elastic
diff --git a/‎.buildkite/pipeline.schedule-daily.yml‎
Lines changed: 13 additions & 0 deletions b/‎.buildkite/pipeline.schedule-daily.yml‎
Lines changed: 13 additions & 0 deletions
diff --git a/‎.buildkite/pipeline.schedule-weekly.yml‎
Lines changed: 29 additions & 0 deletions b/‎.buildkite/pipeline.schedule-weekly.yml‎
Lines changed: 29 additions & 0 deletions
diff --git a/‎.buildkite/pipeline.serverless.yml‎
Lines changed: 2 additions & 0 deletions b/‎.buildkite/pipeline.serverless.yml‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎.buildkite/pipeline.yml‎
Lines changed: 6 additions & 2 deletions b/‎.buildkite/pipeline.yml‎
Lines changed: 6 additions & 2 deletions
diff --git a/‎.buildkite/scripts/common.sh‎
Lines changed: 4 additions & 0 deletions b/‎.buildkite/scripts/common.sh‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎.github/CODEOWNERS‎
Lines changed: 4 additions & 0 deletions b/‎.github/CODEOWNERS‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎.github/ISSUE_TEMPLATE/integration_bug.yml‎
Lines changed: 14 additions & 4 deletions b/‎.github/ISSUE_TEMPLATE/integration_bug.yml‎
Lines changed: 14 additions & 4 deletions
diff --git a/‎.github/workflows/updatecli/updatecli.d/bump-latest-snapshot-version.yml‎
Lines changed: 24 additions & 4 deletions b/‎.github/workflows/updatecli/updatecli.d/bump-latest-snapshot-version.yml‎
Lines changed: 24 additions & 4 deletions
diff --git a/‎.github/workflows/updatecli/updatecli.d/sync-packages-to-bug-issue-template.yml‎
Lines changed: 51 additions & 0 deletions b/‎.github/workflows/updatecli/updatecli.d/sync-packages-to-bug-issue-template.yml‎
Lines changed: 51 additions & 0 deletions
diff --git a/‎.go-version‎
Lines changed: 1 addition & 1 deletion b/‎.go-version‎
Lines changed: 1 addition & 1 deletion
@@ -38,6 +38,19 @@ steps:
       - step: "check"
         allow_failure: false
 
+  - label: "Check integrations local stacks - Stack Version v8.16 - LogsDB"
+    trigger: "integrations"
+    build:
+      env:
+        SERVERLESS: "false"
+        FORCE_CHECK_ALL: "true"
+        STACK_VERSION: 8.16.0-SNAPSHOT
+        STACK_LOGSDB_ENABLED: "true"
+        PUBLISH_COVERAGE_REPORTS: "false"
+    depends_on:
+      - step: "check"
+        allow_failure: false
+
   - label: "Check integrations in serverless - project: Observability"
     key: "trigger-integrations-serverless-obs"
     trigger: "integrations-serverless"
 
@@ -0,0 +1,29 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/buildkite/pipeline-schema/main/schema.json
+name: integrations-schedule-weekly
+
+env:
+  SETUP_GVM_VERSION: "v0.5.2"
+  LINUX_AGENT_IMAGE: "golang:${GO_VERSION}"
+
+# The pipeline is triggered by the scheduler every week
+steps:
+  - label: ":white_check_mark: Check go sources"
+    key: "check"
+    command: ".buildkite/scripts/check_sources.sh"
+    agents:
+      image: "${LINUX_AGENT_IMAGE}"
+      cpu: "8"
+      memory: "4G"
+
+  - label: "Check integrations local stacks and Elastic Agent Ubuntu docker - Stack Version v8.16"
+    trigger: "integrations"
+    build:
+      env:
+        SERVERLESS: "false"
+        FORCE_CHECK_ALL: "true"
+        STACK_VERSION: 8.16.0-SNAPSHOT
+        PUBLISH_COVERAGE_REPORTS: "false"
+        ELASTIC_PACKAGE_DISABLE_ELASTIC_AGENT_WOLFI: "true"
+    depends_on:
+      - step: "check"
+        allow_failure: false
@@ -26,6 +26,8 @@ env:
   ELASTIC_PACKAGE_TEST_ENABLE_INDEPENDENT_AGENT: "true"
   # Set maximum number of parallel tests to run if package allows it
   ELASTIC_PACKAGE_MAXIMUM_NUMBER_PARALLEL_TESTS: "5"
+  # Enable/Disable the usage of wolfi images for Elastic Agent
+  ELASTIC_PACKAGE_DISABLE_ELASTIC_AGENT_WOLFI: "${ELASTIC_PACKAGE_DISABLE_ELASTIC_AGENT_WOLFI:-false}"
 
 steps:
   - input: "Input values for the variables"
 
@@ -1,14 +1,16 @@
 # yaml-language-server: $schema=https://raw.githubusercontent.com/buildkite/pipeline-schema/main/schema.json
 env:
   SETUP_GVM_VERSION: "v0.5.2"
-  LINUX_AGENT_IMAGE: "golang:${GO_VERSION}"
   DOCKER_COMPOSE_VERSION: "v2.24.1"
   DOCKER_VERSION: "26.1.2"
   KIND_VERSION: 'v0.20.0'
   K8S_VERSION: 'v1.31.0'
   YQ_VERSION: 'v4.35.2'
   JQ_VERSION: '1.7'
   GH_CLI_VERSION: "2.29.0"
+
+  # Agent images used in pipeline steps
+  LINUX_AGENT_IMAGE: "golang:${GO_VERSION}"
   IMAGE_UBUNTU_X86_64: "family/core-ubuntu-2204"
 
   # Elastic package settings
@@ -24,6 +26,8 @@ env:
   ELASTIC_PACKAGE_TEST_ENABLE_INDEPENDENT_AGENT: "true"
   # Set maximum number of parallel tests to run if package allows it
   ELASTIC_PACKAGE_MAXIMUM_NUMBER_PARALLEL_TESTS: "5"
+  # Enable/Disable the usage of wolfi images for Elastic Agent
+  ELASTIC_PACKAGE_DISABLE_ELASTIC_AGENT_WOLFI: "${ELASTIC_PACKAGE_DISABLE_ELASTIC_AGENT_WOLFI:-false}"
 
 steps:
   - label: "Get reference from target branch"
@@ -99,4 +103,4 @@ steps:
     soft_fail: true
     # run this step when if it is triggered by the daily job
     if: >
-      build.source == "trigger_job" &&  build.env('BUILDKITE_TRIGGERED_FROM_BUILD_PIPELINE_SLUG') == "integrations-schedule-daily"
+      build.source == "trigger_job" &&  build.env('BUILDKITE_TRIGGERED_FROM_BUILD_PIPELINE_SLUG') == "integrations-schedule-daily" && build.env('STACK_LOGSDB_ENABLED') != "true"
@@ -503,6 +503,10 @@ prepare_stack() {
         fi
     fi
 
+    if [ "${STACK_LOGSDB_ENABLED:-false}" == "true" ]; then
+        args="${args} -U stack.logsdb_enabled=true"
+    fi
+
     echo "Boot up the Elastic stack"
     if ! ${ELASTIC_PACKAGE_BIN} stack up -d ${args} ; then
         return 1
 
@@ -24,6 +24,7 @@
 /packages/auditd @elastic/sec-linux-platform
 /packages/auditd_manager @elastic/sec-linux-platform
 /packages/auth0 @elastic/security-service-integrations
+/packages/authentik @elastic/security-service-integrations
 /packages/aws @elastic/obs-infraobs-integrations @elastic/obs-ds-hosted-services @elastic/security-service-integrations
 /packages/aws/changelog.yml @elastic/obs-ds-hosted-services @elastic/security-service-integrations @elastic/obs-infraobs-integrations
 /packages/aws/data_stream/apigateway_logs @elastic/obs-infraobs-integrations
@@ -141,6 +142,7 @@
 /packages/cisco_umbrella @elastic/security-service-integrations
 /packages/citrix_adc @elastic/obs-infraobs-integrations
 /packages/citrix_waf @elastic/sec-deployment-and-devices
+/packages/claroty_ctd @elastic/security-service-integrations
 /packages/cloud_defend @elastic/sec-linux-platform
 /packages/cloud_security_posture @elastic/cloud-security-posture
 /packages/cloud_asset_inventory @elastic/cloud-security-posture
@@ -176,6 +178,7 @@
 /packages/falco @elastic/security-service-integrations
 /packages/fim @elastic/sec-linux-platform
 /packages/fireeye @elastic/security-service-integrations
+/packages/first_epss @elastic/security-service-integrations
 /packages/fleet_server @elastic/fleet
 /packages/forcepoint_web @elastic/security-service-integrations
 /packages/forgerock @elastic/security-service-integrations
@@ -326,6 +329,7 @@
 /packages/stan @elastic/obs-infraobs-integrations
 /packages/statsd_input @elastic/obs-infraobs-integrations
 /packages/stormshield @elastic/sec-deployment-and-devices
+/packages/sublime_security @elastic/security-service-integrations
 /packages/suricata @elastic/sec-deployment-and-devices
 /packages/symantec_edr_cloud @elastic/security-service-integrations
 /packages/symantec_endpoint @elastic/security-service-integrations
 
@@ -14,6 +14,7 @@ body:
       description: Which integration package are you having issues with?
       options:
         - 1Password [1password]
+        - Abnormal Security [abnormal_security]
         - ActiveMQ [activemq]
         - Airflow [airflow]
         - Akamai [akamai]
@@ -29,10 +30,11 @@ body:
         - Auditd Logs [auditd]
         - Auditd Manager [auditd_manager]
         - Auth0 [auth0]
+        - authentik [authentik]
         - AWS [aws]
         - AWS Bedrock [aws_bedrock]
         - Custom AWS Logs [aws_logs]
-        - AWS Fargate [awsfargate]
+        - AWS Fargate (for ECS clusters) [awsfargate]
         - Amazon Data Firehose [awsfirehose]
         - Azure Logs [azure]
         - Azure App Service [azure_app_service]
@@ -54,6 +56,7 @@ body:
         - Bitwarden [bitwarden]
         - Blue Coat Director Logs (Deprecated) [bluecoat]
         - Box Events [box_events]
+        - Canva [canva]
         - VMware Carbon Black Cloud [carbon_black_cloud]
         - VMware Carbon Black EDR [carbonblack_edr]
         - Cassandra [cassandra]
@@ -94,6 +97,7 @@ body:
         - Darktrace [darktrace]
         - Data Exfiltration Detection [ded]
         - Domain Generation Algorithm Detection [dga]
+        - Digital Guardian [digital_guardian]
         - Docker [docker]
         - Elastic Agent [elastic_agent]
         - Elastic Package Registry [elastic_package_registry]
@@ -106,6 +110,7 @@ body:
         - etcd [etcd]
         - F5 Logs (Deprecated) [f5]
         - F5 BIG-IP [f5_bigip]
+        - Falco [falco]
         - File Integrity Monitoring [fim]
         - FireEye Network Security [fireeye]
         - Fleet Server [fleet_server]
@@ -120,8 +125,10 @@ body:
         - Google Cloud Platform [gcp]
         - GCP Metrics Input [gcp_metrics]
         - Custom Google Pub/Sub Logs [gcp_pubsub]
+        - Gigamon [gigamon]
         - GitHub [github]
         - GitLab [gitlab]
+        - GoFlow2 logs [goflow2]
         - Golang [golang]
         - Custom GCS (Google Cloud Storage) Input [google_cloud_storage]
         - Google Security Command Center [google_scc]
@@ -201,10 +208,12 @@ body:
         - Platform Observability [platform_observability]
         - PostgreSQL [postgresql]
         - Pleasant Password Server [pps]
+        - Palo Alto Prisma Access [prisma_access]
         - Palo Alto Prisma Cloud [prisma_cloud]
         - Living off the Land Attack Detection [problemchild]
         - Prometheus [prometheus]
         - Prometheus Input [prometheus_input]
+        - Proofpoint On Demand [proofpoint_on_demand]
         - Proofpoint TAP [proofpoint_tap]
         - Pulse Connect Secure [pulse_connect_secure]
         - QNAP NAS [qnap_nas]
@@ -226,11 +235,13 @@ body:
         - Sophos [sophos]
         - Sophos Central [sophos_central]
         - Spring Boot [spring_boot]
+        - SpyCloud Enterprise Protection [spycloud]
         - SQL Input [sql_input]
-        - Squid Logs [squid]
+        - Squid Proxy [squid]
         - STAN [stan]
         - StatsD Input [statsd_input]
         - StormShield SNS [stormshield]
+        - Sublime Security [sublime_security]
         - Suricata [suricata]
         - Symantec EDR Cloud [symantec_edr_cloud]
         - Symantec Endpoint Protection [symantec_endpoint]
@@ -290,7 +301,6 @@ body:
         - Zoom [zoom]
         - Zscaler Internet Access [zscaler_zia]
         - Zscaler Private Access [zscaler_zpa]
-
     validations:
       required: true
   - type: input
@@ -377,7 +387,7 @@ body:
     id: what_did_you_see
     attributes:
       label: What did you see?
-      description: Please provide the ingested document, relevant logging or dashboard screen shot that shows the issue behavior. 
+      description: Please provide the ingested document, relevant logging or dashboard screen shot that shows the issue behavior.
       placeholder: Paste the sanitized details here.
     validations:
       required: true
 
@@ -43,8 +43,8 @@ sources:
           captureindex: 1
 
 targets:
-  update-snapshot:
-    name: '[updatecli] Update latest snapshot to {{ source "latestSnapshot" }}'
+  update-snapshot-daily:
+    name: '[updatecli] [daily] Update latest snapshot to {{ source "latestSnapshot" }}'
     kind: file
     sourceid: latestSnapshot
     scmid: default
@@ -53,12 +53,32 @@ targets:
       matchpattern: '(STACK_VERSION:) 8\.[^\s]*\.[^\s]*'
       replacepattern: '$1 {{ source "latestSnapshot" }}'
 
-  update-snapshot-label:
-    name: '[updatecli] Update latest snapshot label step to {{ source "latestSnapshotMajorMinor" }}'
+  update-snapshot-label-daily:
+    name: '[updatecli] [daily] Update latest snapshot label step to {{ source "latestSnapshotMajorMinor" }}'
     kind: file
     sourceid: latestSnapshotMajorMinor
     scmid: default
     spec:
       file: '.buildkite/pipeline.schedule-daily.yml'
       matchpattern: '(Stack Version) v8\.\d+"'
       replacepattern: 'Stack Version v{{ source "latestSnapshotMajorMinor" }}"'
+
+  update-snapshot-weekly:
+    name: '[updatecli] [weekly] Update latest snapshot to {{ source "latestSnapshot" }}'
+    kind: file
+    sourceid: latestSnapshot
+    scmid: default
+    spec:
+      file: '.buildkite/pipeline.schedule-weekly.yml'
+      matchpattern: '(STACK_VERSION:) 8\.[^\s]*\.[^\s]*'
+      replacepattern: '$1 {{ source "latestSnapshot" }}'
+
+  update-snapshot-label-weekly:
+    name: '[updatecli] [weekly] Update latest snapshot label step to {{ source "latestSnapshotMajorMinor" }}'
+    kind: file
+    sourceid: latestSnapshotMajorMinor
+    scmid: default
+    spec:
+      file: '.buildkite/pipeline.schedule-weekly.yml'
+      matchpattern: '(Stack Version) v8\.\d+"'
+      replacepattern: 'Stack Version v{{ source "latestSnapshotMajorMinor" }}"'
@@ -0,0 +1,51 @@
+---
+name: Update package list in Github bug issue template
+pipelineid: sync-packages-to-bug-issue-template
+
+scms:
+  default:
+    kind: github
+    spec:
+      owner: '{{ .scm.owner }}'
+      repository: '{{ .scm.repository }}'
+      user: '{{ requiredEnv "GITHUB_ACTOR" }}'
+      username: '{{ requiredEnv "GITHUB_ACTOR" }}'
+      token: '{{ requiredEnv "GITHUB_TOKEN" }}'
+      commitusingapi: true
+      branch: main
+
+targets:
+  integration_bug_yml:
+    name: update pkgs in .github/ISSUE_TEMPLATE/integration_bug.yml
+    kind: shell
+    scmid: default
+    spec:
+      environments:
+        - name: PATH
+        - name: HOME
+      # This script collects titles and package names (as determined by their
+      # directory name) from source. Then updates the issue template. It uses
+      # 'git diff' to satisfy the conditions needed by updatecli to determine
+      # if any changes occurred.
+      command: |
+        #!/usr/bin/env bash
+        set -eu
+
+        pkgs=$(for i in $(LC_ALL=C ls packages); do
+          title=$(yq .title packages/$i/manifest.yml)
+          pkg=$i
+          echo "- $title [$pkg]"
+        done | yq -o json .)
+        
+        yq eval ".body[1].attributes.options = $pkgs" -i '.github/ISSUE_TEMPLATE/integration_bug.yml'
+        
+        git diff --name-only HEAD
+
+actions:
+  openPullRequest:
+    title: '[automation] Update packages in .github/ISSUE_TEMPLATE/integration_bug.yml'
+    kind: github/pullrequest
+    scmid: default
+    spec:
+      labels:
+        - automation
@@ -1 +1 @@
-1.22.2
+1.22.6