53 Pull requests merged by 21 people

• [Security Rules] Update security rules package to v9.0.4

  #13815 merged May 7, 2025

• [Security Rules] Update security rules package to v8.18.4

  #13814 merged May 7, 2025

• [Security Rules] Update security rules package to v8.17.11

  #13813 merged May 7, 2025

• [Security Rules] Update security rules package to v8.16.13

  #13812 merged May 7, 2025

• [Security Rules] Update security rules package to v8.18.4-beta.1

  #13809 merged May 7, 2025

• [Security Rules] Update security rules package to v8.17.11-beta.1

  #13808 merged May 7, 2025

• [Security Rules] Update security rules package to v8.16.13-beta.1

  #13807 merged May 7, 2025

• [Security Rules] Update security rules package to v9.0.4-beta.1

  #13810 merged May 7, 2025

• beyondinsight_password_safe: improve error reporting for API request failures

  #13796 merged May 6, 2025

• [Security Solution] Security AI Prompts

  #13323 merged May 6, 2025

• #11767 - Remove deprecated httpjson from packages zeek, apache, system, windows, aws.cloudtrail and nginx

  #13246 merged May 6, 2025

• Remove event.original processors from several remaining integrations part 1

  #13521 merged May 6, 2025

• build(deps): bump golang.org/x/tools from 0.32.0 to 0.33.0

  #13803 merged May 6, 2025

• o365: improve clarity of CEL code

  #13795 merged May 6, 2025

• [Integrations docs] Fix mispelled word on the screenshot

  #13789 merged May 6, 2025

• [crowdstrike] Improve device.id ECS mapping for FDR data stream

  #13762 merged May 6, 2025

• [Crowdstrike] Fix navigation links in Table of Contents section

  #13763 merged May 6, 2025

• [Cloudflare Logpush] Fix data type for http_request.bot.detection_tags field

  #13581 merged May 6, 2025

• catalog-info: grant manage access to the CI robots team

  #13792 merged May 5, 2025

• #11810 Enabling Agentless for AWS Security Hub

  #13367 merged May 5, 2025

• build(deps): bump updatecli/updatecli-action from 2.82.0 to 2.83.0

  #13791 merged May 5, 2025

• [zeek] Fix date parsing error for smtp logs

  #13780 merged May 5, 2025

• [hpe_aruba_cx] Initial Release for HPE Aruba CX

  #13689 merged May 5, 2025

• [Atlassian JIRA and Atlassian Confluence] Fix Time Parsing in Cursor Logic

  #13784 merged May 5, 2025

• [Pulse Connect Secure] Add Support of Dashboard

  #13747 merged May 5, 2025

• opencanary: do not test redact-enabled pipeline

  #13551 merged May 4, 2025

• sentinel_one_cloud_funnel: ensure that []-indexes are null safe

  #13711 merged May 4, 2025

• entityanalytics_okta,okta: record okta domain into host.name in ingested documents

  #13721 merged May 4, 2025

• [google_workspace] Handle lag time

  #13703 merged May 4, 2025

• [system/process][system/process_summary] Add support degrade_on_partial

  #13074 merged May 4, 2025

• [fortinet_fortigate] Set bad URL to url.original

  #13767 merged May 2, 2025

• [Cloud Security] Fix Cloud Asset Inventory dataview name

  #13768 merged May 2, 2025

• [azure_frontdoor] Clarify supported log types in README

  #13727 merged May 2, 2025

• ti_abusech: Increase memory for agentless deployment

  #13760 merged May 2, 2025

• [symantec_endpoint_security] Event mapping improvements

  #13671 merged May 2, 2025

• [Swimlane] New integration

  #13499 merged May 2, 2025

• [Azure OpenAI] Add support for dynamically loading content filter categories

  #13675 merged May 2, 2025

• [Cloud Security] Change Cloud Asset Inventory to Cloud Asset Discovery

  #13748 merged May 1, 2025

• ssi: ensure request trace is off by default

  #13712 merged Apr 30, 2025

• entityanalytics_ad: map user group details to ecs fields

  #13550 merged Apr 30, 2025

• [Security Rules] Update security rules package to v9.0.3

  #13744 merged Apr 30, 2025

• [Security Rules] Update security rules package to v8.18.3

  #13743 merged Apr 30, 2025

• [Security Rules] Update security rules package to v8.17.10

  #13742 merged Apr 30, 2025

• [Security Rules] Update security rules package to v8.16.12

  #13741 merged Apr 30, 2025

• [Bug]Fixed missing template_path for google_cloud_storage elastic connector

  #13719 merged Apr 30, 2025

• [Security Rules] Update security rules package to v9.0.3-beta.1

  #13737 merged Apr 30, 2025

• [Security Rules] Update security rules package to v8.18.3-beta.1

  #13736 merged Apr 30, 2025

• [Security Rules] Update security rules package to v8.17.10-beta.1

  #13735 merged Apr 30, 2025

• [Security Rules] Update security rules package to v8.16.12-beta.1

  #13734 merged Apr 30, 2025

• [Cloud Asset Inventory] Add required_vars

  #13714 merged Apr 30, 2025

• abnormal_security: fix navigation between dashboards in tables of content

  #13643 merged Apr 30, 2025

• [netskope] Ignore empty string values for ml_detection and is_web_universal_connector

  #13649 merged Apr 30, 2025

• [google_workspace] Add new data stream: vault

  #13662 merged Apr 30, 2025

27 Pull requests opened by 19 people

• [mattermost] Add Support of Dashboard

  #13731 opened Apr 30, 2025

• [google_workspace] Add google meet data stream

  #13732 opened Apr 30, 2025

• Gigamon: ZT and OT dashboards added and Renaming of NPM Dashboards to Network Telemetry Insights.

  #13733 opened Apr 30, 2025

• [crowdstrike] Reset state values to overcome error in vulnerability data collection.

  #13740 opened Apr 30, 2025

• [GreyNoise] Add Integration Package

  #13745 opened Apr 30, 2025

• [Cisco Secure Endpoint] Add Dashboard

  #13746 opened Apr 30, 2025

• entityanalytics_okta: add user roles collection support

  #13750 opened May 1, 2025

• feat: [journald] add support for condition

  #13753 opened May 1, 2025

• zscaler_zpa: fix handling of multiple remote IPs, and event categorisation

  #13755 opened May 1, 2025

• Use journald input by default when running system integration for SLES 15-SP6

  #13759 opened May 2, 2025

• [okta] Fix dashboard filters

  #13761 opened May 2, 2025

• [System] Add pipeline for AD FS Auditing to security data stream.

  #13765 opened May 2, 2025

• [Fleet Server] Added support for the fleet scalability settings as direct toggles in fleet ui

  #13766 opened May 2, 2025

• [M365 Defender] Improve response action support in event dataset.

  #13769 opened May 3, 2025

• gcp: remove never-successful violation field renames

  #13777 opened May 4, 2025

• crowdstrike: improve falcon data stream document collision behaviour

  #13779 opened May 5, 2025

• Align datatypes with ECS

  #13781 opened May 5, 2025

• Add enable_batch_api option in azure resource metrics

  #13783 opened May 5, 2025

• [GreyNoise] Add transform pipeline for package

  #13786 opened May 5, 2025

• bk: use OIDC to create AWS cloud resources

  #13790 opened May 5, 2025

• Add support of Vertex AI Audit Logs

  #13799 opened May 6, 2025

• [Falco] Fix Conflicting Field Types

  #13800 opened May 6, 2025

• Test elastic-package#2572 - DO NOT MERGE

  #13801 opened May 6, 2025

• [system][fsstat] - Add support for ignore_types

  #13802 opened May 6, 2025

• github-action: add catalog-validate for GitHub actions

  #13804 opened May 6, 2025

• [Cloud Security] Backport cloud security posture 1.13: remove GCP project and org Id from validation

  #13806 opened May 6, 2025

• [cisco_ios] Improve hostname parsing

  #13816 opened May 7, 2025

31 Issues closed by 11 people

• beyondinsight_password_safe: improve error handling in agent collector programs

  #13794 closed May 6, 2025

• [fortinet_fortigate]: pipeline-error unable to parse URI error.message

  #11321 closed May 6, 2025

• Remove Deprecated "Collect Logs from third-party REST API" for 9.0

  #11767 closed May 6, 2025

• [Wiz Integration] - Doc update

  #11520 closed May 6, 2025

• Documentation changes for SSL nodes for integrations owned by security-service-integrations

  #12700 closed May 6, 2025

• [o365] multi-tenancy failing

  #1759 closed May 6, 2025

• [Crowdstrike]: Nav Panel Links do not work

  #13616 closed May 6, 2025

• [Cloudflare Logpush]: Wrong mapping on field cloudflare_logpush.http_request.bot.detection_tags

  #13477 closed May 6, 2025

• [Subscription basic] [opencanary] Failing test daily: pipeline test: test-events.log in opencanary.events

  #13503 closed May 6, 2025

• [New Integration] Add support for Aruba network device logs

  #5255 closed May 5, 2025

• [Sentinel One Cloud Funnel]: Cannot access field from null reference -- isStorylineRoot

  #13709 closed May 4, 2025

• [Google Workspace] Incorrect logic for paginating through out-of-order data

  #13081 closed May 4, 2025

• [symantec_endpoint_security] Comprehensive mapping updates for various SES events

  #13476 closed May 2, 2025

• [Azure Firewall]: Unable to config the integration via eck-stack chart

  #13430 closed May 2, 2025

• Support Healthwatch 2.2 in Cloud Foundry package

  #5056 closed May 1, 2025

• [ITF] Issues faced while running All On Cloud Use case for various integrations

  #8364 closed May 1, 2025

• New Integration Request: Admin By Request

  #10404 closed May 1, 2025

• [ITF][Couchbase][All On Cloud Use Case] Integration policy is not getting created while bringing up the integration

  #8380 closed May 1, 2025

• [BUG] Enable Request Tracer Defaults to null causing request tracing to be collected

  #13710 closed Apr 30, 2025

• [EA Active Directory 0.12.0]: Add support for ECS `user.group` fields

  #13511 closed Apr 30, 2025

• Incorrect Fields Leveraged for AWS RDS Dashboard

  #5117 closed Apr 30, 2025

• [ITF][Oracle WebLogic][All On Cloud Use Case] Facing data collection errors on bringing up the integration

  #8378 closed Apr 30, 2025

• [ITF][Cassandra][All On Cloud Use Case] Facing data collection errors on bringing up the integration

  #8363 closed Apr 30, 2025

• [azure_frontdoor] waf ingest pipeline does not parse correctly to ECS Fields

  #7017 closed Apr 30, 2025

• Qualys VMDR: Implement mappings for Cloud Security Workflows

  #13728 closed Apr 30, 2025

• [meta] Qualys VMDR: Enhancement to leverage cloud workflows

  #11673 closed Apr 30, 2025

• [Serverless observability] [qualys_vmdr] Failing test daily: pipeline test: test-asset-host-detection.log in qualys_vmdr.asset_host_detection

  #13282 closed Apr 30, 2025

• [Serverless security] [qualys_vmdr] Failing test daily: pipeline test: test-knowledge-base.log in qualys_vmdr.knowledge_base

  #13292 closed Apr 30, 2025

• [Serverless security] [qualys_vmdr] Failing test daily: pipeline test: test-asset-host-detection.log in qualys_vmdr.asset_host_detection

  #13291 closed Apr 30, 2025

• [Serverless observability] [qualys_vmdr] Failing test daily: pipeline test: test-knowledge-base.log in qualys_vmdr.knowledge_base

  #13281 closed Apr 30, 2025

• [Google Workspace]: Add support for Vault event type

  #13624 closed Apr 30, 2025

35 Issues opened by 15 people

• [Stack 9.1.0-SNAPSHOT] [nats] Failing test daily: system test: default (variant: v2) in nats.connection

  #13821 opened May 7, 2025

• [Stack 9.1.0-SNAPSHOT] [nats] Failing test daily: system test: default (variant: v1) in nats.connection

  #13820 opened May 7, 2025

• [Stack 9.1.0-SNAPSHOT] [nats] Failing test daily: system test: default (variant: v2) in nats.stats

  #13819 opened May 7, 2025

• [Stack 9.1.0-SNAPSHOT] [nats] Failing test daily: system test: default (variant: v1) in nats.stats

  #13818 opened May 7, 2025

• [Stack 9.1.0-SNAPSHOT] [crowdstrike] Failing test daily: system test: (elastic-agent logs - default) in crowdstrike.fdr

  #13817 opened May 7, 2025

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [cassandra] Failing test daily: system test: default (variant: v3.11.11) in cassandra.log

  #13811 opened May 7, 2025

• [LogsDB] [Subscription basic] [mysql] Failing test daily: system test: default (variant: percona_8_0_36) in mysql.status

  #13798 opened May 6, 2025

• [Stack 9.1.0-SNAPSHOT] [hpe_aruba_cx] Failing test daily: system test: filestream in hpe_aruba_cx.log

  #13797 opened May 6, 2025

• [Cisco Duo]: receiving error messages for Auth Logs

  #13793 opened May 5, 2025

• [Feature Request] SAP integrations

  #13788 opened May 5, 2025

• [Feature Request] Cisco Catalyst Center (DNA Center) Integration

  #13787 opened May 5, 2025

• [linux]: Linux Metrics Pageinfo can throw `illegal_argument_exception`

  #13785 opened May 5, 2025

• [Infoblox NIOS]: error.message Processor 'convert' with tag '' in pipeline logs-infoblox_nios.log-1.29.0-pipeline_audit failed with message ''2001\1234\1234\1234\1235\1234' is not an IP string literal.'

  #13782 opened May 5, 2025

• [Stack 9.1.0-SNAPSHOT] [aws] Failing test daily: system test: (elastic-agent logs - default) in aws.vpcflow

  #13778 opened May 5, 2025

• Rapid7 InsightVM: Implement transform for Cloud Security Workflows

  #13776 opened May 4, 2025

• Rapid7 Insight VM: Implement mappings for Cloud Security Workflows

  #13775 opened May 4, 2025

• [Subscription basic] [mysql] Failing test daily: system test: default (variant: percona_8_0_36) in mysql.performance

  #13774 opened May 4, 2025

• [LogsDB] [Subscription basic] [mysql] Failing test daily: system test: default (variant: percona_8_0_36) in mysql.replica_status

  #13773 opened May 4, 2025

• [LogsDB] [Subscription basic] [mysql] Failing test daily: system test: default (variant: mysql_8_0_35) in mysql.replica_status

  #13772 opened May 4, 2025

• [LogsDB] [Subscription basic] [apache_tomcat] Failing test daily: system test: default (variant: v10.1.5) in apache_tomcat.catalina

  #13771 opened May 4, 2025

• [Stack 8.19.0-SNAPSHOT] [network_traffic] Failing test daily: system test: dns-mx in network_traffic.dns

  #13770 opened May 4, 2025

• [Varonis]: Ingest Pipeline Error

  #13764 opened May 2, 2025

• [LogsDB] [Subscription basic] [mysql] Failing test daily: system test: default (variant: mysql_8_0_35) in mysql.performance

  #13758 opened May 2, 2025

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [aws] Failing test daily: system test: default in aws.s3access

  #13757 opened May 2, 2025

• [FireEye Network Security]: ECS Fields Missing

  #13756 opened May 2, 2025

• [Zscaler Private Access]: audit data stream does not tolerate remoteIP lists

  #13754 opened May 1, 2025

• [Prometheus]: Add username, password and SSL related fields for `query` dataset

  #13751 opened May 1, 2025

• [keycloak]: Change Keycloak ingest pipeline to support ECS log support from v26.2.0

  #13749 opened May 1, 2025

• [Microsoft M365 Defender]: Events failing to parse due to index mappings since upgrade to v2.23.0

  #13739 opened Apr 30, 2025

• [pfsense] Parsing errors when rule action is Match

  #13738 opened Apr 30, 2025

• [Cisco DUO]: Add proxy setting for API v1 and v2

  #13730 opened Apr 30, 2025

• [Azure Frontdoor]: Add support for health probe log

  #13729 opened Apr 30, 2025

• [Subscription basic] [mysql] Failing test daily: system test: default (variant: percona_8_0_36) in mysql.replica_status

  #13726 opened Apr 30, 2025

• [Subscription basic] [apache_spark] Failing test daily: system test: metric (variant: v3.2.0) in apache_spark.executor

  #13725 opened Apr 30, 2025

• [LogsDB] [Subscription basic] [couchdb] Failing test daily: system test: metric in couchdb.server

  #13724 opened Apr 30, 2025

149 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• [miniflux] New integration

  #13631 commented on May 7, 2025 • 32 new comments

• [vectra_cloud] Initial release of the Vectra Cloud

  #13646 commented on May 6, 2025 • 31 new comments

• [ti_recordedfuture] Add Support for Legacy and Playbook Alerts

  #13494 commented on May 5, 2025 • 18 new comments

• [DOCS] Part 1 - Remove duplicated installation instructions

  #13573 commented on May 6, 2025 • 17 new comments

• tenable_io: Add mappings and transform for Cloud Detection and Response (CDR) workflow

  #13636 commented on May 7, 2025 • 15 new comments

• [Cloudflare] Use CEL input to add support for token authorization in Audit log data stream

  #13698 commented on May 7, 2025 • 14 new comments

• tencent_cloud: Add new datastreams

  #13565 commented on May 7, 2025 • 10 new comments

• OTel Metrics for Docker Stats

  #13018 commented on May 5, 2025 • 10 new comments

• [panw_cortex_xdr] Add event data stream and dashboards of incident and alert

  #13680 commented on May 6, 2025 • 10 new comments

• [O365 Metrics] Fix Teams Call Quality cel code in case of multiple page responses & restructure field names

  #13132 commented on May 6, 2025 • 8 new comments

• [Tenable OT Security] Fix field type of `message` field

  #13723 commented on May 6, 2025 • 6 new comments

• [FireEye] Add Overview Dashboard

  #13713 commented on May 7, 2025 • 3 new comments

• [M365 Defender] Add support of vulnerability data-stream

  #13595 commented on May 6, 2025 • 3 new comments

• [Google Threat Intelligence] Add Integration Package

  #13189 commented on May 4, 2025 • 2 new comments

• [netflow] Expand the tcp_control_bits into the relevant flag names

  #13307 commented on May 6, 2025 • 1 new comment

• [Falco] Split datastream based on CNCF or agent-based ingest type

  #12896 commented on May 6, 2025 • 1 new comment

• [Stack 8.19.0-SNAPSHOT] [google_workspace] Failing test daily: system test: default in google_workspace.saml

  #12978 commented on May 6, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [bitwarden] Failing test daily: pipeline test: test-policy.log in bitwarden.policy

  #13205 commented on May 6, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [box_events] Failing test daily: pipeline test: test-anomalous-download.log in box_events.events

  #13206 commented on May 6, 2025 • 0 new comments

• Support processing of AD FS logs with the system integration

  #11539 commented on Apr 30, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [aws] Failing test daily: system test: default in aws.route53_resolver_logs

  #12980 commented on May 6, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [cisco_umbrella] Failing test daily: system test: default in cisco_umbrella.log

  #13004 commented on May 6, 2025 • 0 new comments

• Use 'terminate' processor instead of 'fail'

  #12083 commented on May 6, 2025 • 0 new comments

• [USN Journal]: Ingest and parse USN journal file

  #13154 commented on May 6, 2025 • 0 new comments

• [TI Recorded Future] Request gzip compressed CSV

  #6011 commented on May 6, 2025 • 0 new comments

• [qualys_was] Additional Datastream - web applications

  #13570 commented on May 6, 2025 • 0 new comments

• Ensure Consistency Across Ingested Data for Analyzer Development

  #12562 commented on May 6, 2025 • 0 new comments

• Change Rapid7 InsightVM integration to one doc per vulnerability

  #9354 commented on May 6, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [cisco_umbrella] Failing test daily: system test: default in cisco_umbrella.log

  #13432 commented on May 6, 2025 • 0 new comments

• ti_abusech: Update Fleet status message on API 402

  #13718 commented on May 2, 2025 • 0 new comments

• [ GCP ] The field gcp.audit.authorization_info in the Audit Logs is mapped as nested, but should be mapped as flattened

  #13695 commented on May 6, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [teleport] Failing test daily: system test: filestream in teleport.audit

  #13556 commented on May 6, 2025 • 0 new comments

• [LastPass] Update data collection after resolve request_body_on_pagination issue

  #4256 commented on May 6, 2025 • 0 new comments

• ti_threatconnect: revise pagination and cursor logic in agent config

  #13336 commented on May 6, 2025 • 0 new comments

• [opencanary]: Various bug fixes / enhancements

  #13025 commented on May 6, 2025 • 0 new comments

• [entityanalytics_ad.user]: Unable to select OU other then Users

  #13055 commented on May 6, 2025 • 0 new comments

• [entityanalytics_ad]: Support to Computer Object Collection

  #13176 commented on May 6, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [qualys_vmdr] Failing test daily: pipeline test: test-knowledge-base.log in qualys_vmdr.knowledge_base

  #13215 commented on May 6, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [box_events] Failing test daily: pipeline test: test-suspicious-locations.log in box_events.events

  #13214 commented on May 6, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [github] Failing test daily: pipeline test: test-github-issues-json.log in github.issues

  #13213 commented on May 6, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [box_events] Failing test daily: pipeline test: test-malicious-content.log in box_events.events

  #13212 commented on May 6, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [box_events] Failing test daily: pipeline test: test-suspicious-sessions.log in box_events.events

  #13211 commented on May 6, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [box_events] Failing test daily: pipeline test: test-anomalous-download.log in box_events.events

  #13210 commented on May 6, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [box_events] Failing test daily: pipeline test: test-suspicious-locations.log in box_events.events

  #13209 commented on May 6, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [bitwarden] Failing test daily: pipeline test: test-policy.log in bitwarden.policy

  #13208 commented on May 6, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [box_events] Failing test daily: pipeline test: test-malicious-content.log in box_events.events

  #13207 commented on May 6, 2025 • 0 new comments

• [Keycloak] Add Support of Dashboard

  #13717 commented on May 5, 2025 • 0 new comments

• [wiz] Add defend data stream

  #13688 commented on May 5, 2025 • 0 new comments

• [O11y][Postgresql] Add support for user specific timezone map

  #13681 commented on May 6, 2025 • 0 new comments

• [AWS] Handle duplicate fields in Network Firewall Logs data stream

  #13676 commented on May 7, 2025 • 0 new comments

• Make kv more resillient and fingerprint more accurate

  #13640 commented on May 5, 2025 • 0 new comments

• Document Journald on docker

  #13597 commented on May 7, 2025 • 0 new comments

• [trend_micro_vision_one] Collect telemetry via the Datalake Pipeline API

  #13588 commented on May 6, 2025 • 0 new comments

• [checkpoint] Expand and fix IANA number handling

  #13568 commented on May 6, 2025 • 0 new comments

• Remove event.original processors from several remaining integrations part 2

  #13522 commented on May 5, 2025 • 0 new comments

• Removed event.original processors from network and network-obs relate…

  #13520 commented on May 5, 2025 • 0 new comments

• [AWS] Update README - EC2 Instance IAM Role for AWS Authentication

  #13434 commented on May 6, 2025 • 0 new comments

• [Armis] Initial release of the armis

  #13429 commented on May 5, 2025 • 0 new comments

• Added Endace integration

  #13423 commented on May 7, 2025 • 0 new comments

• Logstash fix health report conditional cel logic

  #13416 commented on May 4, 2025 • 0 new comments

• fix(azure_fw): add regexp to grok

  #13402 commented on May 2, 2025 • 0 new comments

• [integration/system] add use_performance_counters in system integration

  #13150 commented on May 6, 2025 • 0 new comments

• crowdstrike: implement enhanced field mapping logic

  #12913 commented on May 7, 2025 • 0 new comments

• fixed build README to generate

  #12461 commented on May 2, 2025 • 0 new comments

• Update description of Kafka protocol version to mention required value for Kafka 4.0

  #11655 commented on May 2, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [system] Failing test daily: system test: journald in system.auth

  #12785 commented on May 7, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [sql_input] Failing test daily: system test: mssql in sql_input.

  #13027 commented on May 7, 2025 • 0 new comments

• SSI Integration: Missing Dashboard

  #13702 commented on May 7, 2025 • 0 new comments

• [entityanalytics_ad]: Include computers in AD query

  #12950 commented on May 7, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [system] Failing test daily: system test: journald in system.auth

  #12763 commented on May 7, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [sql_input] Failing test daily: system test: mssql in sql_input.

  #13128 commented on May 7, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: mysql_8_0_35) in mysql.status

  #13005 commented on May 7, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [system] Failing test daily: system test: journald in system.auth

  #12765 commented on May 7, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [sql_input] Failing test daily: system test: mssql in sql_input.

  #13113 commented on May 7, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: percona_8_0_36) in mysql.galera_status

  #13030 commented on May 7, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: mysql_8_0_35) in mysql.performance

  #13131 commented on May 1, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [couchdb] Failing test daily: system test: metric in couchdb.server

  #13022 commented on May 1, 2025 • 0 new comments

• F5's logs (using syslog) are not parsed

  #7236 commented on May 1, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [symantec_endpoint_security] Failing test daily: system test: (elastic-agent logs - default) in symantec_endpoint_security.event

  #13696 commented on May 1, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [trellix_edr_cloud] Failing test daily: system test: (elastic-agent logs - default) in trellix_edr_cloud.event

  #13693 commented on May 1, 2025 • 0 new comments

• [LogsDB] [Subscription basic] [canva] Failing test daily: system test: default in canva.audit

  #13604 commented on May 1, 2025 • 0 new comments

• [Subscription basic] [imperva_cloud_waf] Failing test daily: system test: default in imperva_cloud_waf.event

  #13677 commented on May 1, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [ti_misp] Failing test daily: pipeline test: test-misp-sample-ndjson.log in ti_misp.threat

  #13234 commented on May 1, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [ti_misp] Failing test daily: pipeline test: test-misp-attributes-ndjson.log in ti_misp.threat

  #13233 commented on May 1, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [qualys_vmdr] Failing test daily: pipeline test: test-knowledge-base.log in qualys_vmdr.knowledge_base

  #13232 commented on May 1, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [qualys_vmdr] Failing test daily: pipeline test: test-asset-host-detection.log in qualys_vmdr.asset_host_detection

  #13231 commented on May 1, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [github] Failing test daily: pipeline test: test-github-issues-json.log in github.issues

  #13230 commented on May 1, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [box_events] Failing test daily: pipeline test: test-suspicious-sessions.log in box_events.events

  #13229 commented on May 1, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [box_events] Failing test daily: pipeline test: test-suspicious-locations.log in box_events.events

  #13228 commented on May 1, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [box_events] Failing test daily: pipeline test: test-malicious-content.log in box_events.events

  #13227 commented on May 1, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [box_events] Failing test daily: pipeline test: test-anomalous-download.log in box_events.events

  #13226 commented on May 1, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [bitwarden] Failing test daily: pipeline test: test-policy.log in bitwarden.policy

  #13225 commented on May 1, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [kafka_log] Failing test daily: system test: kafka in kafka_log.generic

  #13383 commented on May 3, 2025 • 0 new comments

• [LogsDB] [Subscription basic] [couchbase] Failing test daily: system test: default (variant: v7.1.0) in couchbase.cbl_replication

  #13660 commented on Apr 30, 2025 • 0 new comments

• [LogsDB] [Subscription basic] [mysql] Failing test daily: system test: default (variant: mysql_8_0_35) in mysql.galera_status

  #13661 commented on Apr 30, 2025 • 0 new comments

• [Subscription basic] [mysql] Failing test daily: system test: default (variant: mysql_8_0_35) in mysql.galera_status

  #13527 commented on Apr 30, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [symantec_endpoint_security] Failing test daily: system test: default in symantec_endpoint_security.event

  #13381 commented on Apr 30, 2025 • 0 new comments

• [tychon] Field type conflicts between data streams

  #13584 commented on Apr 30, 2025 • 0 new comments

• [jamf_protect] process field types conflict with ECS

  #13592 commented on Apr 30, 2025 • 0 new comments

• [falco] Conflicting field definitions (scalar fields with children)

  #13590 commented on Apr 30, 2025 • 0 new comments

• [mimecast] Field data type conflicts between data streams

  #13586 commented on Apr 30, 2025 • 0 new comments

• [tenable_io] vulnerability.description field type conflicts with ECS

  #13593 commented on Apr 30, 2025 • 0 new comments

• [ti_anomali] Field data type conflicts between data streams

  #13585 commented on Apr 30, 2025 • 0 new comments

• [Cribl] Release integration as GA

  #12480 commented on Apr 30, 2025 • 0 new comments

• [Zscaler ZIA]: poorly mapped to ECS categorisation fields

  #13100 commented on Apr 30, 2025 • 0 new comments

• [Cloudflare Logpush]: The field cloudflare_logpush.http_request.client.ssl.cipher has the wrong mapping

  #13596 commented on Apr 30, 2025 • 0 new comments

• [trendmicro] Upgrade integration would overwrite the integration settings

  #9813 commented on Apr 30, 2025 • 0 new comments

• [Qualys VMDR]: Generate unique identifiers for each interval ingestion

  #13167 commented on Apr 30, 2025 • 0 new comments

• [Google Workspace] Support All Event Types

  #4722 commented on Apr 30, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [zeek] Failing test daily: system test: splunk in zeek.dhcp

  #13722 commented on Apr 30, 2025 • 0 new comments

• [System] The core metrics do not use the `period` variable

  #9267 commented on Apr 30, 2025 • 0 new comments

• Add comment in the README for non-deprecated integrations that are not supported in serverless

  #13536 commented on Apr 30, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: mysql_8_0_35) in mysql.replica_status

  #13308 commented on May 3, 2025 • 0 new comments

• [Subscription basic] [mysql] Failing test daily: system test: default (variant: mysql_8_0_35) in mysql.performance

  #13563 commented on May 3, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: mysql_8_0_35) in mysql.performance

  #13327 commented on May 4, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [cisco_umbrella] Failing test daily: system test: default in cisco_umbrella.log

  #13699 commented on May 4, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: percona_8_0_36) in mysql.galera_status

  #13252 commented on May 4, 2025 • 0 new comments

• [LogsDB] [Subscription basic] [opencanary] Failing test daily: pipeline test: test-events.log in opencanary.events

  #13505 commented on May 4, 2025 • 0 new comments

• [Subscription basic] [mysql] Failing test daily: system test: default (variant: percona_8_0_36) in mysql.error

  #13579 commented on May 4, 2025 • 0 new comments

• [Subscription basic] [mysql] Failing test daily: system test: default (variant: percona_8_0_36) in mysql.galera_status

  #13562 commented on May 4, 2025 • 0 new comments

• [meta][CDR] Update Rapid7 integration to Leverage Native CDR Workflows

  #13647 commented on May 4, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: percona_8_0_36) in mysql.performance

  #13259 commented on May 5, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: mysql_8_0_35) in mysql.slowlog

  #13051 commented on May 5, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: mysql_8_0_35) in mysql.slowlog

  #13134 commented on May 5, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: mysql_8_0_35) in mysql.galera_status

  #13151 commented on May 5, 2025 • 0 new comments

• [CrowdStrike]: Processing of different events can lead to identical `_id`s

  #13720 commented on May 5, 2025 • 0 new comments

• [Subscription basic] [apache_tomcat] Failing test daily: system test: default (variant: v10.1.5) in apache_tomcat.catalina

  #13543 commented on May 5, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: mysql_8_0_35) in mysql.galera_status

  #13127 commented on May 6, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: mysql_8_0_35) in mysql.performance

  #13406 commented on May 6, 2025 • 0 new comments

• [entityanalytics_ad]: Investigate efficient handling of group membership data

  #12520 commented on May 6, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [ti_misp] Failing test daily: pipeline test: test-misp-sample-ndjson.log in ti_misp.threat

  #13224 commented on May 1, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [ti_misp] Failing test daily: pipeline test: test-misp-attributes-ndjson.log in ti_misp.threat

  #13223 commented on May 1, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [qualys_vmdr] Failing test daily: pipeline test: test-knowledge-base.log in qualys_vmdr.knowledge_base

  #13222 commented on May 1, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [qualys_vmdr] Failing test daily: pipeline test: test-asset-host-detection.log in qualys_vmdr.asset_host_detection

  #13221 commented on May 1, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [ti_misp] Failing test daily: pipeline test: test-misp-sample-ndjson.log in ti_misp.threat

  #13220 commented on May 1, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [github] Failing test daily: pipeline test: test-github-issues-json.log in github.issues

  #13219 commented on May 1, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [ti_misp] Failing test daily: pipeline test: test-misp-attributes-ndjson.log in ti_misp.threat

  #13218 commented on May 1, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [qualys_vmdr] Failing test daily: pipeline test: test-asset-host-detection.log in qualys_vmdr.asset_host_detection

  #13217 commented on May 1, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [box_events] Failing test daily: pipeline test: test-suspicious-sessions.log in box_events.events

  #13216 commented on May 1, 2025 • 0 new comments

• [Azure]: Standardize Azure field names across all integrations

  #13369 commented on May 1, 2025 • 0 new comments

• [Azure Logs]: Sign-In Logs Reporting `none` Where Value Exists

  #12833 commented on May 1, 2025 • 0 new comments

• [LogsDB] [Subscription basic] [mysql] Failing test daily: system test: default (variant: mysql_8_0_35) in mysql.error

  #13529 commented on May 2, 2025 • 0 new comments

• [LogsDB] [Subscription basic] [mysql] Failing test daily: system test: default (variant: percona_8_0_36) in mysql.performance

  #13504 commented on May 2, 2025 • 0 new comments

• [LogsDB] [Subscription basic] [system] Failing test daily: system test: default in system.process

  #13531 commented on May 2, 2025 • 0 new comments

• [SLES 15]: No "system.auth" logs for system integration under Data Streams tab for SLES 15 linux agent.

  #13752 commented on May 2, 2025 • 0 new comments

• [Usability] Improve/align user experience for Custom * Integrations

  #11375 commented on May 2, 2025 • 0 new comments

• [ Azure Logs ] Wrong mapping in the Activity Logs data set result in ignored fields and poor data set quality

  #13692 commented on May 2, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: mysql_8_0_35) in mysql.error

  #13701 commented on May 3, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: percona_8_0_36) in mysql.error

  #13273 commented on May 3, 2025 • 0 new comments