Skip to content

Commit a376a53

Browse files
ShourieGShourieG
committed
fixed conflicts
2 parents 2881823 + f715dbb commit a376a53

223 files changed

Lines changed: 3494 additions & 1092 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.github/ISSUE_TEMPLATE/integration_bug.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -48,6 +48,7 @@ body:
4848
- AWS Cost and Usage Report (CUR 2.0) [aws_billing]
4949
- AWS ELB OpenTelemetry Assets [aws_elb_otel]
5050
- AWS Fargate (for ECS clusters) [awsfargate]
51+
- AWS Security Hub [aws_securityhub]
5152
- AWS VPC Flow Logs OpenTelemetry Assets [aws_vpcflow_otel]
5253
- AWS [aws]
5354
- Azure AI Foundry [azure_ai_foundry]

.github/ISSUE_TEMPLATE/integration_feature_request.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -48,6 +48,7 @@ body:
4848
- AWS Cost and Usage Report (CUR 2.0) [aws_billing]
4949
- AWS ELB OpenTelemetry Assets [aws_elb_otel]
5050
- AWS Fargate (for ECS clusters) [awsfargate]
51+
- AWS Security Hub [aws_securityhub]
5152
- AWS VPC Flow Logs OpenTelemetry Assets [aws_vpcflow_otel]
5253
- AWS [aws]
5354
- Azure AI Foundry [azure_ai_foundry]

packages/akamai/changelog.yml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,12 @@
11
# newer versions go on top
2+
- version: "3.1.0"
3+
changes:
4+
- description: Add recovery_interval parameter to control lookback period during recovery mode.
5+
type: enhancement
6+
link: https://github.com/elastic/integrations/pull/16568
7+
- description: Handle 400 status code with invalid timestamp error switching to recovery mode.
8+
type: bugfix
9+
link: https://github.com/elastic/integrations/pull/16568
210
- version: "3.0.2"
311
changes:
412
- description: Fix the issue of populating tags and terminate the pipeline on agent failures.

packages/akamai/data_stream/siem/agent/stream/cel.yml.hbs

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@ state:
2424
access_token: {{access_token}}
2525
client_secret: {{client_secret}}
2626
initial_interval: {{initial_interval}}
27+
recovery_interval: {{recovery_interval}}
2728
event_limit: {{event_limit}}
2829

2930
redact:
@@ -37,7 +38,7 @@ program: |-
3738
(
3839
state.?cursor.recovery_mode.orValue(false) ?
3940
{
40-
"from": int(now - duration("12h")),
41+
"from": int(now - duration(state.recovery_interval)),
4142
"to": int(now - duration("1m")),
4243
}
4344
: state.?cursor.last_offset.hasValue() ?
@@ -112,7 +113,7 @@ program: |-
112113
"want_more": lines.size() >= int(state.event_limit),
113114
}
114115
)
115-
: (resp.StatusCode == 416) ?
116+
: (resp.StatusCode == 416 || (resp.StatusCode == 400 && size(resp.Body) != 0 && bytes(resp.Body).decode_json().as(errorBody, has(errorBody.detail) && errorBody.detail.to_lower().contains("invalid timestamp")))) ?
116117
{
117118
"events": [
118119
{

packages/akamai/data_stream/siem/manifest.yml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -69,6 +69,14 @@ streams:
6969
show_user: true
7070
default: 12h
7171
description: Initial interval to poll for events. Default is the maximum allowed value of 12 hours. Supported units for this parameter are h/m/s.
72+
- name: recovery_interval
73+
type: text
74+
title: Recovery Interval
75+
multi: false
76+
required: true
77+
show_user: false
78+
default: 12h
79+
description: Lookback period for data retrieval when the integration enters recovery mode. Default and maximum allowed value is 12 hours. Supported units for this parameter are h/m/s.
7280
- name: event_limit
7381
type: integer
7482
multi: false

packages/akamai/manifest.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
name: akamai
22
title: Akamai
3-
version: "3.0.2"
3+
version: "3.1.0"
44
description: Collect logs from Akamai with Elastic Agent.
55
type: integration
66
format_version: "3.3.2"

packages/atlassian_confluence/changelog.yml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,9 @@
11
# newer versions go on top
2+
- version: "1.30.0"
3+
changes:
4+
- description: Prevent updating fleet health status to degraded when pagination completes.
5+
type: enhancement
6+
link: https://github.com/elastic/integrations/pull/16598
27
- version: "1.29.2"
38
changes:
49
- description: Expected timestamp layout added in cursor logic.

packages/atlassian_confluence/data_stream/audit/agent/stream/httpjson.yml.hbs

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -60,6 +60,7 @@ response.pagination:
6060
target: url.params.start
6161
value: '[[if (ne (len .last_response.body.results) 0)]][[add (toInt .last_response.body.start) (toInt .last_response.body.limit)]][[end]]'
6262
fail_on_template_error: true
63+
do_not_log_failure: true
6364
- set:
6465
target: url.params.limit
6566
value: '{{limit}}'
@@ -105,8 +106,9 @@ response.split:
105106
response.pagination:
106107
- set:
107108
target: url.value
108-
value: '[[ .last_response.body.pagingInfo.nextPageLink ]]'
109+
value: '[[ if index .last_response.body.pagingInfo "nextPageLink" ]][[ .last_response.body.pagingInfo.nextPageLink ]][[ end ]]'
109110
fail_on_template_error: true
111+
do_not_log_failure: true
110112

111113
cursor:
112114
last_timestamp:

packages/atlassian_confluence/data_stream/audit/sample_event.json

Lines changed: 76 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -1,54 +1,111 @@
11
{
2-
"@timestamp": "2021-11-16T09:25:56.666Z",
2+
"@timestamp": "2021-11-22T23:44:13.873Z",
33
"agent": {
4-
"ephemeral_id": "5e7e2606-c5b7-4cca-bcf6-5a9959484395",
5-
"id": "1f67a92c-38d3-40a8-9093-c4495a7411a3",
6-
"name": "docker-fleet-agent",
4+
"ephemeral_id": "5de25f34-0a0a-44ab-b6cf-ddf6d3e10467",
5+
"id": "8c63ae6c-a626-40b8-9a24-b90a9bfde848",
6+
"name": "elastic-agent-92724",
77
"type": "filebeat",
8-
"version": "8.10.2"
8+
"version": "8.19.4"
99
},
1010
"confluence": {
1111
"audit": {
12-
"external_collaborator": false,
12+
"extra_attributes": [
13+
{
14+
"name": "Query",
15+
"nameI18nKey": "atlassian.audit.event.attribute.query"
16+
},
17+
{
18+
"name": "Results returned",
19+
"nameI18nKey": "atlassian.audit.event.attribute.results",
20+
"value": "57"
21+
},
22+
{
23+
"name": "ID Range",
24+
"nameI18nKey": "atlassian.audit.event.attribute.id",
25+
"value": "1 - 57"
26+
},
27+
{
28+
"name": "Timestamp Range",
29+
"nameI18nKey": "atlassian.audit.event.attribute.timestamp",
30+
"value": "2021-11-22T23:42:45.791Z - 2021-11-22T23:43:22.615Z"
31+
}
32+
],
33+
"method": "Browser",
1334
"type": {
14-
"action": "User deactivated",
15-
"category": "Users and groups"
35+
"action": "Audit Log search performed",
36+
"actionI18nKey": "atlassian.audit.event.action.audit.search",
37+
"area": "AUDIT_LOG",
38+
"category": "Auditing",
39+
"categoryI18nKey": "atlassian.audit.event.category.audit",
40+
"level": "BASE"
1641
}
1742
}
1843
},
1944
"data_stream": {
2045
"dataset": "atlassian_confluence.audit",
21-
"namespace": "ep",
46+
"namespace": "95121",
2247
"type": "logs"
2348
},
2449
"ecs": {
2550
"version": "8.11.0"
2651
},
2752
"elastic_agent": {
28-
"id": "1f67a92c-38d3-40a8-9093-c4495a7411a3",
53+
"id": "8c63ae6c-a626-40b8-9a24-b90a9bfde848",
2954
"snapshot": false,
30-
"version": "8.10.2"
55+
"version": "8.19.4"
3156
},
3257
"event": {
33-
"action": "User deactivated",
58+
"action": "atlassian.audit.event.action.audit.search",
3459
"agent_id_status": "verified",
35-
"created": "2023-11-06T13:17:04.339Z",
3660
"dataset": "atlassian_confluence.audit",
37-
"ingested": "2023-11-06T13:17:05Z",
61+
"ingested": "2025-12-17T10:43:52Z",
3862
"kind": "event",
39-
"original": "{\"affectedObject\":{\"name\":\"\",\"objectType\":\"\"},\"associatedObjects\":[],\"author\":{\"accountType\":\"\",\"displayName\":\"System\",\"externalCollaborator\":false,\"isExternalCollaborator\":false,\"operations\":null,\"publicName\":\"Unknown user\",\"type\":\"user\"},\"category\":\"Users and groups\",\"changedValues\":[],\"creationDate\":1637054756666,\"description\":\"\",\"remoteAddress\":\"81.2.69.143\",\"summary\":\"User deactivated\",\"superAdmin\":false,\"sysAdmin\":false}",
63+
"original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"57\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"1 - 57\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-22T23:42:45.791Z - 2021-11-22T23:43:22.615Z\"}],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624653,\"nano\":873000000},\"version\":\"1.0\"}",
4064
"type": [
4165
"info"
4266
]
4367
},
68+
"host": {
69+
"architecture": "aarch64",
70+
"containerized": false,
71+
"hostname": "elastic-agent-92724",
72+
"ip": [
73+
"172.19.0.2",
74+
"172.18.0.4"
75+
],
76+
"mac": [
77+
"52-B9-17-2C-21-10",
78+
"72-59-40-DC-CA-4F"
79+
],
80+
"name": "elastic-agent-92724",
81+
"os": {
82+
"kernel": "6.12.54-linuxkit",
83+
"name": "Wolfi",
84+
"platform": "wolfi",
85+
"type": "linux",
86+
"version": "20230201"
87+
}
88+
},
4489
"input": {
45-
"type": "httpjson"
90+
"type": "log"
91+
},
92+
"log": {
93+
"file": {
94+
"path": "/tmp/service_logs/test-audit.log"
95+
},
96+
"offset": 0
4697
},
4798
"related": {
99+
"hosts": [
100+
"confluence.internal"
101+
],
48102
"ip": [
49103
"81.2.69.143"
50104
]
51105
},
106+
"service": {
107+
"address": "http://confluence.internal:8090"
108+
},
52109
"source": {
53110
"address": "81.2.69.143",
54111
"geo": {
@@ -67,10 +124,10 @@
67124
},
68125
"tags": [
69126
"preserve_original_event",
70-
"forwarded",
71127
"confluence-audit"
72128
],
73129
"user": {
74-
"full_name": "System"
130+
"full_name": "test.user",
131+
"id": "2c9580827d4a06e8017d4a07c3e10000"
75132
}
76-
}
133+
}

packages/atlassian_confluence/docs/README.md

Lines changed: 75 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -47,56 +47,113 @@ An example event for `audit` looks as following:
4747

4848
```json
4949
{
50-
"@timestamp": "2021-11-16T09:25:56.666Z",
50+
"@timestamp": "2021-11-22T23:44:13.873Z",
5151
"agent": {
52-
"ephemeral_id": "5e7e2606-c5b7-4cca-bcf6-5a9959484395",
53-
"id": "1f67a92c-38d3-40a8-9093-c4495a7411a3",
54-
"name": "docker-fleet-agent",
52+
"ephemeral_id": "5de25f34-0a0a-44ab-b6cf-ddf6d3e10467",
53+
"id": "8c63ae6c-a626-40b8-9a24-b90a9bfde848",
54+
"name": "elastic-agent-92724",
5555
"type": "filebeat",
56-
"version": "8.10.2"
56+
"version": "8.19.4"
5757
},
5858
"confluence": {
5959
"audit": {
60-
"external_collaborator": false,
60+
"extra_attributes": [
61+
{
62+
"name": "Query",
63+
"nameI18nKey": "atlassian.audit.event.attribute.query"
64+
},
65+
{
66+
"name": "Results returned",
67+
"nameI18nKey": "atlassian.audit.event.attribute.results",
68+
"value": "57"
69+
},
70+
{
71+
"name": "ID Range",
72+
"nameI18nKey": "atlassian.audit.event.attribute.id",
73+
"value": "1 - 57"
74+
},
75+
{
76+
"name": "Timestamp Range",
77+
"nameI18nKey": "atlassian.audit.event.attribute.timestamp",
78+
"value": "2021-11-22T23:42:45.791Z - 2021-11-22T23:43:22.615Z"
79+
}
80+
],
81+
"method": "Browser",
6182
"type": {
62-
"action": "User deactivated",
63-
"category": "Users and groups"
83+
"action": "Audit Log search performed",
84+
"actionI18nKey": "atlassian.audit.event.action.audit.search",
85+
"area": "AUDIT_LOG",
86+
"category": "Auditing",
87+
"categoryI18nKey": "atlassian.audit.event.category.audit",
88+
"level": "BASE"
6489
}
6590
}
6691
},
6792
"data_stream": {
6893
"dataset": "atlassian_confluence.audit",
69-
"namespace": "ep",
94+
"namespace": "95121",
7095
"type": "logs"
7196
},
7297
"ecs": {
7398
"version": "8.11.0"
7499
},
75100
"elastic_agent": {
76-
"id": "1f67a92c-38d3-40a8-9093-c4495a7411a3",
101+
"id": "8c63ae6c-a626-40b8-9a24-b90a9bfde848",
77102
"snapshot": false,
78-
"version": "8.10.2"
103+
"version": "8.19.4"
79104
},
80105
"event": {
81-
"action": "User deactivated",
106+
"action": "atlassian.audit.event.action.audit.search",
82107
"agent_id_status": "verified",
83-
"created": "2023-11-06T13:17:04.339Z",
84108
"dataset": "atlassian_confluence.audit",
85-
"ingested": "2023-11-06T13:17:05Z",
109+
"ingested": "2025-12-17T10:43:52Z",
86110
"kind": "event",
87-
"original": "{\"affectedObject\":{\"name\":\"\",\"objectType\":\"\"},\"associatedObjects\":[],\"author\":{\"accountType\":\"\",\"displayName\":\"System\",\"externalCollaborator\":false,\"isExternalCollaborator\":false,\"operations\":null,\"publicName\":\"Unknown user\",\"type\":\"user\"},\"category\":\"Users and groups\",\"changedValues\":[],\"creationDate\":1637054756666,\"description\":\"\",\"remoteAddress\":\"81.2.69.143\",\"summary\":\"User deactivated\",\"superAdmin\":false,\"sysAdmin\":false}",
111+
"original": "{\"affectedObjects\":[],\"auditType\":{\"action\":\"Audit Log search performed\",\"actionI18nKey\":\"atlassian.audit.event.action.audit.search\",\"area\":\"AUDIT_LOG\",\"category\":\"Auditing\",\"categoryI18nKey\":\"atlassian.audit.event.category.audit\",\"level\":\"BASE\"},\"author\":{\"id\":\"2c9580827d4a06e8017d4a07c3e10000\",\"name\":\"test.user\",\"type\":\"user\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"Query\",\"nameI18nKey\":\"atlassian.audit.event.attribute.query\",\"value\":\"\"},{\"name\":\"Results returned\",\"nameI18nKey\":\"atlassian.audit.event.attribute.results\",\"value\":\"57\"},{\"name\":\"ID Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.id\",\"value\":\"1 - 57\"},{\"name\":\"Timestamp Range\",\"nameI18nKey\":\"atlassian.audit.event.attribute.timestamp\",\"value\":\"2021-11-22T23:42:45.791Z - 2021-11-22T23:43:22.615Z\"}],\"method\":\"Browser\",\"source\":\"81.2.69.143\",\"system\":\"http://confluence.internal:8090\",\"timestamp\":{\"epochSecond\":1637624653,\"nano\":873000000},\"version\":\"1.0\"}",
88112
"type": [
89113
"info"
90114
]
91115
},
116+
"host": {
117+
"architecture": "aarch64",
118+
"containerized": false,
119+
"hostname": "elastic-agent-92724",
120+
"ip": [
121+
"172.19.0.2",
122+
"172.18.0.4"
123+
],
124+
"mac": [
125+
"52-B9-17-2C-21-10",
126+
"72-59-40-DC-CA-4F"
127+
],
128+
"name": "elastic-agent-92724",
129+
"os": {
130+
"kernel": "6.12.54-linuxkit",
131+
"name": "Wolfi",
132+
"platform": "wolfi",
133+
"type": "linux",
134+
"version": "20230201"
135+
}
136+
},
92137
"input": {
93-
"type": "httpjson"
138+
"type": "log"
139+
},
140+
"log": {
141+
"file": {
142+
"path": "/tmp/service_logs/test-audit.log"
143+
},
144+
"offset": 0
94145
},
95146
"related": {
147+
"hosts": [
148+
"confluence.internal"
149+
],
96150
"ip": [
97151
"81.2.69.143"
98152
]
99153
},
154+
"service": {
155+
"address": "http://confluence.internal:8090"
156+
},
100157
"source": {
101158
"address": "81.2.69.143",
102159
"geo": {
@@ -115,11 +172,11 @@ An example event for `audit` looks as following:
115172
},
116173
"tags": [
117174
"preserve_original_event",
118-
"forwarded",
119175
"confluence-audit"
120176
],
121177
"user": {
122-
"full_name": "System"
178+
"full_name": "test.user",
179+
"id": "2c9580827d4a06e8017d4a07c3e10000"
123180
}
124181
}
125182
```

0 commit comments

Comments
 (0)