elastic
diff --git a/‎go.mod‎
Lines changed: 1 addition & 1 deletion b/‎go.mod‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎go.sum‎
Lines changed: 2 additions & 2 deletions b/‎go.sum‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎packages/abnormal_security/_dev/build/docs/README.md‎
Lines changed: 13 additions & 13 deletions b/‎packages/abnormal_security/_dev/build/docs/README.md‎
Lines changed: 13 additions & 13 deletions
diff --git a/‎packages/abnormal_security/changelog.yml‎
Lines changed: 7 additions & 0 deletions b/‎packages/abnormal_security/changelog.yml‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎packages/abnormal_security/data_stream/ai_security_mailbox/manifest.yml‎
Lines changed: 3 additions & 3 deletions b/‎packages/abnormal_security/data_stream/ai_security_mailbox/manifest.yml‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎packages/abnormal_security/data_stream/ai_security_mailbox_not_analyzed/manifest.yml‎
Lines changed: 3 additions & 3 deletions b/‎packages/abnormal_security/data_stream/ai_security_mailbox_not_analyzed/manifest.yml‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎packages/abnormal_security/data_stream/audit/manifest.yml‎
Lines changed: 3 additions & 3 deletions b/‎packages/abnormal_security/data_stream/audit/manifest.yml‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎packages/abnormal_security/data_stream/case/manifest.yml‎
Lines changed: 3 additions & 3 deletions b/‎packages/abnormal_security/data_stream/case/manifest.yml‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎packages/abnormal_security/data_stream/threat/fields/fields.yml‎
Lines changed: 1 addition & 1 deletion b/‎packages/abnormal_security/data_stream/threat/fields/fields.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/abnormal_security/data_stream/threat/manifest.yml‎
Lines changed: 3 additions & 3 deletions b/‎packages/abnormal_security/data_stream/threat/manifest.yml‎
Lines changed: 3 additions & 3 deletions
@@ -3,7 +3,7 @@ module github.com/elastic/integrations
 go 1.24.2
 
 require (
-	github.com/Masterminds/semver/v3 v3.3.1
+	github.com/Masterminds/semver/v3 v3.4.0
 	github.com/blang/semver v3.5.1+incompatible
 	github.com/cli/go-gh/v2 v2.12.1
 	github.com/elastic/elastic-package v0.112.0
 
@@ -61,8 +61,8 @@ github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ
 github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE=
 github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
 github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
-github.com/Masterminds/semver/v3 v3.3.1 h1:QtNSWtVZ3nBfk8mAOu/B6v7FMJ+NHTIgUPi7rj+4nv4=
-github.com/Masterminds/semver/v3 v3.3.1/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM=
+github.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0=
+github.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM=
 github.com/Masterminds/sprig/v3 v3.3.0 h1:mQh0Yrg1XPo6vjYXgtf5OtijNAKJRNcTdOOGZe3tPhs=
 github.com/Masterminds/sprig/v3 v3.3.0/go.mod h1:Zy1iXRYNqNLUolqCpL4uhk6SHUMAOSCzdgBfDb35Lz0=
 github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2 h1:+vx7roKuyA63nhn5WAunQHLTznkw5W8b1Xc0dNjp83s=
 
@@ -1,12 +1,12 @@
-# Abnormal Security
+# Abnormal AI
 
-Abnormal Security is a behavioral AI-based email security platform that learns the behavior of every identity in a cloud email environment and analyzes the risk of every event to block even the most sophisticated attacks.
+Abnormal AI is a behavioral AI-based email security platform that learns the behavior of every identity in a cloud email environment and analyzes the risk of every event to block even the most sophisticated attacks.
 
-The Abnormal Security integration collects data for AI Security Mailbox (formerly known as Abuse Mailbox), Audit, Case, and Threat logs using REST API.
+The Abnormal AI integration collects data for AI Security Mailbox (formerly known as Abuse Mailbox), Audit, Case, and Threat logs using REST API.
 
 ## Data streams
 
-The Abnormal Security integration collects six types of logs:
+The Abnormal AI integration collects six types of logs:
 
 - **[AI Security Mailbox](https://app.swaggerhub.com/apis-docs/abnormal-security/abx/1.4.3#/AI%20Security%20Mailbox%20(formerly%20known%20as%20Abuse%20Mailbox))** - Get details of AI Security Mailbox.
 
@@ -26,31 +26,31 @@ Elastic Agent must be installed. For more details, check the Elastic Agent [inst
 
 ## Setup
 
-### To collect data from the Abnormal Security Client API:
+### To collect data from the Abnormal AI Client API:
 
 #### Step 1: Go to Portal
-* Visit the [Abnormal Security Portal](https://portal.abnormalsecurity.com/home/settings/integrations) and click on the `Abnormal REST API` setting.
+* Visit the [Abnormal AI Portal](https://portal.abnormalsecurity.com/home/settings/integrations) and click on the `Abnormal REST API` setting.
 
 #### Step 2: Generating the authentication token
-* Retrieve your authentication token. This token will be used further in the Elastic integration setup to authenticate and access different Abnormal Security Logs.
+* Retrieve your authentication token. This token will be used further in the Elastic integration setup to authenticate and access different Abnormal AI Logs.
 
 #### Step 3: IP allowlisting
-* Abnormal Security requires you to restrict API access based on source IP. So in order for the integration to work, user needs to update the IP allowlisting to include the external source IP of the endpoint running the integration via Elastic Agent.
+* Abnormal AI requires you to restrict API access based on source IP. So in order for the integration to work, user needs to update the IP allowlisting to include the external source IP of the endpoint running the integration via Elastic Agent.
 
 ### Enabling the integration in Elastic:
 
 1. In Kibana navigate to Management > Integrations.
-2. In "Search for integrations" top bar, search for `Abnormal Security`.
-3. Select the "Abnormal Security" integration from the search results.
-4. Select "Add Abnormal Security" to add the integration.
+2. In "Search for integrations" top bar, search for `Abnormal AI`.
+3. Select the "Abnormal AI" integration from the search results.
+4. Select "Add Abnormal AI" to add the integration.
 5. Add all the required integration configuration parameters, including Access Token, Interval, Initial Interval and Page Size to enable data collection.
 6. Select "Save and continue" to save the integration.
 
-**Note**: By default, the URL is set to `https://api.abnormalplatform.com`. We have observed that Abnormal Security Base URL changes based on location so find your own base URL.
+**Note**: By default, the URL is set to `https://api.abnormalplatform.com`. We have observed that Abnormal AI Base URL changes based on location so find your own base URL.
 
 ### Enabling enrichment for Threat events
 
-Introduced in version 1.8.0, the Abnormal Security integration includes a new option called `Enable Attachments and Links enrichment` for the Threat data stream. When enabled, this feature enriches incoming threat events with additional details about any attachments and links included in the original message.
+Introduced in version 1.8.0, the Abnormal AI integration includes a new option called `Enable Attachments and Links enrichment` for the Threat data stream. When enabled, this feature enriches incoming threat events with additional details about any attachments and links included in the original message.
 
 ## Logs reference
 
 
@@ -1,4 +1,11 @@
 # newer versions go on top
+- version: "1.9.0"
+  changes:
+    - description: |
+        Rebrand integration to Abnormal AI to align with the current vendor's branding.
+        This is a superficial branding update only and does not affect existing functionalities.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/14357
 - version: "1.8.1"
   changes:
     - description: Prevent loss of recent unprocessed messages by the `ai_security_mailbox_not_analyzed` data stream.
 
@@ -13,11 +13,11 @@ streams:
         required: true
         show_user: true
         default: 24h
-        description: How far back to pull the AI Security Mailbox logs from Abnormal Security API. Supported units for this parameter are h/m/s.
+        description: How far back to pull the AI Security Mailbox logs from Abnormal AI API. Supported units for this parameter are h/m/s.
       - name: interval
         type: text
         title: Interval
-        description: Duration between requests to the Abnormal Security API. Supported units for this parameter are h/m/s.
+        description: Duration between requests to the Abnormal AI API. Supported units for this parameter are h/m/s.
         default: 5m
         multi: false
         required: true
@@ -28,7 +28,7 @@ streams:
         multi: false
         required: true
         show_user: false
-        description: Page size for the response of the Abnormal Security API.
+        description: Page size for the response of the Abnormal AI API.
         default: 100
       - name: http_client_timeout
         type: text
 
@@ -13,18 +13,18 @@ streams:
         required: true
         show_user: true
         default: 2160h
-        description: How far back to pull the AI Security Mailbox Not Analyzed messages from Abnormal Security API. Defaults to 90 days (2160h) before end. Supported units for this parameter are h/m/s.
+        description: How far back to pull the AI Security Mailbox Not Analyzed messages from Abnormal AI API. Defaults to 90 days (2160h) before end. Supported units for this parameter are h/m/s.
       - name: wait_interval
         type: text
         title: Recent Message Grace Interval 
         multi: false
         required: true
         show_user: true
-        description: How long to wait before attempting to collect recent messages. This option allows the Abnormal Security API to complete analysis of messages before the agent attempts to collect them. This should not be greater than the initial interval. Supported units for this parameter are h/m/s.
+        description: How long to wait before attempting to collect recent messages. This option allows the Abnormal AI API to complete analysis of messages before the agent attempts to collect them. This should not be greater than the initial interval. Supported units for this parameter are h/m/s.
       - name: interval
         type: text
         title: Interval
-        description: Duration between requests to the Abnormal Security API. Defaults to 1 hour. Supported units for this parameter are h/m/s.
+        description: Duration between requests to the Abnormal AI API. Defaults to 1 hour. Supported units for this parameter are h/m/s.
         default: 1h
         multi: false
         required: true
 
@@ -13,11 +13,11 @@ streams:
         required: true
         show_user: true
         default: 24h
-        description: How far back to pull the Audit logs from Abnormal Security API. Supported units for this parameter are h/m/s.
+        description: How far back to pull the Audit logs from Abnormal AI API. Supported units for this parameter are h/m/s.
       - name: interval
         type: text
         title: Interval
-        description: Duration between requests to the Abnormal Security API. Supported units for this parameter are h/m/s.
+        description: Duration between requests to the Abnormal AI API. Supported units for this parameter are h/m/s.
         default: 5m
         multi: false
         required: true
@@ -28,7 +28,7 @@ streams:
         multi: false
         required: true
         show_user: false
-        description: Page size for the response of the Abnormal Security API.
+        description: Page size for the response of the Abnormal AI API.
         default: 100
       - name: http_client_timeout
         type: text
 
@@ -13,11 +13,11 @@ streams:
         required: true
         show_user: true
         default: 24h
-        description: How far back to pull the Case logs from Abnormal Security API. Supported units for this parameter are h/m/s.
+        description: How far back to pull the Case logs from Abnormal AI API. Supported units for this parameter are h/m/s.
       - name: interval
         type: text
         title: Interval
-        description: Duration between requests to the Abnormal Security API. Supported units for this parameter are h/m/s.
+        description: Duration between requests to the Abnormal AI API. Supported units for this parameter are h/m/s.
         default: 5m
         multi: false
         required: true
@@ -28,7 +28,7 @@ streams:
         multi: false
         required: true
         show_user: false
-        description: Page size for the response of the Abnormal Security API.
+        description: Page size for the response of the Abnormal AI API.
         default: 100
       - name: http_client_timeout
         type: text
 
@@ -9,7 +9,7 @@
           description: A unique identifier for an individual message within a threat (i.e email campaign).
         - name: abx_portal_url
           type: keyword
-          description: The URL at which the specific message details are viewable in Abnormal Security's Portal web interface.
+          description: The URL at which the specific message details are viewable in Abnormal AI's Portal web interface.
         - name: attachment_count
           type: long
           description: Number of attachments in email (only available for IESS customers).
 
@@ -13,11 +13,11 @@ streams:
         required: true
         show_user: true
         default: 24h
-        description: How far back to pull the Threat logs from Abnormal Security API. Supported units for this parameter are h/m/s.
+        description: How far back to pull the Threat logs from Abnormal AI API. Supported units for this parameter are h/m/s.
       - name: interval
         type: text
         title: Interval
-        description: Duration between requests to the Abnormal Security API. Supported units for this parameter are h/m/s.
+        description: Duration between requests to the Abnormal AI API. Supported units for this parameter are h/m/s.
         default: 5m
         multi: false
         required: true
@@ -28,7 +28,7 @@ streams:
         multi: false
         required: true
         show_user: false
-        description: Page size for the response of the Abnormal Security API.
+        description: Page size for the response of the Abnormal AI API.
         default: 100
       - name: http_client_timeout
         type: text