15 Pull requests merged by 12 people

• [Tenable OT Security] Fix field type of message field

  #13723 merged May 8, 2025

• [crowdstrike] Reset state values to overcome error in vulnerability data collection.

  #13740 merged May 8, 2025

• o365: ensure empty responses do not lead to invalid request ranges

  #13834 merged May 8, 2025

• [Cloudflare] Use CEL input to add support for token authorization in Audit log data stream

  #13698 merged May 8, 2025

• Added Endace integration

  #13423 merged May 7, 2025

• [CI] Update backport script to include latest changes for mage

  #13827 merged May 7, 2025

• [Cloud Security] Backport cloud security posture 1.13: remove GCP project and org Id from validation

  #13806 merged May 7, 2025

• [netflow] Expand the tcp_control_bits into the relevant flag names

  #13307 merged May 7, 2025

• [Cisco Secure Endpoint] Add Dashboard

  #13746 merged May 7, 2025

• [google_workspace] Add google meet data stream

  #13732 merged May 7, 2025

• [CI] Add missing mage scripts ci

  #13823 merged May 7, 2025

• [O365 Metrics] Fix Teams Call Quality cel code in case of multiple page responses & restructure field names

  #13132 merged May 7, 2025

• github-action: add catalog-validate for GitHub actions

  #13804 merged May 7, 2025

• [AWS] Handle duplicate fields in Network Firewall Logs data stream

  #13676 merged May 7, 2025

• [miniflux] New integration

  #13631 merged May 7, 2025

9 Pull requests opened by 8 people

• [Jamf Protect] Fix field type from `long` to `keyword` for process fields

  #13824 opened May 7, 2025

• mimecast: resolve field data type conflicts between data streams

  #13825 opened May 7, 2025

• [ti_anomali] Add support for proxy URL and SSL configuration parameters

  #13826 opened May 7, 2025

• [system] Add support for more event-ids in the security data stream

  #13828 opened May 7, 2025

• [Symantec Endpoint Security]Update test logs

  #13829 opened May 7, 2025

• Add new AWS Config datastream.

  #13830 opened May 7, 2025

• Test pr merge 13810

  #13831 opened May 7, 2025

• [CI] Do not use -q parameter together with git commands in pipe

  #13832 opened May 7, 2025

• crowdstrike: handle UTCTimestamp values in Unix seconds

  #13833 opened May 7, 2025

6 Issues closed by 4 people

• [O365 Metrics] Allow resource-specific configurations to be set via integration.

  #13072 closed May 8, 2025

• [tenable_ot_security] message field type conflicts with ECS

  #13594 closed May 8, 2025

• Due diligence ticket for clean up Aruba feature-branch integration before merging into `main`

  #12249 closed May 7, 2025

• [Google Workspace]: Add google meet event type

  #13512 closed May 7, 2025

• [LastPass] Update data collection after resolve request_body_on_pagination issue

  #4256 closed May 7, 2025

• [AWS] Network Firewall logs ingest pipeline duplicate field error

  #5071 closed May 7, 2025

79 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• [vectra_cloud] Initial release of the Vectra Cloud

  #13646 commented on May 8, 2025 • 20 new comments

• [GreyNoise] Add Integration Package

  #13745 commented on May 8, 2025 • 14 new comments

• Use journald input by default when running system integration for SLES 15-SP6

  #13759 commented on May 7, 2025 • 5 new comments

• [Falco] Fix Conflicting Field Types

  #13800 commented on May 7, 2025 • 3 new comments

• tenable_io: Add mappings and transform for Cloud Detection and Response (CDR) workflow

  #13636 commented on May 7, 2025 • 3 new comments

• [M365 Defender] Add support of vulnerability data-stream

  #13595 commented on May 8, 2025 • 2 new comments

• [DOCS] Part 1 - Remove duplicated installation instructions

  #13573 commented on May 8, 2025 • 2 new comments

• [ti_recordedfuture] Add Support for Legacy and Playbook Alerts

  #13494 commented on May 8, 2025 • 2 new comments

• [Stack 9.1.0-SNAPSHOT] [system] Failing test daily: system test: journald in system.auth

  #12785 commented on May 8, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [sql_input] Failing test daily: system test: mssql in sql_input.

  #13027 commented on May 8, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [nats] Failing test daily: system test: default (variant: v2) in nats.stats

  #13819 commented on May 8, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [nats] Failing test daily: system test: default (variant: v1) in nats.stats

  #13818 commented on May 8, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [nats] Failing test daily: system test: default (variant: v2) in nats.connection

  #13821 commented on May 8, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [nats] Failing test daily: system test: default (variant: v1) in nats.connection

  #13820 commented on May 8, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: percona_8_0_36) in mysql.error

  #13419 commented on May 8, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: mysql_8_0_35) in mysql.error

  #13384 commented on May 8, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: percona_8_0_36) in mysql.status

  #13501 commented on May 8, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [hpe_aruba_cx] Failing test daily: system test: filestream in hpe_aruba_cx.log

  #13797 commented on May 8, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [system] Failing test daily: system test: default in system.process

  #13091 commented on May 8, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [system] Failing test daily: system test: journald in system.auth

  #12763 commented on May 8, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [system] Failing test daily: system test: journald in system.auth

  #12765 commented on May 8, 2025 • 0 new comments

• [ Azure Logs ] Wrong mapping in the Activity Logs data set result in ignored fields and poor data set quality

  #13692 commented on May 7, 2025 • 0 new comments

• [Juniper SRX] Documentation improvement needed

  #11807 commented on May 7, 2025 • 0 new comments

• [Azure Logs]: AzureFirewallNetworkRuleLog - Provided Grok expressions do not match field value

  #13096 commented on May 7, 2025 • 0 new comments

• [LogsDB] [Subscription basic] [mysql] Failing test daily: system test: default (variant: mysql_8_0_35) in mysql.error

  #13529 commented on May 8, 2025 • 0 new comments

• [LogsDB] [Subscription basic] [mysql] Failing test daily: system test: default (variant: percona_8_0_36) in mysql.slowlog

  #13559 commented on May 8, 2025 • 0 new comments

• [Subscription basic] [apache_tomcat] Failing test daily: system test: default (variant: v10.1.5) in apache_tomcat.catalina

  #13543 commented on May 8, 2025 • 0 new comments

• [Subscription basic] [mysql] Failing test daily: system test: default (variant: percona_8_0_36) in mysql.galera_status

  #13562 commented on May 8, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [cisco_umbrella] Failing test daily: system test: default in cisco_umbrella.log

  #13432 commented on May 8, 2025 • 0 new comments

• Security ai prompts

  #12721 commented on May 7, 2025 • 0 new comments

• Enhancement: Add beelzebub integration, resolve #12910

  #12914 commented on May 8, 2025 • 0 new comments

• [integration/system] add use_performance_counters in system integration

  #13150 commented on May 7, 2025 • 0 new comments

• [Google Threat Intelligence] Add phishing, ransomware, threat_actor, trending and vulnerability_weaponization data streams

  #13236 commented on May 8, 2025 • 0 new comments

• [AWS] Update README - EC2 Instance IAM Role for AWS Authentication

  #13434 commented on May 7, 2025 • 0 new comments

• [Google Threat Intelligence] Add IOC Stream data stream

  #13449 commented on May 7, 2025 • 0 new comments

• Removed event.original processors from network and network-obs relate…

  #13520 commented on May 7, 2025 • 0 new comments

• Remove event.original processors from several remaining integrations part 2

  #13522 commented on May 7, 2025 • 0 new comments

• bk: use OIDC to create AWS cloud resources

  #13790 commented on May 7, 2025 • 0 new comments

• [system][fsstat] - Add support for ignore_types

  #13802 commented on May 7, 2025 • 0 new comments

• [cisco_ios] Improve hostname parsing

  #13816 commented on May 7, 2025 • 0 new comments

• [Infoblox NIOS]: error.message Processor 'convert' with tag '' in pipeline logs-infoblox_nios.log-1.29.0-pipeline_audit failed with message ''2001\1234\1234\1234\1235\1234' is not an IP string literal.'

  #13782 commented on May 7, 2025 • 0 new comments

• [Office365] Populate ECS `message` Field with Alert Titles from SecurityComplianceAlerts

  #12596 commented on May 7, 2025 • 0 new comments

• [Azure]: Standardize Azure field names across all integrations

  #13369 commented on May 7, 2025 • 0 new comments

• [Office365] Populate ECS `message` Field with Alert Titles for DLP Exchange Alerts

  #12598 commented on May 7, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [aws] Failing test daily: system test: default in aws.route53_resolver_logs

  #12980 commented on May 7, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [google_workspace] Failing test daily: system test: default in google_workspace.saml

  #12978 commented on May 7, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [aws] Failing test daily: system test: (elastic-agent logs - default) in aws.vpcflow

  #13778 commented on May 7, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [bitwarden] Failing test daily: pipeline test: test-policy.log in bitwarden.policy

  #13225 commented on May 7, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [box_events] Failing test daily: pipeline test: test-suspicious-locations.log in box_events.events

  #13228 commented on May 7, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [box_events] Failing test daily: pipeline test: test-suspicious-sessions.log in box_events.events

  #13229 commented on May 7, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [ti_misp] Failing test daily: pipeline test: test-misp-attributes-ndjson.log in ti_misp.threat

  #13223 commented on May 7, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [ti_misp] Failing test daily: pipeline test: test-misp-sample-ndjson.log in ti_misp.threat

  #13224 commented on May 7, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [ti_misp] Failing test daily: pipeline test: test-misp-attributes-ndjson.log in ti_misp.threat

  #13233 commented on May 7, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [ti_misp] Failing test daily: pipeline test: test-misp-sample-ndjson.log in ti_misp.threat

  #13234 commented on May 7, 2025 • 0 new comments

• [Subscription basic] [imperva_cloud_waf] Failing test daily: system test: default in imperva_cloud_waf.event

  #13677 commented on May 7, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [trellix_edr_cloud] Failing test daily: system test: (elastic-agent logs - default) in trellix_edr_cloud.event

  #13693 commented on May 7, 2025 • 0 new comments

• Bug: MISP elastic-agent integration don't get any logs in Kibana discover view

  #5684 commented on May 7, 2025 • 0 new comments

• Add username fields to CrowdStrike FDR

  #10661 commented on May 7, 2025 • 0 new comments

• SSI Integration: Missing Dashboard

  #13702 commented on May 7, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [crowdstrike] Failing test daily: system test: (elastic-agent logs - default) in crowdstrike.fdr

  #13817 commented on May 7, 2025 • 0 new comments

• [Google Workspace] Support All Event Types

  #4722 commented on May 7, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [cassandra] Failing test daily: system test: default (variant: v3.11.11) in cassandra.log

  #13811 commented on May 7, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [bitwarden] Failing test daily: pipeline test: test-policy.log in bitwarden.policy

  #13205 commented on May 7, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [bitwarden] Failing test daily: pipeline test: test-policy.log in bitwarden.policy

  #13208 commented on May 7, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [github] Failing test daily: pipeline test: test-github-issues-json.log in github.issues

  #13213 commented on May 7, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [qualys_vmdr] Failing test daily: pipeline test: test-knowledge-base.log in qualys_vmdr.knowledge_base

  #13215 commented on May 7, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [qualys_vmdr] Failing test daily: pipeline test: test-asset-host-detection.log in qualys_vmdr.asset_host_detection

  #13217 commented on May 7, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [github] Failing test daily: pipeline test: test-github-issues-json.log in github.issues

  #13219 commented on May 7, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [qualys_vmdr] Failing test daily: pipeline test: test-asset-host-detection.log in qualys_vmdr.asset_host_detection

  #13221 commented on May 7, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [qualys_vmdr] Failing test daily: pipeline test: test-knowledge-base.log in qualys_vmdr.knowledge_base

  #13222 commented on May 7, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [github] Failing test daily: pipeline test: test-github-issues-json.log in github.issues

  #13230 commented on May 7, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [qualys_vmdr] Failing test daily: pipeline test: test-asset-host-detection.log in qualys_vmdr.asset_host_detection

  #13231 commented on May 7, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [symantec_endpoint_security] Failing test daily: system test: (elastic-agent logs - default) in symantec_endpoint_security.event

  #13696 commented on May 7, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [symantec_endpoint_security] Failing test daily: system test: default in symantec_endpoint_security.event

  #13381 commented on May 7, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [cisco_umbrella] Failing test daily: system test: default in cisco_umbrella.log

  #13004 commented on May 7, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [cisco_umbrella] Failing test daily: system test: default in cisco_umbrella.log

  #13699 commented on May 7, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [ti_misp] Failing test daily: pipeline test: test-misp-attributes-ndjson.log in ti_misp.threat

  #13218 commented on May 7, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [ti_misp] Failing test daily: pipeline test: test-misp-sample-ndjson.log in ti_misp.threat

  #13220 commented on May 7, 2025 • 0 new comments

• [SentinelOne]: Activities by OS Family visualization is unpopulated

  #12902 commented on May 7, 2025 • 0 new comments