Skip to content

Commit 35eb196

Browse files
Linu-EliasLinu-Elias
authored
Merge branch 'main' into aws_cloudfront_fix
2 parents 317bfe7 + 7b64280 commit 35eb196

File tree

216 files changed

+33029
-875
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

216 files changed

+33029
-875
lines changed

.github/CODEOWNERS

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -89,6 +89,7 @@
8989
/packages/aws_cloudtrail_otel @elastic/obs-infraobs-integrations
9090
/packages/aws_logs @elastic/obs-ds-hosted-services
9191
/packages/aws_mq @elastic/obs-infraobs-integrations
92+
/packages/aws_securityhub @elastic/security-service-integrations
9293
/packages/aws_bedrock_agentcore @elastic/obs-infraobs-integrations
9394
/packages/aws_vpcflow_otel @elastic/obs-infraobs-integrations
9495
/packages/awsfargate @elastic/obs-infraobs-integrations

.github/ISSUE_TEMPLATE/integration_bug.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -48,6 +48,7 @@ body:
4848
- AWS Cost and Usage Report (CUR 2.0) [aws_billing]
4949
- AWS ELB OpenTelemetry Assets [aws_elb_otel]
5050
- AWS Fargate (for ECS clusters) [awsfargate]
51+
- AWS Security Hub [aws_securityhub]
5152
- AWS VPC Flow Logs OpenTelemetry Assets [aws_vpcflow_otel]
5253
- AWS [aws]
5354
- Azure AI Foundry [azure_ai_foundry]
@@ -143,7 +144,7 @@ body:
143144
- Cyware Intel Exchange [ti_cyware_intel_exchange]
144145
- Darktrace [darktrace]
145146
- Data Exfiltration Detection [ded]
146-
- Defend for Containers (Deprecated) [cloud_defend]
147+
- Defend for Containers (BETA) [cloud_defend]
147148
- Digital Guardian [digital_guardian]
148149
- Docker OpenTelemetry Assets [docker_otel]
149150
- Docker [docker]

.github/ISSUE_TEMPLATE/integration_feature_request.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -48,6 +48,7 @@ body:
4848
- AWS Cost and Usage Report (CUR 2.0) [aws_billing]
4949
- AWS ELB OpenTelemetry Assets [aws_elb_otel]
5050
- AWS Fargate (for ECS clusters) [awsfargate]
51+
- AWS Security Hub [aws_securityhub]
5152
- AWS VPC Flow Logs OpenTelemetry Assets [aws_vpcflow_otel]
5253
- AWS [aws]
5354
- Azure AI Foundry [azure_ai_foundry]
@@ -143,7 +144,7 @@ body:
143144
- Cyware Intel Exchange [ti_cyware_intel_exchange]
144145
- Darktrace [darktrace]
145146
- Data Exfiltration Detection [ded]
146-
- Defend for Containers (Deprecated) [cloud_defend]
147+
- Defend for Containers (BETA) [cloud_defend]
147148
- Digital Guardian [digital_guardian]
148149
- Docker OpenTelemetry Assets [docker_otel]
149150
- Docker [docker]

.github/workflows/bump-elastic-stack-version.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@ jobs:
2525
- uses: actions/checkout@v6
2626

2727
- name: Install Updatecli in the runner
28-
uses: updatecli/updatecli-action@9a21b6911fe58865c8346d4fde3470010f49bf31 #v2.97.0
28+
uses: updatecli/updatecli-action@b846825b298f5351abd80f94c4f9eab63a38a804 #v2.98.0
2929

3030
- name: Select diff action
3131
if: ${{ github.event_name == 'pull_request' }}

packages/akamai/changelog.yml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,12 @@
11
# newer versions go on top
2+
- version: "3.1.0"
3+
changes:
4+
- description: Add recovery_interval parameter to control lookback period during recovery mode.
5+
type: enhancement
6+
link: https://github.com/elastic/integrations/pull/16568
7+
- description: Handle 400 status code with invalid timestamp error switching to recovery mode.
8+
type: bugfix
9+
link: https://github.com/elastic/integrations/pull/16568
210
- version: "3.0.2"
311
changes:
412
- description: Fix the issue of populating tags and terminate the pipeline on agent failures.

packages/akamai/data_stream/siem/agent/stream/cel.yml.hbs

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@ state:
2424
access_token: {{access_token}}
2525
client_secret: {{client_secret}}
2626
initial_interval: {{initial_interval}}
27+
recovery_interval: {{recovery_interval}}
2728
event_limit: {{event_limit}}
2829

2930
redact:
@@ -37,7 +38,7 @@ program: |-
3738
(
3839
state.?cursor.recovery_mode.orValue(false) ?
3940
{
40-
"from": int(now - duration("12h")),
41+
"from": int(now - duration(state.recovery_interval)),
4142
"to": int(now - duration("1m")),
4243
}
4344
: state.?cursor.last_offset.hasValue() ?
@@ -112,7 +113,7 @@ program: |-
112113
"want_more": lines.size() >= int(state.event_limit),
113114
}
114115
)
115-
: (resp.StatusCode == 416) ?
116+
: (resp.StatusCode == 416 || (resp.StatusCode == 400 && size(resp.Body) != 0 && bytes(resp.Body).decode_json().as(errorBody, has(errorBody.detail) && errorBody.detail.to_lower().contains("invalid timestamp")))) ?
116117
{
117118
"events": [
118119
{

packages/akamai/data_stream/siem/manifest.yml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -69,6 +69,14 @@ streams:
6969
show_user: true
7070
default: 12h
7171
description: Initial interval to poll for events. Default is the maximum allowed value of 12 hours. Supported units for this parameter are h/m/s.
72+
- name: recovery_interval
73+
type: text
74+
title: Recovery Interval
75+
multi: false
76+
required: true
77+
show_user: false
78+
default: 12h
79+
description: Lookback period for data retrieval when the integration enters recovery mode. Default and maximum allowed value is 12 hours. Supported units for this parameter are h/m/s.
7280
- name: event_limit
7381
type: integer
7482
multi: false

packages/akamai/manifest.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
name: akamai
22
title: Akamai
3-
version: "3.0.2"
3+
version: "3.1.0"
44
description: Collect logs from Akamai with Elastic Agent.
55
type: integration
66
format_version: "3.3.2"

packages/aws/changelog.yml

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,14 @@
11
# newer versions go on top
2-
- version: "5.0.1"
2+
- version: "5.1.1"
33
changes:
44
- description: Add `cookies` field in cloudfront logs datastream.
55
type: bugfix
66
link: https://github.com/elastic/integrations/pull/16122
7+
- version: "5.1.0"
8+
changes:
9+
- description: Set `event.kind` to `alert` on AWS WAF events.
10+
type: enhancement
11+
link: https://github.com/elastic/integrations/pull/16515
712
- version: "5.0.0"
813
changes:
914
- description: |

packages/aws/data_stream/waf/_dev/test/pipeline/test-waf.log-expected.json

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -46,7 +46,7 @@
4646
"web",
4747
"network"
4848
],
49-
"kind": "event",
49+
"kind": "alert",
5050
"original": "{\"timestamp\":1576280412771,\"formatVersion\":1,\"webaclId\":\"arn:aws:wafv2:ap-southeast-2:EXAMPLE12345:regional/webacl/STMTest/1EXAMPLE-2ARN-3ARN-4ARN-123456EXAMPLE\",\"terminatingRuleId\":\"STMTest_SQLi_XSS\",\"terminatingRuleType\":\"REGULAR\",\"action\":\"BLOCK\",\"terminatingRuleMatchDetails\":[{\"conditionType\":\"SQL_INJECTION\",\"location\":\"HEADER\",\"matchedData\":[\"10\",\"AND\",\"1\"]}],\"httpSourceName\":\"-\",\"httpSourceId\":\"-\",\"ruleGroupList\":[],\"rateBasedRuleList\":[],\"nonTerminatingMatchingRules\":[],\"httpRequest\":{\"clientIp\":\"89.160.20.156\",\"country\":\"AU\",\"headers\":[{\"name\":\"Host\",\"value\":\"localhost:1989\"},{\"name\":\"User-Agent\",\"value\":\"curl/7.61.1\"},{\"name\":\"Accept\",\"value\":\"*/*\"},{\"name\":\"x-stm-test\",\"value\":\"10 AND 1=1\"}],\"uri\":\"/foo\",\"args\":\"\",\"httpVersion\":\"HTTP/1.1\",\"httpMethod\":\"GET\",\"requestId\":\"rid\"},\"labels\":[{\"name\":\"value\"}]}",
5151
"type": [
5252
"access",
@@ -153,7 +153,7 @@
153153
"web",
154154
"network"
155155
],
156-
"kind": "event",
156+
"kind": "alert",
157157
"original": "{\"timestamp\":1592357192516,\"formatVersion\":1,\"webaclId\":\"arn:aws:wafv2:us-east-1:123456789012:global/webacl/hello-world/5933d6d9-9dde-js82-v8aw-9ck28nv9\",\"terminatingRuleId\":\"Default_Action\",\"terminatingRuleType\":\"REGULAR\",\"action\":\"ALLOW\",\"terminatingRuleMatchDetails\":[],\"httpSourceName\":\"-\",\"httpSourceId\":\"-\",\"ruleGroupList\":[],\"rateBasedRuleList\":[],\"nonTerminatingMatchingRules\":[{\"ruleId\":\"TestRule\",\"action\":\"COUNT\",\"ruleMatchDetails\":[{\"conditionType\":\"SQL_INJECTION\",\"location\":\"HEADER\",\"matchedData\":[\"10\",\"and\",\"1\"]}]}],\"httpRequest\":{\"clientIp\":\"89.160.20.156\",\"country\":\"US\",\"headers\":[{\"name\":\"Host\",\"value\":\"localhost:1989\"},{\"name\":\"User-Agent\",\"value\":\"curl/7.61.1\"},{\"name\":\"Accept\",\"value\":\"*/*\"},{\"name\":\"foo\",\"value\":\"10 AND 1=1\"}],\"uri\":\"/foo\",\"args\":\"\",\"httpVersion\":\"HTTP/1.1\",\"httpMethod\":\"GET\",\"requestId\":\"rid\"},\"labels\":[{\"name\":\"value\"}]}",
158158
"type": [
159159
"access",
@@ -280,7 +280,7 @@
280280
"web",
281281
"network"
282282
],
283-
"kind": "event",
283+
"kind": "alert",
284284
"original": "{\"timestamp\":1592361810888,\"formatVersion\":1,\"webaclId\":\"arn:aws:wafv2:us-east-1:123456789012:global/webacl/hello-world/5933d6d9-9dde-js82-v8aw-9ck28nv9\",\"terminatingRuleId\":\"RG-Reference\",\"terminatingRuleType\":\"GROUP\",\"action\":\"BLOCK\",\"terminatingRuleMatchDetails\":[{\"conditionType\":\"XSS\",\"location\":\"HEADER\",\"matchedData\":[\"<\",\"frameset\"]}],\"httpSourceName\":\"-\",\"httpSourceId\":\"-\",\"ruleGroupList\":[{\"ruleGroupId\":\"arn:aws:wafv2:us-east-1:123456789012:global/rulegroup/hello-world/c05lb698-1f11-4m41-aef4-99a506d53f4b\",\"terminatingRule\":{\"ruleId\":\"RuleA-XSS\",\"action\":\"BLOCK\",\"ruleMatchDetails\":null},\"nonTerminatingMatchingRules\":[{\"ruleId\":\"RuleB-SQLi\",\"action\":\"COUNT\",\"ruleMatchDetails\":[{\"conditionType\":\"SQL_INJECTION\",\"location\":\"HEADER\",\"matchedData\":[\"10\",\"and\",\"1\"]}]}],\"excludedRules\":null}],\"rateBasedRuleList\":[],\"nonTerminatingMatchingRules\":[],\"httpRequest\":{\"clientIp\":\"89.160.20.156\",\"country\":\"US\",\"headers\":[{\"name\":\"Host\",\"value\":\"localhost:1989\"},{\"name\":\"User-Agent\",\"value\":\"curl/7.61.1\"},{\"name\":\"Accept\",\"value\":\"*/*\"},{\"name\":\"xssfoo\",\"value\":\"<frameset onload=alert(1)>\"},{\"name\":\"bar\",\"value\":\"10 AND 1=1\"}],\"uri\":\"/foo\",\"args\":\"\",\"httpVersion\":\"HTTP/1.1\",\"httpMethod\":\"GET\",\"requestId\":\"rid\"},\"labels\":[{\"name\":\"value\"}]}",
285285
"type": [
286286
"access",
@@ -377,7 +377,7 @@
377377
"web",
378378
"network"
379379
],
380-
"kind": "event",
380+
"kind": "alert",
381381
"original": "{\"timestamp\":1576280412771,\"formatVersion\":1,\"webaclId\":\"arn:aws:wafv2:ap-southeast-2:12345:regional/webacl/test/111\",\"terminatingRuleId\":\"STMTest_SQLi_XSS\",\"terminatingRuleType\":\"REGULAR\",\"action\":\"BLOCK\",\"terminatingRuleMatchDetails\":[{\"conditionType\":\"SQL_INJECTION\",\"location\":\"UNKNOWN\",\"matchedData\":[\"10\",\"AND\",\"1\"]}],\"httpSourceName\":\"ALB\",\"httpSourceId\":\"alb\",\"ruleGroupList\":[],\"rateBasedRuleList\":[],\"nonTerminatingMatchingRules\":[],\"requestHeadersInserted\":null,\"responseCodeSent\":null,\"httpRequest\":{\"clientIp\":\"89.160.20.156\",\"country\":\"AU\",\"headers\":[],\"uri\":\"\",\"args\":\"\",\"httpVersion\":\"HTTP/1.1\",\"httpMethod\":\"POST\",\"requestId\":\"null\"},\"labels\":[{\"name\":\"value\"}]}",
382382
"type": [
383383
"access",
@@ -430,4 +430,4 @@
430430
]
431431
}
432432
]
433-
}
433+
}

0 commit comments

Comments
 (0)