elastic
diff --git a/‎.buildkite/hooks/pre-command‎
Lines changed: 0 additions & 5 deletions b/‎.buildkite/hooks/pre-command‎
Lines changed: 0 additions & 5 deletions
diff --git a/‎.github/CODEOWNERS‎
Lines changed: 3 additions & 0 deletions b/‎.github/CODEOWNERS‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎.github/ISSUE_TEMPLATE/integration_bug.yml‎
Lines changed: 3 additions & 0 deletions b/‎.github/ISSUE_TEMPLATE/integration_bug.yml‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎.github/ISSUE_TEMPLATE/integration_feature_request.yml‎
Lines changed: 3 additions & 0 deletions b/‎.github/ISSUE_TEMPLATE/integration_feature_request.yml‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎.github/workflows/bump-elastic-stack-version.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/bump-elastic-stack-version.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/ci_pipelines.md‎
Lines changed: 6 additions & 6 deletions b/‎docs/ci_pipelines.md‎
Lines changed: 6 additions & 6 deletions
diff --git a/‎docs/extend/elastic-package.md‎
Lines changed: 0 additions & 19 deletions b/‎docs/extend/elastic-package.md‎
Lines changed: 0 additions & 19 deletions
diff --git a/‎packages/akamai/changelog.yml‎
Lines changed: 8 additions & 0 deletions b/‎packages/akamai/changelog.yml‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎packages/akamai/data_stream/siem/agent/stream/cel.yml.hbs‎
Lines changed: 3 additions & 2 deletions b/‎packages/akamai/data_stream/siem/agent/stream/cel.yml.hbs‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎packages/akamai/data_stream/siem/manifest.yml‎
Lines changed: 8 additions & 0 deletions b/‎packages/akamai/data_stream/siem/manifest.yml‎
Lines changed: 8 additions & 0 deletions
@@ -110,11 +110,6 @@ if [[ "${BUILDKITE_PIPELINE_SLUG}" =~ ^(integrations|integrations-test-stack)$ ]
         BUILDKITE_API_TOKEN=$(retry 5 vault kv get -field buildkite_token "${BUILDKITE_API_TOKEN_PATH}")
         export BUILDKITE_API_TOKEN
     fi
-
-    if [[ "${BUILDKITE_STEP_KEY}" =~ ^test-integrations- ]]; then
-        BUILDKITE_API_TOKEN=$(retry 5 vault kv get -field buildkite_token "${BUILDKITE_API_TOKEN_PATH}")
-        export BUILDKITE_API_TOKEN
-    fi
 fi
 
 if [[ "${BUILDKITE_PIPELINE_SLUG}" == "integrations-serverless" ]]; then
 
@@ -89,6 +89,7 @@
 /packages/aws_cloudtrail_otel @elastic/obs-infraobs-integrations
 /packages/aws_logs @elastic/obs-ds-hosted-services
 /packages/aws_mq @elastic/obs-infraobs-integrations
+/packages/aws_securityhub @elastic/security-service-integrations
 /packages/aws_bedrock_agentcore @elastic/obs-infraobs-integrations
 /packages/aws_vpcflow_otel @elastic/obs-infraobs-integrations
 /packages/awsfargate @elastic/obs-infraobs-integrations
@@ -260,6 +261,8 @@
 /packages/gcp_metrics @elastic/obs-ds-hosted-services
 /packages/gcp_pubsub @elastic/security-service-integrations
 /packages/gcp_vertexai @elastic/obs-infraobs-integrations
+/packages/gcp_audit_otel @elastic/obs-infraobs-integrations
+/packages/gcp_vpcflow_otel @elastic/obs-infraobs-integrations
 /packages/gigamon @elastic/security-service-integrations
 /packages/github @elastic/security-service-integrations
 /packages/gitlab @elastic/security-service-integrations
 
@@ -48,6 +48,7 @@ body:
         - AWS Cost and Usage Report (CUR 2.0) [aws_billing]
         - AWS ELB OpenTelemetry Assets [aws_elb_otel]
         - AWS Fargate (for ECS clusters) [awsfargate]
+        - AWS Security Hub [aws_securityhub]
         - AWS VPC Flow Logs OpenTelemetry Assets [aws_vpcflow_otel]
         - AWS [aws]
         - Azure AI Foundry [azure_ai_foundry]
@@ -182,8 +183,10 @@ body:
         - Fortinet FortiMail [fortinet_fortimail]
         - Fortinet FortiManager Logs [fortinet_fortimanager]
         - Fortinet FortiProxy [fortinet_fortiproxy]
+        - GCP Audit Logs OpenTelemetry Assets [gcp_audit_otel]
         - GCP Metrics Input [gcp_metrics]
         - GCP Vertex AI [gcp_vertexai]
+        - GCP VPC Flow Logs OpenTelemetry Assets [gcp_vpcflow_otel]
         - Gigamon [gigamon]
         - GitHub [github]
         - GitLab [gitlab]
 
@@ -48,6 +48,7 @@ body:
         - AWS Cost and Usage Report (CUR 2.0) [aws_billing]
         - AWS ELB OpenTelemetry Assets [aws_elb_otel]
         - AWS Fargate (for ECS clusters) [awsfargate]
+        - AWS Security Hub [aws_securityhub]
         - AWS VPC Flow Logs OpenTelemetry Assets [aws_vpcflow_otel]
         - AWS [aws]
         - Azure AI Foundry [azure_ai_foundry]
@@ -182,8 +183,10 @@ body:
         - Fortinet FortiMail [fortinet_fortimail]
         - Fortinet FortiManager Logs [fortinet_fortimanager]
         - Fortinet FortiProxy [fortinet_fortiproxy]
+        - GCP Audit Logs OpenTelemetry Assets [gcp_audit_otel]
         - GCP Metrics Input [gcp_metrics]
         - GCP Vertex AI [gcp_vertexai]
+        - GCP VPC Flow Logs OpenTelemetry Assets [gcp_vpcflow_otel]
         - Gigamon [gigamon]
         - GitHub [github]
         - GitLab [gitlab]
 
@@ -25,7 +25,7 @@ jobs:
       - uses: actions/checkout@v6
 
       - name: Install Updatecli in the runner
-        uses: updatecli/updatecli-action@9a21b6911fe58865c8346d4fde3470010f49bf31 #v2.97.0
+        uses: updatecli/updatecli-action@b846825b298f5351abd80f94c4f9eab63a38a804 #v2.98.0
 
       - name: Select diff action
         if: ${{ github.event_name == 'pull_request' }}
 
@@ -76,12 +76,12 @@ More details about this CI pipeline:
   In the following table, there are some examples:
 
   | STACK_VERSION env | Kibana Condition Package | Released | Elastic stack run |
-  | :---:    | :---:                | :---: | :---:             |
-  | ""       | `^7.16.0 || ^8.0.0`  | Yes   | `7.16.0`          |
-  | ""       | `^8.12.0`            | Yes   | `8.12.0`          |
-  | ""       | `^8.14.1`            | Yes   | `8.14.1`          |
-  | ""       | `^8.15.0`            | No    | `8.15.0-SNAPSHOT` |
-  | `8.14.0` | `^8.13.0`            | Yes   | `8.14.0`          |
+  | :---:    | :---:                  | :---: | :---:             |
+  | ""       | `^7.16.0 \|\| ^8.0.0`  | Yes   | `7.16.0`          |
+  | ""       | `^8.12.0`              | Yes   | `8.12.0`          |
+  | ""       | `^8.14.1`              | Yes   | `8.14.1`          |
+  | ""       | `^8.15.0`              | No    | `8.15.0-SNAPSHOT` |
+  | `8.14.0` | `^8.13.0`              | Yes   | `8.14.0`          |
 
   If the STACK_VERSION environment variable is defined, just the packages supporting that stack version are tested. For instance:
 
 
@@ -247,25 +247,6 @@ Use this command to add, remove, and manage multiple config profiles.
 Individual user profiles appear in ~/.elastic-package/stack and contain all the config files needed by the "stack" subcommand. Once a new profile is created, it can be specified with the -p flag, or the ELASTIC_PACKAGE_PROFILE environment variable. User profiles are not overwritten on an upgrade of elastic-stack and can be freely modified to allow for different stack configs.
 
 
-### `elastic-package promote` [_elastic_package_promote]
-
-*Context: global*
-
-Use this command to move packages between the {{package-registry}} snapshot, staging, and production stages.
-
-This command is intended primarily for use by administrators.
-
-It allows for selecting packages for promotion and opens new pull requests to review changes. However, please be aware that the tool checks out an in-memory Git repository and switches over branches (snapshot, staging and production), so it may take longer to promote a larger number of packages.
-
-
-### `elastic-package publish` [_elastic_package_publish]
-
-*Context: package*
-
-Use this command to publish a new package revision.
-
-The command checks if the package has already been published (whether it’s present in the snapshot/staging/production branch or open as pull request). If the package revision hasn’t been published, it will open a new pull request.
-
 ### `elastic-package report` [_elastic_package_report]
 
 *Context: package*
 
@@ -1,4 +1,12 @@
 # newer versions go on top
+- version: "3.1.0"
+  changes:
+    - description: Add recovery_interval parameter to control lookback period during recovery mode.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/16568
+    - description: Handle 400 status code with invalid timestamp error switching to recovery mode.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/16568
 - version: "3.0.2"
   changes:
     - description: Fix the issue of populating tags and terminate the pipeline on agent failures.
 
@@ -24,6 +24,7 @@ state:
   access_token: {{access_token}}
   client_secret: {{client_secret}}
   initial_interval: {{initial_interval}}
+  recovery_interval: {{recovery_interval}}
   event_limit: {{event_limit}}
 
 redact:
@@ -37,7 +38,7 @@ program: |-
     (
       state.?cursor.recovery_mode.orValue(false) ?
         {
-          "from": int(now - duration("12h")),
+          "from": int(now - duration(state.recovery_interval)),
           "to": int(now - duration("1m")),
         }
       : state.?cursor.last_offset.hasValue() ?
@@ -112,7 +113,7 @@ program: |-
                       "want_more": lines.size() >= int(state.event_limit),
                     }
                   )
-                : (resp.StatusCode == 416) ?
+                : (resp.StatusCode == 416 || (resp.StatusCode == 400 && size(resp.Body) != 0 && bytes(resp.Body).decode_json().as(errorBody, has(errorBody.detail) && errorBody.detail.to_lower().contains("invalid timestamp")))) ?
                   {
                     "events": [
                       {
 
@@ -69,6 +69,14 @@ streams:
         show_user: true
         default: 12h
         description: Initial interval to poll for events. Default is the maximum allowed value of 12 hours. Supported units for this parameter are h/m/s.
+      - name: recovery_interval
+        type: text
+        title: Recovery Interval
+        multi: false
+        required: true
+        show_user: false
+        default: 12h
+        description: Lookback period for data retrieval when the integration enters recovery mode. Default and maximum allowed value is 12 hours. Supported units for this parameter are h/m/s.
       - name: event_limit
         type: integer
         multi: false
Original file line number	Diff line number	Diff line change
`@@ -24,6 +24,7 @@ state:`
`24`	`24`	`access_token: {{access_token}}`
`25`	`25`	`client_secret: {{client_secret}}`
`26`	`26`	`initial_interval: {{initial_interval}}`
	`27`	`+ recovery_interval: {{recovery_interval}}`
`27`	`28`	`event_limit: {{event_limit}}`
`28`	`29`
`29`	`30`	`redact:`
`@@ -37,7 +38,7 @@ program: \|-`
`37`	`38`	`(`
`38`	`39`	`state.?cursor.recovery_mode.orValue(false) ?`
`39`	`40`	`{`
`40`		`- "from": int(now - duration("12h")),`
	`41`	`+ "from": int(now - duration(state.recovery_interval)),`
`41`	`42`	`"to": int(now - duration("1m")),`
`42`	`43`	`}`
`43`	`44`	`: state.?cursor.last_offset.hasValue() ?`
`@@ -112,7 +113,7 @@ program: \|-`
`112`	`113`	`"want_more": lines.size() >= int(state.event_limit),`
`113`	`114`	`}`
`114`	`115`	`)`
`115`		`- : (resp.StatusCode == 416) ?`
	`116`	`+ : (resp.StatusCode == 416 \|\| (resp.StatusCode == 400 && size(resp.Body) != 0 && bytes(resp.Body).decode_json().as(errorBody, has(errorBody.detail) && errorBody.detail.to_lower().contains("invalid timestamp")))) ?`
`116`	`117`	`{`
`117`	`118`	`"events": [`
`118`	`119`	`{`