elastic
diff --git a/‎.buildkite/pipeline.schedule-daily.yml‎
Lines changed: 2 additions & 2 deletions b/‎.buildkite/pipeline.schedule-daily.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.buildkite/pipeline.schedule-weekly.yml‎
Lines changed: 2 additions & 2 deletions b/‎.buildkite/pipeline.schedule-weekly.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.buildkite/pull-requests.json‎
Lines changed: 11 additions & 1 deletion b/‎.buildkite/pull-requests.json‎
Lines changed: 11 additions & 1 deletion
diff --git a/‎.buildkite/scripts/common.sh‎
Lines changed: 1 addition & 1 deletion b/‎.buildkite/scripts/common.sh‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/amazon_security_lake/changelog.yml‎
Lines changed: 5 additions & 0 deletions b/‎packages/amazon_security_lake/changelog.yml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎packages/amazon_security_lake/data_stream/event/_dev/test/pipeline/test-application-activity.log-expected.json‎
Lines changed: 1 addition & 1 deletion b/‎packages/amazon_security_lake/data_stream/event/_dev/test/pipeline/test-application-activity.log-expected.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/amazon_security_lake/data_stream/event/_dev/test/pipeline/test-network-activity.log-expected.json‎
Lines changed: 1 addition & 1 deletion b/‎packages/amazon_security_lake/data_stream/event/_dev/test/pipeline/test-network-activity.log-expected.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/amazon_security_lake/data_stream/event/elasticsearch/ingest_pipeline/default.yml‎
Lines changed: 21 additions & 3 deletions b/‎packages/amazon_security_lake/data_stream/event/elasticsearch/ingest_pipeline/default.yml‎
Lines changed: 21 additions & 3 deletions
diff --git a/‎packages/amazon_security_lake/manifest.yml‎
Lines changed: 1 addition & 1 deletion b/‎packages/amazon_security_lake/manifest.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/armis/_dev/build/docs/README.md‎
Lines changed: 14 additions & 33 deletions b/‎packages/armis/_dev/build/docs/README.md‎
Lines changed: 14 additions & 33 deletions
@@ -86,13 +86,13 @@ steps:
     if: |
       build.env('TEST_PACKAGES_BASIC_SUBSCRIPTION') == "true"
 
-  - label: "Check integrations local stacks - Stack Version v9.1"
+  - label: "Check integrations local stacks - Stack Version v9.2"
     trigger: "integrations"
     build:
       env:
         SERVERLESS: "false"
         FORCE_CHECK_ALL: "true"
-        STACK_VERSION: 9.1.0-SNAPSHOT
+        STACK_VERSION: 9.2.0-SNAPSHOT
         PUBLISH_COVERAGE_REPORTS: "false"
     depends_on:
       - step: "check"
 
@@ -28,13 +28,13 @@ steps:
       - step: "check"
         allow_failure: false
 
-  - label: "Check integrations local stacks and non-wolfi images for Elastic Agent - Stack Version v9.1"
+  - label: "Check integrations local stacks and non-wolfi images for Elastic Agent - Stack Version v9.2"
     trigger: "integrations"
     build:
       env:
         SERVERLESS: "false"
         FORCE_CHECK_ALL: "true"
-        STACK_VERSION: 9.1.0-SNAPSHOT
+        STACK_VERSION: 9.2.0-SNAPSHOT
         PUBLISH_COVERAGE_REPORTS: "false"
         ELASTIC_PACKAGE_DISABLE_ELASTIC_AGENT_WOLFI: "true"
     depends_on:
 
@@ -13,7 +13,17 @@
       "always_trigger_comment_regex": "^(?:(?:buildkite\\W+)?(?:build|test)\\W+(?:this|it))|^/test$|^/test benchmark fullreport$",
       "skip_ci_labels": [],
       "skip_target_branches": [],
-      "skip_ci_on_only_changed": ["^.github/workflows/", "^.github/dependabot.yml$", "^.github/ISSUE_TEMPLATE/", "^docs/", "^catalog-info.yaml$", "^.buildkite/pull-requests.json$"],
+      "skip_ci_on_only_changed": [
+        "^.github/workflows/",
+        "^.github/dependabot.yml$",
+        "^.github/ISSUE_TEMPLATE/",
+        "^docs/",
+        "^catalog-info.yaml$",
+        "^.buildkite/pipeline.schedule-daily.yml$",
+        "^.buildkite/pipeline.schedule-weekly.yml$",
+        "^.buildkite/pipeline.backport.yml$",
+        "^.buildkite/pull-requests.json$"
+      ],
       "always_require_ci_on_changed": []
     },
     {
 
@@ -746,7 +746,7 @@ is_pr_affected() {
     # Example:
     # https://buildkite.com/elastic/integrations/builds/25606
     # https://github.com/elastic/integrations/pull/13810
-    if git diff --name-only "${commit_merge}" "${to}" | grep -E -v '^(packages/|\.github/(CODEOWNERS|ISSUE_TEMPLATE|PULL_REQUEST_TEMPLATE)|README\.md|docs/|catalog-info\.yaml|\.buildkite/pull-requests\.json)' > /dev/null; then
+    if git diff --name-only "${commit_merge}" "${to}" | grep -E -v '^(packages/|\.github/(CODEOWNERS|ISSUE_TEMPLATE|PULL_REQUEST_TEMPLATE)|README\.md|docs/|catalog-info\.yaml|\.buildkite/(pull-requests\.json|pipeline\.schedule-daily\.yml|pipeline\.schedule-weekly\.yml|pipeline\.backport\.yml))' > /dev/null; then
         echo "[${package}] PR is affected: found non-package files"
         return 0
     fi
 
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.5.3"
+  changes:
+    - description: Remove null fields on entry to ingest pipeline to prevent spurious rename failures.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/14392
 - version: "2.5.2"
   changes:
     - description: Fix handling `ocsf.api.request.data` and `ocsf.api.response.data` when they are a JSON encoded object.
 
@@ -20,6 +20,25 @@ processors:
         - append:
             field: error.message
             value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
+  - script:
+      lang: painless
+      description: Drops null/empty values recursively.
+      tag: painless_remove_null_from_ocsf
+      if: ctx.ocsf instanceof Map
+      source: |-
+        boolean drop(Object object) {
+          if (object == null || object == '') {
+            return true;
+          } else if (object instanceof Map) {
+            ((Map) object).values().removeIf(v -> drop(v));
+            return (((Map) object).size() == 0);
+          } else if (object instanceof List) {
+            ((List) object).removeIf(v -> drop(v));
+            return (((List) object).length == 0);
+          }
+          return false;
+        }
+        drop(ctx.ocsf);
   - script: 
       description: Recursively traverses the ocsf object to convert suspected timestamps to milliseconds.
       tag: convert_timestamps_to_milliseconds
@@ -64,19 +83,18 @@ processors:
           return null;
         }
         processFields(ctx.ocsf);
-    
   - rename:
       field: ocsf.resource
       target_field: ocsf.resources
       tag: rename_resource_to_resources
       ignore_missing: true
-      if : ctx.ocsf?.resources == null
+      if: ctx.ocsf?.resources == null
   - rename:
       field: ocsf.finding_info_list
       target_field: ocsf.finding_info
       tag: rename_finding_info_list_to_finding_info
       ignore_missing: true
-      if : ctx.ocsf?.finding_info == null
+      if: ctx.ocsf?.finding_info == null
   - convert:
       field: ocsf.class_uid
       tag: convert_class_uid_to_string
 
@@ -1,7 +1,7 @@
 format_version: "3.0.3"
 name: amazon_security_lake
 title: Amazon Security Lake
-version: "2.5.2"
+version: "2.5.3"
 description: Collect logs from Amazon Security Lake with Elastic Agent.
 type: integration
 categories: ["aws", "security"]
 
@@ -22,65 +22,46 @@ The Armis integration collects three types of logs.
 
 ## Requirements
 
-### Agentless Enabled Integration
+### Agentless-enabled integration
+
 Agentless integrations allow you to collect data without having to manage Elastic Agent in your cloud. They make manual agent deployment unnecessary, so you can focus on your data instead of the agent that collects it. For more information, refer to [Agentless integrations](https://www.elastic.co/guide/en/serverless/current/security-agentless-integrations.html) and the [Agentless integrations FAQ](https://www.elastic.co/guide/en/serverless/current/agentless-integration-troubleshooting.html).
 
 Agentless deployments are only supported in Elastic Serverless and Elastic Cloud environments.  This functionality is in beta and is subject to change. Beta features are not subject to the support SLA of official GA features.
 
-### Agent Based Installation
-- Elastic Agent must be installed
-- You can install only one Elastic Agent per host.
-- Elastic Agent is required to stream data from the GCP Pub/Sub or REST API and ship the data to Elastic, where the events will then be processed via the integration's ingest pipelines.
-
-#### Installing and managing an Elastic Agent:
-
-You have a few options for installing and managing an Elastic Agent:
-
-#### Install a Fleet-managed Elastic Agent (recommended):
-
-With this approach, you install Elastic Agent and use Fleet in Kibana to define, configure, and manage your agents in a central location. We recommend using Fleet management because it makes the management and upgrade of your agents considerably easier.
-
-#### Install Elastic Agent in standalone mode (advanced users):
-
-With this approach, you install Elastic Agent and manually configure the agent locally on the system where it’s installed. You are responsible for managing and upgrading the agents. This approach is reserved for advanced users only.
-
-#### Install Elastic Agent in a containerized environment:
-
-You can run Elastic Agent inside a container, either with Fleet Server or standalone. Docker images for all versions of Elastic Agent are available from the Elastic Docker registry and we provide deployment manifests for running on Kubernetes.
+### Agent-based installation
 
-There are some minimum requirements for running Elastic Agent and for more information, refer to the link [here](https://www.elastic.co/guide/en/fleet/current/elastic-agent-installation.html).
+Elastic Agent must be installed. For more details, check the Elastic Agent [installation instructions](docs-content://reference/fleet/install-elastic-agents.md).
 
 ## Setup
 
-### To collect logs through REST API, follow the below steps:
+### Collect logs through REST API
 
 1. Log in to your Armis portal.
 2. Navigate to the **Settings** tab.
 3. Select **Asset Management & Security**.
 4. Go to **API Management** and generate a **Secret Key**.
 
-### Enabling the integration in Elastic:
+### Enable the integration in Elastic
 
-1. In Kibana navigate to Management > Integrations.
-2. In "Search for integrations" top bar, search for `Armis`.
-3. Select the "Armis" integration from the search results.
-4. Select "Add Armis" to add the integration.
-5. Add all the required integration configuration parameters, including the URL, Secret Key to enable data collection.
-6. Select "Save and continue" to save the integration.
+1. In Kibana navigate to **Management** > **Integrations**.
+2. In the search bar, type **Armis**.
+3. Select the **Armis** integration and add it.
+4. Add all the required integration configuration parameters, including the URL, Secret Key to enable data collection.
+5. Save the integration.
 
 ## Limitations
 
-1. In the **vulnerability data stream**, our filtering mechanism for the **vulnerability search API** relies specifically on the `lastDetected` field. This means that when a user takes action on a vulnerability and `lastDetected` updates, only then will the event for that vulnerability be retrieved. Initially, we assumed this field would always have a value and could be used as a cursor timestamp for fetching data between intervals. However, due to inconsistencies in the API response, we observed cases where `lastDetected` is `null`.
+In the **vulnerability data stream**, our filtering mechanism for the **vulnerability search API** relies specifically on the `lastDetected` field. This means that when a user takes action on a vulnerability and `lastDetected` updates, only then will the event for that vulnerability be retrieved. Initially, we assumed this field would always have a value and could be used as a cursor timestamp for fetching data between intervals. However, due to inconsistencies in the API response, we observed cases where `lastDetected` is `null`.
 
 ## Troubleshooting
 
-- If you are seeing below mentioned errors in the **vulnerability data stream**, try reducing the page size in your request.
+- If you get the following errors in the **vulnerability data stream**, reduce the page size in your request.
 
   **Common errors:**
   - `502 Bad Gateway`
   - `414 Request-URI Too Large`
 
-- If you are encountering issues in the **alert data stream**, particularly during the initial data fetch, try reducing the initial interval.
+- If you encounter issues in the **alert data stream**, particularly during the initial data fetch, reduce the initial interval.
 
   **Example error:**
   - `The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.`