elastic
diff --git a/‎.buildkite/scripts/common.sh‎
Lines changed: 11 additions & 2 deletions b/‎.buildkite/scripts/common.sh‎
Lines changed: 11 additions & 2 deletions
diff --git a/‎.buildkite/scripts/packages/security_detection_engine.sh‎
Lines changed: 70 additions & 0 deletions b/‎.buildkite/scripts/packages/security_detection_engine.sh‎
Lines changed: 70 additions & 0 deletions
diff --git a/‎.buildkite/scripts/test_one_package.sh‎
Lines changed: 10 additions & 1 deletion b/‎.buildkite/scripts/test_one_package.sh‎
Lines changed: 10 additions & 1 deletion
diff --git a/‎.github/CODEOWNERS‎
Lines changed: 2 additions & 1 deletion b/‎.github/CODEOWNERS‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎.github/ISSUE_TEMPLATE/integration_bug.yml‎
Lines changed: 2 additions & 0 deletions b/‎.github/ISSUE_TEMPLATE/integration_bug.yml‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎.github/ISSUE_TEMPLATE/integration_feature_request.yml‎
Lines changed: 2 additions & 0 deletions b/‎.github/ISSUE_TEMPLATE/integration_feature_request.yml‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎packages/agentless_hello_world/manifest.yml‎
Lines changed: 2 additions & 2 deletions b/‎packages/agentless_hello_world/manifest.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎packages/aws/changelog.yml‎
Lines changed: 7 additions & 2 deletions b/‎packages/aws/changelog.yml‎
Lines changed: 7 additions & 2 deletions
diff --git a/‎packages/aws/data_stream/guardduty/agent/stream/httpjson.yml.hbs‎
Lines changed: 1 addition & 0 deletions b/‎packages/aws/data_stream/guardduty/agent/stream/httpjson.yml.hbs‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎packages/aws/data_stream/guardduty/sample_event.json‎
Lines changed: 9 additions & 9 deletions b/‎packages/aws/data_stream/guardduty/sample_event.json‎
Lines changed: 9 additions & 9 deletions
@@ -728,7 +728,7 @@ is_pr_affected() {
             return 1
         fi
         if ! is_supported_capability ; then
-            echo "[${package}] PR is not affected: capabilities not mached with the project (${SERVERLESS_PROJECT})"
+            echo "[${package}] PR is not affected: capabilities not matched with the project (${SERVERLESS_PROJECT})"
             return 1
         fi
         if [[ "${package}" == "fleet_server" ]]; then
@@ -763,10 +763,19 @@ is_pr_affected() {
     # Example:
     # https://buildkite.com/elastic/integrations/builds/25606
     # https://github.com/elastic/integrations/pull/13810
-    if git diff --name-only "${commit_merge}" "${to}" | grep -E -v '^(packages/|\.github/(CODEOWNERS|ISSUE_TEMPLATE|PULL_REQUEST_TEMPLATE|workflows/)|CODE_OF_CONDUCT\.md|README\.md|docs/|catalog-info\.yaml|\.buildkite/(pull-requests\.json|pipeline\.schedule-daily\.yml|pipeline\.schedule-weekly\.yml|pipeline\.backport\.yml))' > /dev/null; then
+    if git diff --name-only "${commit_merge}" "${to}" | grep -E -v '^(packages/|\.github/(CODEOWNERS|ISSUE_TEMPLATE|PULL_REQUEST_TEMPLATE|workflows/)|CODE_OF_CONDUCT\.md|README\.md|docs/|catalog-info\.yaml|\.buildkite/(pull-requests\.json|pipeline\.schedule-daily\.yml|pipeline\.schedule-weekly\.yml|pipeline\.backport\.yml|scripts/packages/.+\.sh))' > /dev/null; then
         echo "[${package}] PR is affected: found non-package files"
         return 0
     fi
+    echoerr "[${package}] git-diff: check custom package checker script file (${commit_merge}..${to})"
+    # Avoid using "-q" in grep in this pipe, it could cause that some files updated are not detected due to SIGPIPE errors when "set -o pipefail"
+    # Example:
+    # https://buildkite.com/elastic/integrations/builds/25606
+    # https://github.com/elastic/integrations/pull/13810
+    if git diff --name-only "${commit_merge}" "${to}" | grep -E "^\.buildkite/scripts/packages/${package}.sh" > /dev/null; then
+        echo "[${package}] PR is affected: found package checker script changes"
+        return 0
+    fi
     echoerr "[${package}] git-diff: check package files (${commit_merge}..${to})"
     # Avoid using "-q" in grep in this pipe, it could cause that some files updated are not detected due to SIGPIPE errors when "set -o pipefail"
     # Example:
 
@@ -0,0 +1,70 @@
+#!/bin/bash
+
+set -euo pipefail
+
+if [[ "${BUILDKITE_PULL_REQUEST}" == "false" ]]; then
+  exit 0
+fi
+
+# Fetch active Kibana versions
+ACTIVE_KIBANA_VERSIONS=$(curl -sL https://raw.githubusercontent.com/elastic/kibana/main/versions.json | yq '.versions[].version' | xargs)
+echo "Active Kibana versions: $ACTIVE_KIBANA_VERSIONS"
+
+# Extract version spec from the manifest
+KIBANA_REQ=$(yq .conditions.kibana.version ./packages/security_detection_engine/manifest.yml)
+echo "Kibana requirement from the security_detection_engine manifest: $KIBANA_REQ"
+
+# Dump a trivial Go program to filter by semver constrains
+TEMP_DIR=$(mktemp -d)
+SEMVER_FILTER_PATH="$TEMP_DIR/semver.go"
+
+cat <<'GO' > "$SEMVER_FILTER_PATH"
+package main
+
+import (
+  "strings"
+	"fmt"
+	"os"
+	"github.com/Masterminds/semver/v3"
+)
+
+func main() {
+	c, err := semver.NewConstraint(os.Args[1])
+  if err != nil {
+		panic(err)
+	}
+
+	for _, s := range strings.Split(os.Args[2], " ") {
+		if v, _ := semver.NewVersion(s); c.Check(v) {
+			fmt.Println(s + "-SNAPSHOT")
+		}
+	}
+}
+GO
+
+# Capture the "returned" array in STACK_VERSIONS
+read -r -a STACK_VERSIONS <<< "$(go run "${SEMVER_FILTER_PATH}" "${KIBANA_REQ}" "${ACTIVE_KIBANA_VERSIONS}" | xargs)"
+
+if [[ ! -n "${STACK_VERSIONS+x}" ]]; then
+	echo "There are no active versions satisfying the constraint ${KIBANA_REQ}."
+  exit 0
+fi
+
+# Trigger OOM testing pipeline for each stack version
+for STACK_VERSION in "${STACK_VERSIONS[@]}"
+do
+  echo "--- [security_detection_engine] Trigger OOM testing pipeline against $STACK_VERSION ECH"
+
+  cat <<YAML | buildkite-agent pipeline upload
+steps:
+  - key: 'run-oom-testing-$(echo "$STACK_VERSION" | sed 's/\./_/g')$BUILDKITE_BUILD_NUMBER'
+    label: ":elastic-cloud::bar_chart: [security_detection_engine] Test for OOM issues against $STACK_VERSION ECH"
+    trigger: "appex-qa-stateful-security-prebuilt-rules-ftr-oom-testing"
+    async: false
+    build:
+      message: "Test security_detection_engine package against $STACK_VERSION ($GITHUB_PR_BASE_OWNER/$GITHUB_PR_BASE_REPO, branch: $GITHUB_PR_BRANCH, commit: $BUILDKITE_COMMIT)"
+      env:
+        STACK_VERSION: $STACK_VERSION
+        ELASTIC_INTEGRATIONS_REPO_COMMIT: $BUILDKITE_COMMIT
+YAML
+done
@@ -35,4 +35,13 @@ if ! process_package "${package}" ; then
 fi
 popd > /dev/null
 
-exit "${exit_code}"
+if [ "${exit_code}" -ne 0 ] ; then
+  exit "${exit_code}"
+fi
+
+custom_package_checker_script_path="${SCRIPTS_BUILDKITE_PATH}/packages/${package}.sh"
+
+if [ -x "$custom_package_checker_script_path" ]; then
+  echo "--- [${package}] Run individual package checker"
+  "$custom_package_checker_script_path"
+fi
@@ -13,7 +13,7 @@
 /packages/abnormal_security @elastic/security-service-integrations
 /packages/activemq @elastic/obs-infraobs-integrations
 /packages/admin_by_request_epm @elastic/security-service-integrations
-/packages/agentless_hello_world @elastic/agentless-team
+/packages/agentless_hello_world @elastic/ingest-managed-jobs
 /packages/airflow @elastic/obs-infraobs-integrations
 /packages/airlock_digital @elastic/security-service-integrations
 /packages/akamai @elastic/security-service-integrations
@@ -275,6 +275,7 @@
 /packages/hpe_aruba_cx @elastic/integration-experience
 /packages/hta @elastic/sec-applied-ml
 /packages/http_endpoint @elastic/security-service-integrations
+/packages/httpcheck_otel @elastic/ecosystem
 /packages/httpjson @elastic/security-service-integrations
 /packages/ibm_qradar @elastic/security-service-integrations
 /packages/ibmmq @elastic/obs-infraobs-integrations
 
@@ -297,6 +297,7 @@ body:
         - PostgreSQL [postgresql]
         - Prebuilt Security Detection Rules [security_detection_engine]
         - Privileged Access Detection [pad]
+        - Profilingmetrics OpenTelemetry Assets [profilingmetrics_otel]
         - Prometheus Input [prometheus_input]
         - Prometheus [prometheus]
         - Proofpoint ITM [proofpoint_itm]
@@ -322,6 +323,7 @@ body:
         - SentinelOne Cloud Funnel [sentinel_one_cloud_funnel]
         - SentinelOne [sentinel_one]
         - ServiceNow [servicenow]
+        - Simple HTTP Check [httpcheck_otel]
         - Slack Logs [slack]
         - Snort [snort]
         - Snyk [snyk]
 
@@ -297,6 +297,7 @@ body:
         - PostgreSQL [postgresql]
         - Prebuilt Security Detection Rules [security_detection_engine]
         - Privileged Access Detection [pad]
+        - Profilingmetrics OpenTelemetry Assets [profilingmetrics_otel]
         - Prometheus Input [prometheus_input]
         - Prometheus [prometheus]
         - Proofpoint ITM [proofpoint_itm]
@@ -322,6 +323,7 @@ body:
         - SentinelOne Cloud Funnel [sentinel_one_cloud_funnel]
         - SentinelOne [sentinel_one]
         - ServiceNow [servicenow]
+        - Simple HTTP Check [httpcheck_otel]
         - Slack Logs [slack]
         - Snort [snort]
         - Snyk [snyk]
 
@@ -28,12 +28,12 @@ policy_templates:
         is_default: true
         organization: observability
         division: engineering
-        team: agentless-team
+        team: ingest-managed-jobs
     inputs:
       - type: cel
         title: Collect data from EPR endpoint
         description: Fetches https://epr.elastic.co every minute.
         vars: []
 owner:
-  github: elastic/agentless-team
+  github: elastic/ingest-managed-jobs
   type: elastic
@@ -1,9 +1,14 @@
 # newer versions go on top
-- version: "4.4.1"
+- version: "4.5.1"
   changes:
     - description: Add `cookies` field in cloudfront logs datastream.
       type: bugfix
-      link: https://github.com/elastic/integrations/pull/15279
+      link: https://github.com/elastic/integrations/pull/16122
+- version: "4.5.0"
+  changes:
+    - description: Prevent updating fleet health status to degraded when the HTTPJSON template value evaluation is empty.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/15945
 - version: "4.4.0"
   changes:
     - description: Prefer set with copy_from.
 
@@ -42,6 +42,7 @@ response.pagination:
       target: body.nextToken
       value: '[[if (ne .last_response.body.nextToken "")]][[.last_response.body.nextToken]][[end]]'
       fail_on_template_error: true
+      do_not_log_failure: true
   - delete:
       target: header.Authorization
   - set:
 
@@ -1,11 +1,11 @@
 {
     "@timestamp": "2022-11-22T12:22:20.938Z",
     "agent": {
-        "ephemeral_id": "7b37f535-5ec4-4b95-a393-f3852061d4ac",
-        "id": "9e5875f3-d206-43b3-b24e-5a5096e50846",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "9260a8f4-04bb-4bed-8f06-9a1f54eb3d56",
+        "id": "383f5f90-e651-4a26-b1d8-0ecf81fa72e9",
+        "name": "elastic-agent-86959",
         "type": "filebeat",
-        "version": "8.11.0"
+        "version": "8.19.4"
     },
     "aws": {
         "guardduty": {
@@ -139,16 +139,16 @@
     },
     "data_stream": {
         "dataset": "aws.guardduty",
-        "namespace": "ep",
+        "namespace": "40034",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "9e5875f3-d206-43b3-b24e-5a5096e50846",
+        "id": "383f5f90-e651-4a26-b1d8-0ecf81fa72e9",
         "snapshot": false,
-        "version": "8.11.0"
+        "version": "8.19.4"
     },
     "event": {
         "action": "KUBERNETES_API_CALL",
@@ -157,7 +157,7 @@
         "dataset": "aws.guardduty",
         "end": "2022-11-22T12:22:20.000Z",
         "id": "e0c22973b012f3af67ac593443e920ff",
-        "ingested": "2023-12-14T11:38:35Z",
+        "ingested": "2025-11-12T05:48:59Z",
         "kind": [
             "event"
         ],
@@ -237,4 +237,4 @@
             "GeneratedFindingUserGroup"
         ]
     }
-}
+}