sei: ensure packages set error.kind to "pipeline_error" in on_failure processor

[efd6]

SEI package style now requires that the global on_failure sets error.kind to "pipeline_error". New package generally have this behaviour, but existing packages need to be brought up to date.

Current packages (identified by CODEOWNERS) that do not do this are (package, data stream name and file):

• 1password 1password,[ab]*: ensure event.kind is correctly set for pipeline errors #6599
  • item_usages: default.yml
  • signin_attempts: default.yml
• akamai 1password,[ab]*: ensure event.kind is correctly set for pipeline errors #6599
  • siem: default.yml
• atlassian_bitbucket 1password,[ab]*: ensure event.kind is correctly set for pipeline errors #6599
  • audit: default.yml
• atlassian_confluence 1password,[ab]*: ensure event.kind is correctly set for pipeline errors #6599
  • audit: cloud.yml
  • audit: self-hosted.yml
  • audit: default.yml
• atlassian_jira 1password,[ab]*: ensure event.kind is correctly set for pipeline errors #6599
  • audit: cloud.yml
  • audit: self-hosted.yml
  • audit: default.yml
• auditd 1password,[ab]*: ensure event.kind is correctly set for pipeline errors #6599
  • log: default.yml
• auditd_manager 1password,[ab]*: ensure event.kind is correctly set for pipeline errors #6599
  • auditd: default.yml
• auth0 1password,[ab]*: ensure event.kind is correctly set for pipeline errors #6599
  • logs: default.yml
• azure_frontdoor 1password,[ab]*: ensure event.kind is correctly set for pipeline errors #6599
  • access: default.yml
  • waf: default.yml
• barracuda_cloudgen_firewall 1password,[ab]*: ensure event.kind is correctly set for pipeline errors #6599
  • log: firewall.yml
  • log: web.yml
  • log: threat.yml
  • log: default.yml
• bitdefender 1password,[ab]*: ensure event.kind is correctly set for pipeline errors #6599
  • push_configuration: default.yml
  • push_statistics: default.yml
• bluecoat 1password,[ab]*: ensure event.kind is correctly set for pipeline errors #6599
  • director: default.yml
• box_events 1password,[ab]*: ensure event.kind is correctly set for pipeline errors #6599
  • events: default.yml
• carbon_black_cloud c*: ensure event.kind is correctly set for pipeline errors #6613
  • alert: default.yml
  • asset_vulnerability_summary: default.yml
  • audit: default.yml
  • endpoint_event: default.yml
  • watchlist_hit: default.yml
• carbonblack_edr c*: ensure event.kind is correctly set for pipeline errors #6613
  • log: default.yml
• cef c*: ensure event.kind is correctly set for pipeline errors #6613
  • log: fp-pipeline.yml
  • log: default.yml
  • log: cp-pipeline.yml
• cisco_aironet cisco*: ensure event.kind is correctly set for pipeline errors #6600
  • log: default.yml
• cisco_asa cisco*: ensure event.kind is correctly set for pipeline errors #6600
  • log: default.yml
• cisco_secure_email_gateway cisco*: ensure event.kind is correctly set for pipeline errors #6600
  • log: pipeline_gui_logs.yml
  • log: pipeline_consolidated_event.yml
  • log: pipeline_system.yml
  • log: pipeline_bounce.yml
  • log: pipeline_authentication.yml
  • log: pipeline_status.yml
  • log: pipeline_content_scanner.yml
  • log: pipeline_amp.yml
  • log: default.yml
  • log: pipeline_anti_spam.yml
  • log: pipeline_text_mail_logs.yml
  • log: pipeline_error_logs.yml
• cisco_duo cisco*: ensure event.kind is correctly set for pipeline errors #6600
  • admin: default.yml
  • auth: default.yml
  • offline_enrollment: default.yml
  • summary: default.yml
  • telephony: default.yml
• cisco_ftd cisco*: ensure event.kind is correctly set for pipeline errors #6600
  • log: default.yml
• cisco_ise cisco*: ensure event.kind is correctly set for pipeline errors #6600
  • log: pipeline_ad_connector.yml
  • log: pipeline_authentication_flow_diagnostics.yml
  • log: pipeline_administrative_and_operational_audit.yml
  • log: pipeline_identity_stores_diagnostics.yml
  • log: pipeline_posture_and_client_provisioning_audit.yml
  • log: pipeline_radius_diagnostics.yml
  • log: pipeline_mydevices.yml
  • log: pipeline_failed_attempts.yml
  • log: pipeline_policy_diagnostics.yml
  • log: pipeline_tacacs_accounting.yml
  • log: pipeline_system_statistics.yml
  • log: pipeline_internal_operations_diagnostics.yml
  • log: pipeline_radius_accounting.yml
  • log: pipeline_passed_authentications.yml
  • log: pipeline_threat_centric_nac.yml
  • log: pipeline_guest.yml
  • log: default.yml
• cisco_meraki cisco*: ensure event.kind is correctly set for pipeline errors #6600
  • events: default.yml
  • log: airmarshal.yml
  • log: events.yml
  • log: idsalerts.yml
  • log: flows.yml
  • log: urls.yml
  • log: ipflows.yml
  • log: default.yml
  • log: security.yml
• cisco_nexus cisco*: ensure event.kind is correctly set for pipeline errors #6600
  • log: pipeline_extract_message.yml
• cisco_secure_endpoint cisco*: ensure event.kind is correctly set for pipeline errors #6600
  • event: default.yml
• cisco_umbrella cisco*: ensure event.kind is correctly set for pipeline errors #6600
  • log: default.yml
• citrix_waf c*: ensure event.kind is correctly set for pipeline errors #6613
  • log: default.yml
  • log: cef.yml
  • log: native.yml
• cloudflare c*: ensure event.kind is correctly set for pipeline errors #6613
  • audit: default.yml
  • logpull: http.yml
• crowdstrike c*: ensure event.kind is correctly set for pipeline errors #6613
  • falcon: remote_response_session_end.yml
  • falcon: firewall_match.yml
  • falcon: remote_response_session_start.yml
  • falcon: auth_activity_audit.yml
  • falcon: user_activity_audit.yml
  • falcon: incident_summary.yml
  • falcon: default.yml
  • falcon: detection_summary.yml
  • fdr: default.yml
• cylance c*: ensure event.kind is correctly set for pipeline errors #6613
  • protect: default.yml
• darktrace [dfg]*: ensure event.kind is correctly set for pipeline errors #6614
  • ai_analyst_alert: default.yml
  • model_breach_alert: default.yml
  • system_status_alert: default.yml
• f5 [dfg]*: ensure event.kind is correctly set for pipeline errors #6614
  • bigipafm: default.yml
  • bigipapm: default.yml
• f5_bigip [dfg]*: ensure event.kind is correctly set for pipeline errors #6614
  • log: pipeline_bigipapm.yml
  • log: pipeline_bigipltm.yml
  • log: pipeline_bigipafm.yml
  • log: pipeline_bigipasm.yml
  • log: default.yml
  • log: pipeline_bigipavr.yml
• fim [dfg]*: ensure event.kind is correctly set for pipeline errors #6614
  • event: default.yml
• fireeye [dfg]*: ensure event.kind is correctly set for pipeline errors #6614
  • nx: renaming-raws.yml
  • nx: default.yml
• forcepoint_web [dfg]*: ensure event.kind is correctly set for pipeline errors #6614
  • logs: default.yml
• fortinet_forticlient [dfg]*: ensure event.kind is correctly set for pipeline errors #6614
  • log: default.yml
• fortinet_fortiedr [dfg]*: ensure event.kind is correctly set for pipeline errors #6614
  • log: default.yml
• fortinet_fortigate [dfg]*: ensure event.kind is correctly set for pipeline errors #6614
  • log: event.yml
  • log: traffic.yml
  • log: default.yml
  • log: utm.yml
• fortinet_fortimail [dfg]*: ensure event.kind is correctly set for pipeline errors #6614
  • log: pipeline_system.yml
  • log: pipeline_encryption.yml
  • log: pipeline_mail.yml
  • log: pipeline_history.yml
  • log: pipeline_antispam.yml
  • log: pipeline_antivirus.yml
• gcp [dfg]*: ensure event.kind is correctly set for pipeline errors #6614
  • audit: default.yml
  • cloudrun_metrics: default.yml
  • compute: default.yml
  • dataproc: default.yml
  • dns: default.yml
  • firestore: default.yml
  • firewall: default.yml
  • gke: default.yml
  • loadbalancing_logs: default.yml
  • loadbalancing_metrics: default.yml
  • pubsub: default.yml
  • redis: default.yml
  • storage: default.yml
  • vpcflow: default.yml
• github [dfg]*: ensure event.kind is correctly set for pipeline errors #6614
  • audit: default.yml
  • code_scanning: default.yml
  • dependabot: default.yml
  • issues: default.yml
  • secret_scanning: default.yml
• google_workspace [dfg]*: ensure event.kind is correctly set for pipeline errors #6614
  • admin: default.yml
  • alert: default.yml
  • drive: default.yml
  • groups: default.yml
  • login: default.yml
  • rules: default.yml
  • saml: default.yml
  • user_accounts: default.yml
• hashicorp_vault [hi]*: ensure event.kind is correctly set for pipeline errors #6616
  • audit: default.yml
  • log: json.yml
  • log: default.yml
  • metrics: default.yml
• hid_bravura_monitor [hi]*: ensure event.kind is correctly set for pipeline errors #6616
  • log: default.yml
  • winlog: default.yml
• imperva [hi]*: ensure event.kind is correctly set for pipeline errors #6616
  • securesphere: default.yml
• infoblox_bloxone_ddi [hi]*: ensure event.kind is correctly set for pipeline errors #6616
  • dhcp_lease: default.yml
  • dns_config: default.yml
  • dns_data: default.yml
• infoblox_nios [hi]*: ensure event.kind is correctly set for pipeline errors #6616
  • log: pipeline_dns.yml
  • log: pipeline_dhcp.yml
  • log: pipeline_audit.yml
  • log: default.yml
• iptables iptables: ensure event.kind is correctly set for pipeline errors #6642 (attempted in [hi]*: ensure event.kind is correctly set for pipeline errors #6616 — see note in revert)
  • log: default.yml
• jamf_compliance_reporter jamf_compliance_reporter: ensure event.kind is correctly set for pipeline errors #6615
  • log: pipeline_hardware_event.yml
  • log: pipeline_gatekeeper_info_event.yml
  • log: pipeline_audio_video_device_event.yml
  • log: pipeline_aue_bind_and_aue_connect.yml
  • log: pipeline_signal_event.yml
  • log: pipeline_gatekeeper_manual_overrides.yml
  • log: pipeline_aue_chdir.yml
  • log: pipeline_aue_listen.yml
  • log: pipeline_aue_fork.yml
  • log: pipeline_aue_unmount.yml
  • log: pipeline_aue_tasknameforpid.yml
  • log: pipeline_aue_pidfortask.yml
  • log: pipeline_aue_accept.yml
  • log: pipeline_aue_remove_from_group_and_aue_mac_set_proc.yml
  • log: pipeline_aue_ptrace.yml
  • log: pipeline_aue_arguments.yml
  • log: pipeline_aue_execve.yml
  • log: pipeline_aue_exit.yml
  • log: pipeline_aue_socketpair.yml
  • log: pipeline_process_object.yml
  • log: pipeline_aue_ssauthint.yml
  • log: pipeline_exec_chain_child_object.yml
  • log: pipeline_audit_class_verification_event.yml
  • log: pipeline_aue_posix_spawn.yml
  • log: pipeline_prohibited_app_blocked.yml
  • log: pipeline_preference_list_event.yml
  • log: pipeline_xprotect_definitions_version_info.yml
  • log: pipeline_gatekeeper_quarantine_log.yml
  • log: pipeline_compliance_reporter_tamper_event_and_file_event_info.yml
  • log: pipeline_aue_session.yml
  • log: pipeline_aue_taskforpid.yml
  • log: pipeline_identity_object.yml
  • log: pipeline_unified_log_event.yml
  • log: pipeline_event.yml
  • log: pipeline_aue_mount.yml
  • log: pipeline_aue_kill.yml
  • log: pipeline_app_metrics.yml
  • log: pipeline_xprotect_event_log.yml
  • log: pipeline_print_event_information.yml
  • log: pipeline_aue_wait4.yml
  • log: pipeline_license_info_event.yml
  • log: default.yml
  • log: pipeline_aue_logout.yml
  • log: pipeline_aue_chroot.yml
  • log: pipeline_audit.yml
  • log: pipeline_aue_setpriority.yml
  • log: pipeline_aue_auth.yml
• jumpcloud [jkl]*: ensure event.kind is correctly set for pipeline errors #6617
  • events: default.yml
• juniper_junos [jkl]*: ensure event.kind is correctly set for pipeline errors #6617
  • log: default.yml
• juniper_netscreen [jkl]*: ensure event.kind is correctly set for pipeline errors #6617
  • log: default.yml
• keycloak [jkl]*: ensure event.kind is correctly set for pipeline errors #6617
  • log: default.yml
  • log: events.yml
• lastpass [jkl]*: ensure event.kind is correctly set for pipeline errors #6617
  • detailed_shared_folder: default.yml
  • event_report: default.yml
  • user: default.yml
• lyve_cloud [jkl]*: ensure event.kind is correctly set for pipeline errors #6617
  • audit: default.yml
  • audit: audit_lc.yml
• m365_defender m*: ensure event.kind is correctly set for pipeline errors #6661
  • event: pipeline_device.yml
  • event: pipeline_email.yml
  • event: pipeline_app_and_identity.yml
  • event: default.yml
  • event: pipeline_alert.yml
  • incident: default.yml
  • log: default.yml
• mattermost m*: ensure event.kind is correctly set for pipeline errors #6661
  • audit: default.yml
• microsoft_defender_endpoint m*: ensure event.kind is correctly set for pipeline errors #6661
  • log: default.yml
• microsoft_dhcp m*: ensure event.kind is correctly set for pipeline errors #6661
  • log: default.yml
  • log: dhcpv6.yml
  • log: dhcp.yml
• microsoft_exchange_online_message_trace m*: ensure event.kind is correctly set for pipeline errors #6661
  • log: default.yml
• mimecast [mimecast] Ensure event.kind is correctly set for pipeline errors #6627
  • audit_events: default.yml
  • dlp_logs: default.yml
  • siem_logs: default.yml
  • threat_intel_malware_customer: default.yml
  • threat_intel_malware_grid: default.yml
  • ttp_ap_logs: default.yml
  • ttp_ip_logs: default.yml
  • ttp_url_logs: default.yml
• modsecurity [modsecurity] Ensure event.kind is correctly set for pipeline errors #6672
  • auditlog: apache-modsec.yml
  • auditlog: nginx-modsec.yml
• mysql_enterprise m*: ensure event.kind is correctly set for pipeline errors #6661
  • audit: default.yml
• netflow [netflow] Ensure event.kind is correctly set for pipeline errors #6628
  • log: default.yml
• netscout [np]*: ensure event.kind is correctly set for pipeline errors #6662
  • sightline: default.yml
• netskope [np]*: ensure event.kind is correctly set for pipeline errors #6662
  • alerts: default.yml
  • events: default.yml
• network_traffic [network_traffic] Ensure event.kind is correctly set for pipeline errors #6641
  • amqp: default.yml
  • amqp: geoip.yml
  • cassandra: geoip.yml
  • cassandra: default.yml
  • dhcpv4: default.yml
  • dhcpv4: geoip.yml
  • dns: default.yml
  • dns: geoip.yml
  • flow: geoip.yml
  • flow: default.yml
  • http: default.yml
  • http: geoip.yml
  • icmp: default.yml
  • icmp: geoip.yml
  • memcached: default.yml
  • memcached: geoip.yml
  • mongodb: default.yml
  • mongodb: geoip.yml
  • mysql: default.yml
  • mysql: geoip.yml
  • nfs: default.yml
  • nfs: geoip.yml
  • pgsql: default.yml
  • pgsql: geoip.yml
  • redis: default.yml
  • redis: geoip.yml
  • sip: default.yml
  • sip: geoip.yml
  • thrift: geoip.yml
  • thrift: default.yml
  • tls: default.yml
  • tls: geoip.yml
• o365 [o365] Ensure event.kind is correctly set for pipeline errors #6626
  • audit: default.yml
• osquery [osquery] Ensure event.kind is correctly set for pipeline errors #6640
  • result: default.yml
• panw_cortex_xdr [np]*: ensure event.kind is correctly set for pipeline errors #6662
  • alerts: default.yml
• panw [np]*: ensure event.kind is correctly set for pipeline errors #6662
  • panos: sctp.yml
  • panos: hipmatch.yml
  • panos: authentication.yml
  • panos: correlated_event.yml
  • panos: config.yml
  • panos: ip_tag.yml
  • panos: system.yml
  • panos: traffic.yml
  • panos: gtp.yml
  • panos: userid.yml
  • panos: globalprotect.yml
  • panos: tunnel_inspection.yml
  • panos: threat.yml
  • panos: decryption.yml
  • panos: default.yml
• pfsense [np]*: ensure event.kind is correctly set for pipeline errors #6662
  • log: ipsec.yml
  • log: openvpn.yml
  • log: haproxy.yml
  • log: php-fpm.yml
  • log: squid.yml
  • log: unbound.yml
  • log: firewall.yml
  • log: default.yml
  • log: dhcp.yml
• ping_one [np]*: ensure event.kind is correctly set for pipeline errors #6662
  • audit: default.yml
• proofpoint_tap [np]*: ensure event.kind is correctly set for pipeline errors #6662
  • clicks_blocked: default.yml
  • clicks_permitted: default.yml
  • message_blocked: default.yml
  • message_delivered: default.yml
• pulse_connect_secure [np]*: ensure event.kind is correctly set for pipeline errors #6662
  • log: default.yml
• qnap_nas [qrs]*: ensure event.kind is correctly set for pipeline errors #6663
  • log: default.yml
• radware [qrs]*: ensure event.kind is correctly set for pipeline errors #6663
  • defensepro: default.yml
• santa [qrs]*: ensure event.kind is correctly set for pipeline errors #6663
  • log: default.yml
• sentinel_one [qrs]*: ensure event.kind is correctly set for pipeline errors #6663
  • activity: default.yml
  • agent: default.yml
  • alert: default.yml
  • group: default.yml
  • threat: default.yml
• slack [qrs]*: ensure event.kind is correctly set for pipeline errors #6663
  • audit: default.yml
• snort [qrs]*: ensure event.kind is correctly set for pipeline errors #6663
  • log: json.yml
  • log: plaintext.yml
  • log: default.yml
• snyk [qrs]*: ensure event.kind is correctly set for pipeline errors #6663
  • audit: default.yml
  • vulnerabilities: default.yml
• sonicwall_firewall [qrs]*: ensure event.kind is correctly set for pipeline errors #6663
  • log: default.yml
• sophos [qrs]*: ensure event.kind is correctly set for pipeline errors #6663
  • utm: default.yml
  • xg: idp.yml
  • xg: event.yml
  • xg: waf.yml
  • xg: wifi.yml
  • xg: sandstorm.yml
  • xg: antispam.yml
  • xg: systemhealth.yml
  • xg: firewall.yml
  • xg: atp.yml
  • xg: default.yml
  • xg: cfilter.yml
  • xg: antivirus.yml
• sophos_central [qrs]*: ensure event.kind is correctly set for pipeline errors #6663
  • alert: default.yml
  • event: default.yml
• squid [qrs]*: ensure event.kind is correctly set for pipeline errors #6663
  • log: default.yml
• suricata [Suricata] Ensure event.kind is correctly set for pipeline errors #6625
  • eve: dns.yml
  • eve: tls.yml
  • eve: dns-answer-v2.yml
  • eve: dns-answer-v1.yml
  • eve: default.yml
• symantec_endpoint [qrs]*: ensure event.kind is correctly set for pipeline errors #6663
  • log: default.yml
• sysmon_linux [qrs]*: ensure event.kind is correctly set for pipeline errors #6663
  • log: default.yml
• system_audit [system_audit] Ensure event.kind is correctly set for pipeline errors #6639
  • package: default.yml
• tanium [tanium] Ensure event.kind is correctly set for pipeline errors #6660
  • action_history: default.yml
  • client_status: default.yml
  • discover: default.yml
  • endpoint_config: default.yml
  • reporting: default.yml
  • threat_response: default.yml
  • threat_response: pipeline_payload.yml
• tenable_sc [tenable_sc] Ensure event.kind is correctly set for pipeline errors #6659
  • asset: default.yml
  • plugin: default.yml
  • vulnerability: default.yml
• thycotic_ss [thycotic_ss] Ensure event.kind is correctly set for pipeline errors #6658
  • logs: default.yml
• ti_abusech [ti_abusech] Ensure event.kind is correctly set for pipeline errors #6629
  • malware: default.yml
  • malwarebazaar: default.yml
  • threatfox: default.yml
  • url: default.yml
• ti_anomali [ti_anomali] Ensure event.kind is correctly set for pipeline errors #6630
  • threatstream: default.yml
• ti_cif3 [ti_cif3] Ensure event.kind is correctly set for pipeline errors #6631
  • feed: default.yml
• ti_cybersixgill [ti_cybersixgill] Ensure event.kind is correctly set for pipeline errors #6632
  • threat: default.yml
• ti_misp [ti_misp] Ensure event.kind is correctly set for pipeline errors #6633
  • threat: default.yml
  • threat_attributes: default.yml
• ti_otx [ti_otx] Ensure event.kind is correctly set for pipeline errors #6634
  • threat: default.yml
• ti_rapid7_threat_command [ti_rapid7_threat_command] Ensure event.kind is correctly set for pipeline errors #6635
  • alert: default.yml
  • ioc: default.yml
  • vulnerability: default.yml
  • ti_rapid7_command-cve-rule-transform-pipeline.yml
  • ti_rapid7_command-ioc-rule-transform-pipeline.yml
  • ti_rapid7_command-uinque-ioc-transform-pipeline.yml
• ti_recordedfuture [ti_recordedfuture] Ensure event.kind is correctly set for pipeline errors #6636
  • threat: decode_csv.yml
  • threat: default.yml
• ti_threatq [ti_threatq] Ensure event.kind is correctly set for pipeline errors #6637
  • threat: default.yml
• tines [tines] Ensure event.kind is correctly set for pipeline errors #6655
  • audit_logs: default.yml
  • time_saved: default.yml
• trendmicro [trendmicro] Ensure event.kind is correctly set for pipeline errors #6656
  • deep_security: malware-event.yml
  • deep_security: log-inspection.yml
  • deep_security: system-event.yml
  • deep_security: integrity-monitoring-event.yml
  • deep_security: web-reputation.yml
  • deep_security: default.yml
  • deep_security: application-control-event.yml
  • deep_security: intrusion-prevention-event.yml
  • deep_security: firewall-event.yml
• trend_micro_vision_one [trend_micro_vision_one] Ensure event.kind is correctly set for pipeline errors #6657
  • alert: default.yml
  • audit: default.yml
  • detection: default.yml
• windows [Windows] Ensure event.kind is correctly set for pipeline errors #6612
  • forwarded: default.yml
• zeek [zeek] Ensure event.kind is correctly set for pipeline errors #6638
  • capture_loss: default.yml
  • capture_loss: third-party.yml
  • connection: third-party.yml
  • connection: default.yml
  • dce_rpc: third-party.yml
  • dce_rpc: default.yml
  • dhcp: default.yml
  • dhcp: third-party.yml
  • dnp3: third-party.yml
  • dnp3: default.yml
  • dns: third-party.yml
  • dns: default.yml
  • dpd: third-party.yml
  • dpd: default.yml
  • files: third-party.yml
  • files: default.yml
  • ftp: third-party.yml
  • ftp: default.yml
  • http: third-party.yml
  • http: default.yml
  • intel: third-party.yml
  • intel: default.yml
  • irc: third-party.yml
  • irc: default.yml
  • kerberos: third-party.yml
  • kerberos: default.yml
  • known_certs: default.yml
  • known_hosts: default.yml
  • known_services: default.yml
  • modbus: third-party.yml
  • modbus: default.yml
  • mysql: default.yml
  • mysql: third-party.yml
  • notice: third-party.yml
  • notice: default.yml
  • ntlm: third-party.yml
  • ntlm: default.yml
  • ntp: third-party.yml
  • ntp: default.yml
  • ocsp: third-party.yml
  • ocsp: default.yml
  • pe: third-party.yml
  • pe: default.yml
  • radius: third-party.yml
  • radius: default.yml
  • rdp: third-party.yml
  • rdp: default.yml
  • rfb: default.yml
  • rfb: third-party.yml
  • signature: third-party.yml
  • signature: default.yml
  • sip: default.yml
  • sip: third-party.yml
  • smb_cmd: third-party.yml
  • smb_cmd: default.yml
  • smb_files: third-party.yml
  • smb_files: default.yml
  • smb_mapping: third-party.yml
  • smb_mapping: default.yml
  • smtp: third-party.yml
  • smtp: default.yml
  • snmp: third-party.yml
  • snmp: default.yml
  • socks: third-party.yml
  • socks: default.yml
  • software: default.yml
  • ssh: third-party.yml
  • ssh: default.yml
  • ssl: third-party.yml
  • ssl: default.yml
  • stats: third-party.yml
  • stats: default.yml
  • syslog: third-party.yml
  • syslog: default.yml
  • traceroute: third-party.yml
  • traceroute: default.yml
  • tunnel: default.yml
  • tunnel: third-party.yml
  • weird: third-party.yml
  • weird: default.yml
  • x509: default.yml
  • x509: third-party.yml
• zerofox [zerofox] Ensure event.kind is correctly set for pipeline errors #6654
  • alerts: default.yml
• zoom [zoom] Ensure event.kind is correctly set for pipeline errors #6653
  • webhook: chat_message.yml
  • webhook: webinar.yml
  • webhook: meeting.yml
  • webhook: zoomroom.yml
  • webhook: account.yml
  • webhook: user.yml
  • webhook: recording.yml
  • webhook: chat_channel.yml
  • webhook: default.yml
  • webhook: phone.yml
• zscaler_zia [zscaler_zia] Ensure event.kind is correctly set for pipeline errors #6652
  • alerts: default.yml
  • dns: default.yml
  • firewall: default.yml
  • tunnel: default.yml
  • web: default.yml
• zscaler_zpa [zscaler_zpa] Ensure event.kind is correctly set for pipeline errors #6651
  • app_connector_status: default.yml
  • audit: default.yml
  • browser_access: default.yml
  • user_activity: default.yml
  • user_status: default.yml
• zeronetworks [zeronetworks] Ensure event.kind is correctly set for pipeline errors #6650
  • audit: default.yml

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

[MakoWish]

@efd6,

Want me to start knocking some of these out? I won't have permissions to check boxes above, but I could refer to this issue for whichever PR's I create.

[efd6]

@MakoWish You are welcome to pick up any that are important to you.