defender] [o365] Add new fields to o365 and M365 Defender integrations

  #12519 commented on Feb 20, 2025 • 0 new comments

• Remove deprecated data streams for 9.0

  #11775 commented on Feb 20, 2025 • 0 new comments

• [AWS] Clarify the role of "Default AWS Region"

  #12749 commented on Feb 20, 2025 • 0 new comments

• Test elastic-package#2347 - DO NOT MERGE

  #12387 commented on Feb 14, 2025 • 0 new comments

• microsoft_sentinel: Add agentless deployment

  #12586 commented on Feb 18, 2025 • 0 new comments

• [citrix_adc] Support parsing syslog RFC 5424 messages

  #12608 commented on Feb 18, 2025 • 0 new comments

• [windows_etw] Make etw input package GA

  #12638 commented on Feb 19, 2025 • 0 new comments

• Inital PR for WMI Input Package

  #12654 commented on Feb 14, 2025 • 0 new comments

• - recreated from integrations prototype

  #12720 commented on Feb 18, 2025 • 0 new comments

• panw_cortex_xdr.alerts: Support alerts v2 API

  #12725 commented on Feb 19, 2025 • 0 new comments

• [Azure] [PlatformLogs] Fix pipeline for edge cases

  #12735 commented on Feb 20, 2025 • 0 new comments

• jamf_pro: add ecs mappings for jamf fields

  #12760 commented on Feb 18, 2025 • 0 new comments

• Updated description on ssl nodes in package level manifest.yml for files owned by obs-infraobs-integrations

  #12780 commented on Feb 20, 2025 • 0 new comments

• Endace Integration enhancements

  #12784 commented on Feb 17, 2025 • 0 new comments

• Dimension field issue in Metrics Datastream when ecs mappings template from ES is adopted

  #8623 commented on Feb 14, 2025 • 0 new comments

• [AWS][Firehose] Documentation

  #12150 commented on Feb 14, 2025 • 0 new comments

• [Juniper SRX] Documentation improvement needed

  #11807 commented on Feb 15, 2025 • 0 new comments

• [Traefik Integration] Support for V2 metrics

  #9820 commented on Feb 16, 2025 • 0 new comments

• [Infoblox NIOS]: Text 'my-dc.mysubdom.mydom.tld: AD authentication for user AlphaNumericUser123' could not be parsed at index 0

  #12730 commented on Feb 16, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [envoyproxy] Failing test daily: system test: default in envoyproxy.log

  #12742 commented on Feb 17, 2025 • 0 new comments

• [entityanalytics_okta]: device assets mixed up with user assets

  #12657 commented on Feb 17, 2025 • 0 new comments

• [entityanalytics_ad]: computer names are mapped as user names

  #11818 commented on Feb 17, 2025 • 0 new comments

• [AWS Firehose] populate event.dataset field for ingested records

  #12750 commented on Feb 17, 2025 • 0 new comments

• [Qualys VMDR][6.0.0] Request-URI Too Long

  #12731 commented on Feb 17, 2025 • 0 new comments

• [entityanalytics_okta]: deactivated users aren't imported

  #12658 commented on Feb 17, 2025 • 0 new comments

• [Prisma Access]: convert_extension_PanOSDNSResponse_to_ip processor fails on array values

  #12245 commented on Feb 18, 2025 • 0 new comments

• [Stack 9.0.0-SNAPSHOT] [snyk] Failing test daily: system test: default in snyk.audit_logs

  #12617 commented on Feb 18, 2025 • 0 new comments

• [Infoblox NIOS]: error.message For input string: "7257537 offered-duration 7257579 (RENEW)"

  #12728 commented on Feb 18, 2025 • 0 new comments

• Firewall Integrations | Support Additional Syslog Formats

  #4077 commented on Feb 18, 2025 • 0 new comments

• [HashiCorp Vault]: Support for KMIP audit logs

  #12498 commented on Feb 18, 2025 • 0 new comments

• [Netflow] Support TSDS

  #7549 commented on Feb 18, 2025 • 0 new comments

• [Fortinet Fortigate] Split current dataset into multiple datasets

  #12606 commented on Feb 18, 2025 • 0 new comments

• [Nvidia GPU] New Integration for Nvidia GPU Monitoring

  #11930 commented on Feb 19, 2025 • 0 new comments

• Log Collection Using VSphere Elastic Agent Integration

  #9190 commented on Feb 19, 2025 • 0 new comments

• [Mimecast] Add `event.kind: alert` to parse alert data

  #12600 commented on Feb 19, 2025 • 0 new comments

• [entityanalytics_okta]: provide alternative Okta Integration Network (OIN) authentication

  #12663 commented on Feb 19, 2025 • 0 new comments

• [New Integration] Qualys Web Application Scanning

  #12008 commented on Feb 19, 2025 • 0 new comments

• [aws] Missing cfn-init execution logs in AWS Cloudformation

  #12621 commented on Feb 19, 2025 • 0 new comments

• [entityanalytics_okta]: failed to get user group membership for <USERID>: context canceled

  #12653 commented on Feb 19, 2025 • 0 new comments

• Remove `max_number_of_messages` for SQS+S3-based inputs

  #12101 commented on Feb 19, 2025 • 0 new comments