elastic
diff --git a/‎.github/CODEOWNERS‎
Lines changed: 5 additions & 2 deletions b/‎.github/CODEOWNERS‎
Lines changed: 5 additions & 2 deletions
diff --git a/‎.github/ISSUE_TEMPLATE/integration_bug.yml‎
Lines changed: 3 additions & 0 deletions b/‎.github/ISSUE_TEMPLATE/integration_bug.yml‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎.github/ISSUE_TEMPLATE/integration_feature_request.yml‎
Lines changed: 3 additions & 0 deletions b/‎.github/ISSUE_TEMPLATE/integration_feature_request.yml‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎docs/extend/dashboard-guidelines.md‎
Lines changed: 6 additions & 18 deletions b/‎docs/extend/dashboard-guidelines.md‎
Lines changed: 6 additions & 18 deletions
diff --git a/‎docs/extend/developer-workflow-support-old-package.md‎
Lines changed: 1 addition & 3 deletions b/‎docs/extend/developer-workflow-support-old-package.md‎
Lines changed: 1 addition & 3 deletions
diff --git a/‎docs/extend/quick-start.md‎
Lines changed: 2 additions & 6 deletions b/‎docs/extend/quick-start.md‎
Lines changed: 2 additions & 6 deletions
diff --git a/‎packages/abnormal_security/_dev/build/docs/README.md‎
Lines changed: 13 additions & 1 deletion b/‎packages/abnormal_security/_dev/build/docs/README.md‎
Lines changed: 13 additions & 1 deletion
diff --git a/‎packages/abnormal_security/_dev/deploy/docker/files/config.yml‎
Lines changed: 59 additions & 0 deletions b/‎packages/abnormal_security/_dev/deploy/docker/files/config.yml‎
Lines changed: 59 additions & 0 deletions
diff --git a/‎packages/abnormal_security/changelog.yml‎
Lines changed: 5 additions & 0 deletions b/‎packages/abnormal_security/changelog.yml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎packages/abnormal_security/data_stream/ai_security_mailbox/agent/stream/cel.yml.hbs‎
Lines changed: 4 additions & 4 deletions b/‎packages/abnormal_security/data_stream/ai_security_mailbox/agent/stream/cel.yml.hbs‎
Lines changed: 4 additions & 4 deletions
@@ -2,7 +2,7 @@
 * @elastic/ecosystem
 
 # Default owner of packages, which will triage new packages and assignment to other teams.
-/packages/ @elastic/ecosystem
+/packages/ @elastic/integrations-triaging
 
 # CODEOWNERS file is checked by CI.
 /.github/CODEOWNERS
@@ -58,6 +58,7 @@
 /packages/aws/data_stream/s3_storage_lens @elastic/obs-infraobs-integrations
 /packages/aws/data_stream/s3access @elastic/obs-ds-hosted-services
 /packages/aws/data_stream/securityhub_findings @elastic/security-service-integrations
+/packages/aws/data_stream/securityhub_findings_full_posture @elastic/security-service-integrations
 /packages/aws/data_stream/securityhub_insights @elastic/security-service-integrations
 /packages/aws/data_stream/sns @elastic/obs-infraobs-integrations
 /packages/aws/data_stream/sqs @elastic/obs-infraobs-integrations
@@ -126,6 +127,7 @@
 /packages/beaconing @elastic/ml-ui @elastic/sec-applied-ml
 /packages/beat @elastic/stack-monitoring
 /packages/beyondinsight_password_safe @elastic/security-service-integrations
+/packages/beyondtrust_pra @elastic/security-service-integrations
 /packages/bitdefender @elastic/security-service-integrations
 /packages/bitwarden @elastic/security-service-integrations
 /packages/blacklens @elastic/security-service-integrations
@@ -310,14 +312,15 @@
 /packages/nginx @elastic/obs-infraobs-integrations
 /packages/nginx_ingress_controller @elastic/obs-ds-hosted-services
 /packages/nginx_ingress_controller_otel @elastic/obs-infraobs-integrations
+/packages/nvidia_gpu @elastic/obs-infraobs-integrations
 /packages/o365 @elastic/security-service-integrations
 /packages/okta @elastic/security-service-integrations
 /packages/openai @elastic/obs-infraobs-integrations
 /packages/opencanary @elastic/security-service-integrations
 /packages/oracle @elastic/obs-infraobs-integrations
 /packages/oracle_weblogic @elastic/obs-infraobs-integrations
 /packages/osquery @elastic/sec-deployment-and-devices
-/packages/osquery_manager @elastic/security-asset-management
+/packages/osquery_manager @elastic/security-defend-workflows
 /packages/pad @elastic/ml-ui @elastic/sec-applied-ml
 /packages/panw @elastic/sec-deployment-and-devices
 /packages/panw_cortex_xdr @elastic/security-service-integrations
 
@@ -56,6 +56,7 @@ body:
         - Network Beaconing Identification [beaconing]
         - Beat [beat]
         - BeyondInsight and Password Safe [beyondinsight_password_safe]
+        - BeyondTrust PRA [beyondtrust_pra]
         - BitDefender [bitdefender]
         - Bitwarden [bitwarden]
         - blacklens.io [blacklens]
@@ -215,6 +216,7 @@ body:
         - Nginx [nginx]
         - Nginx Ingress Controller Logs [nginx_ingress_controller]
         - Nginx Ingress Controller OpenTelemetry Logs [nginx_ingress_controller_otel]
+        - NVIDIA GPU Monitoring [nvidia_gpu]
         - Microsoft Office 365 [o365]
         - Microsoft Office 365 Metrics [o365_metrics]
         - Okta [okta]
@@ -266,6 +268,7 @@ body:
         - SonicWall Firewall [sonicwall_firewall]
         - Sophos [sophos]
         - Sophos Central [sophos_central]
+        - Splunk [splunk]
         - Spring Boot [spring_boot]
         - SpyCloud Enterprise Protection [spycloud]
         - SQL Input [sql_input]
 
@@ -56,6 +56,7 @@ body:
         - Network Beaconing Identification [beaconing]
         - Beat [beat]
         - BeyondInsight and Password Safe [beyondinsight_password_safe]
+        - BeyondTrust PRA [beyondtrust_pra]
         - BitDefender [bitdefender]
         - Bitwarden [bitwarden]
         - blacklens.io [blacklens]
@@ -215,6 +216,7 @@ body:
         - Nginx [nginx]
         - Nginx Ingress Controller Logs [nginx_ingress_controller]
         - Nginx Ingress Controller OpenTelemetry Logs [nginx_ingress_controller_otel]
+        - NVIDIA GPU Monitoring [nvidia_gpu]
         - Microsoft Office 365 [o365]
         - Microsoft Office 365 Metrics [o365_metrics]
         - Okta [okta]
@@ -266,6 +268,7 @@ body:
         - SonicWall Firewall [sonicwall_firewall]
         - Sophos [sophos]
         - Sophos Central [sophos_central]
+        - Splunk [splunk]
         - Spring Boot [spring_boot]
         - SpyCloud Enterprise Protection [spycloud]
         - SQL Input [sql_input]
 
@@ -66,15 +66,11 @@ Keep the following guidelines in mind when positioning your elements on dashboar
 
 * Keep related visualizations close to each other.
 
-    :::{image} images/grouping-in-visualizations.png
-    :alt: Closely grouped visualizations
-    :::
+    ![Closely grouped visualizations](images/grouping-in-visualizations.png)
 
 * Use Markdown to create blocks of related content.
 
-    :::{image} images/markdown-grouping.png
-    :alt: Markdown grouping in visualizations
-    :::
+    ![Markdown grouping in visualizations](images/markdown-grouping.png)
 
 * Reading Direction
 
@@ -84,9 +80,7 @@ Keep the following guidelines in mind when positioning your elements on dashboar
 
     Placing a big chart at the center of a dashboard, especially one with prominent visual shapes such as rectangles, helps to reinforce a natural visual focal point that lies in the center of the interface.
 
-    :::{image} images/rows-in-visualizations.png
-    :alt: Central focal point in visualization
-    :::
+    ![Central focal point in visualization](images/rows-in-visualizations.png)
 
 
 
@@ -117,9 +111,7 @@ As much as possible, avoid using general filters, that is filters with `-*`.  Co
 
 Example:
 
-:::{image} images/filter-in-visualization.png
-:alt: Filter in a visualization
-:::
+![Filter in a visualization](images/filter-in-visualization.png)
 
 
 ### Do not use library visualizations [_do_not_use_library_visualizations]
@@ -142,9 +134,7 @@ Use color to distinguish categories, represent quantity/density, and highlight d
 
 If your dashboard is made to identify specific behaviors, it might be interesting to consider a color setting that could help to point those out. Use a neutral color for generic elements and an accented color for the things that you want to highlight.
 
-:::{image} images/colors-in-visualizations.png
-:alt: Colors in visualizations
-:::
+![Colors in visualizations](images/colors-in-visualizations.png)
 
 
 ## Titles in Visualisations matter [_titles_in_visualisations_matter]
@@ -154,6 +144,4 @@ Titles can have a strong visual impact on dashboards, especially when there are
 * Remove unnecessary or repetitive titles when the information is already explained or written within the chart.
 * When a title is needed, make it self explanatory and exhaustive. This way, you will be able to remove axis titles and other specifications leaving more space for the chart itself.
 
-:::{image} images/titles-in-visualizations.png
-:alt: Titles in visualizations
-:::
+![Titles in visualizations](images/titles-in-visualizations.png)
@@ -59,9 +59,7 @@ Follow these detailed steps to release a fix for a given package version:
 
     **Please, pay attention!**, if you just run the pipeline it’ll wait for your inputs, nothing will happen without that.
 
-    :::{image} images/backport_input_step.png
-    :alt: waiting input step
-    :::
+    ![waiting input step](images/backport_input_step.png)
 
     Pipeline’s inputs:
 
 
@@ -114,9 +114,7 @@ You’ll need to have a few requirements in place to run this tutorial:
 
 3. After the command runs, check that your new package appears in Kibana under **Management > Integrations > Installed integrations**.
 
-    :::{image} images/package-installed.png
-    :alt: Kibana installed integrations tab with a card for my sample package
-    :::
+    ![Kibana installed integrations tab with a card for my sample package](images/package-installed.png)
 
 
 
@@ -417,9 +415,7 @@ To run these steps using {{fleet}}-managed {{agent}}, you just need to update th
     2. In the search field, enter `log.file.path.text : *`. The search should return a couple of log entries.
     3. Hover over an entry and click `Enter` to view the cell contents.
 
-        :::{image} images/datastream-log-message.png
-        :alt: Data stream showing log message: "this is a nice day"
-        :::
+        ![Data stream showing log message: "this is a nice day"](images/datastream-log-message.png)
 
 
 
 
@@ -6,10 +6,12 @@ The Abnormal Security integration collects data for AI Security Mailbox (formerl
 
 ## Data streams
 
-The Abnormal Security integration collects four types of logs:
+The Abnormal Security integration collects six types of logs:
 
 - **[AI Security Mailbox](https://app.swaggerhub.com/apis-docs/abnormal-security/abx/1.4.3#/AI%20Security%20Mailbox%20(formerly%20known%20as%20Abuse%20Mailbox))** - Get details of AI Security Mailbox.
 
+- **[AI Security Mailbox Not Analyzed](https://app.swaggerhub.com/apis/abnormal-security/abx/1.4.3#/AI%20Security%20Mailbox%20(formerly%20known%20as%20Abuse%20Mailbox)/v1_abuse_mailbox_not_analyzed_retrieve)** - Get details of messages submitted to AI Security Mailbox that were not analyzed.
+
 - **[Audit](https://app.swaggerhub.com/apis-docs/abnormal-security/abx/1.4.3#/Audit%20Logs)** - Get details of Audit logs for Portal.
 
 - **[Case](https://app.swaggerhub.com/apis-docs/abnormal-security/abx/1.4.3#/Cases)** - Get details of Abnormal Cases.
@@ -76,6 +78,16 @@ This is the `ai_security_mailbox` dataset.
 
 {{fields "ai_security_mailbox"}}
 
+### AI Security Mailbox Not Analyzed
+
+This is the `ai_security_mailbox_not_analyzed` dataset.
+
+#### Example
+
+{{event "ai_security_mailbox_not_analyzed"}}
+
+{{fields "ai_security_mailbox_not_analyzed"}}
+
 ### Audit
 
 This is the `audit` dataset.
 
@@ -101,6 +101,65 @@ rules:
               "attackType": "Attack Type: Spam"
           }
           `}}
+  - path: /v1/abuse_mailbox/not_analyzed
+    methods: ['GET']
+    request_headers:
+      Authorization:
+        - "Bearer xxxx"
+    responses:
+      - status_code: 200
+        headers:
+          Content-Type:
+            - 'application/json'
+        body: |-
+          {{ minify_json `
+          {
+              "results": [
+                  {
+                      "abx_message_id": -7361381340273523750,
+                      "recipient": {
+                          "email": "phishing@test.com",
+                          "name": "Phishing Test"
+                      },
+                      "reported_datetime": "2025-03-06T17:27:15Z",
+                      "reporter": {
+                          "email": "reporter@test.com",
+                          "name": "Reporter Test"
+                      },
+                      "subject": "Re: Subject",
+                      "not_analyzed_reason": "ROUTED_SUBMISSION"
+                  },
+                  {
+                      "abx_message_id": 240750237502375023,
+                      "recipient": {
+                          "email": "phishing@test.com",
+                          "name": "Phishing Test"
+                      },
+                      "reported_datetime": "2025-03-04T18:50:27Z",
+                      "reporter": {
+                          "email": "test@example.com",
+                          "name": "Test Example"
+                      },
+                      "subject": "Fwd: Forwarded email",
+                      "not_analyzed_reason": "INVALID_SUBMISSION"
+                  },
+                  {
+                      "abx_message_id": -1234567891234567891,
+                      "recipient": {
+                          "email": "phishing@test.com",
+                          "name": "Phishing Test"
+                      },
+                      "reported_datetime": "2025-03-04T17:03:55Z",
+                      "reporter": {
+                          "email": "info@test.com",
+                          "name": "Info Test"
+                      },
+                      "subject": "Fwd: Forwarded email",
+                      "not_analyzed_reason": "PHISHING_SIMULATION"
+                  }
+              ]
+          }
+          `}}
   - path: /v1/auditlogs
     methods: ['GET']
     query_params:
 
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.6.0"
+  changes:
+    - description: New data stream for not analyzed messages in AI Security Mailbox.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/13483
 - version: "1.5.0"
   changes:
     - description: Added support for vendor case data stream.
 
@@ -1,9 +1,9 @@
 config_version: 2
 interval: {{interval}}
-{{#if enable_request_tracer}}
-resource.tracer.filename: "../../logs/cel/http-request-trace-*.ndjson"
-resource.tracer.maxbackups: 5
-{{/if}}
+resource.tracer:
+  enabled: {{enable_request_tracer}}
+  filename: "../../logs/cel/http-request-trace-*.ndjson"
+  maxbackups: 5
 {{#if proxy_url}}
 resource.proxy_url: {{proxy_url}}
 {{/if}}