188 Pull requests merged by 61 people

• [Keycloak] Add Overview Dashboard

  #13717 merged May 8, 2025

• [Tenable OT Security] Fix field type of message field

  #13723 merged May 8, 2025

• [crowdstrike] Reset state values to overcome error in vulnerability data collection.

  #13740 merged May 8, 2025

• o365: ensure empty responses do not lead to invalid request ranges

  #13834 merged May 8, 2025

• [Cloudflare] Use CEL input to add support for token authorization in Audit log data stream

  #13698 merged May 8, 2025

• Added Endace integration

  #13423 merged May 7, 2025

• [CI] Update backport script to include latest changes for mage

  #13827 merged May 7, 2025

• [Cloud Security] Backport cloud security posture 1.13: remove GCP project and org Id from validation

  #13806 merged May 7, 2025

• [netflow] Expand the tcp_control_bits into the relevant flag names

  #13307 merged May 7, 2025

• [Cisco Secure Endpoint] Add Dashboard

  #13746 merged May 7, 2025

• [google_workspace] Add google meet data stream

  #13732 merged May 7, 2025

• [CI] Add missing mage scripts ci

  #13823 merged May 7, 2025

• [O365 Metrics] Fix Teams Call Quality cel code in case of multiple page responses & restructure field names

  #13132 merged May 7, 2025

• github-action: add catalog-validate for GitHub actions

  #13804 merged May 7, 2025

• [AWS] Handle duplicate fields in Network Firewall Logs data stream

  #13676 merged May 7, 2025

• [miniflux] New integration

  #13631 merged May 7, 2025

• [FireEye] Add Overview Dashboard

  #13713 merged May 7, 2025

• [okta] Fix dashboard filters

  #13761 merged May 7, 2025

• [Security Rules] Update security rules package to v9.0.4

  #13815 merged May 7, 2025

• [Security Rules] Update security rules package to v8.18.4

  #13814 merged May 7, 2025

• [Security Rules] Update security rules package to v8.17.11

  #13813 merged May 7, 2025

• [Security Rules] Update security rules package to v8.16.13

  #13812 merged May 7, 2025

• [Security Rules] Update security rules package to v8.18.4-beta.1

  #13809 merged May 7, 2025

• [Security Rules] Update security rules package to v8.17.11-beta.1

  #13808 merged May 7, 2025

• [Security Rules] Update security rules package to v8.16.13-beta.1

  #13807 merged May 7, 2025

• [Security Rules] Update security rules package to v9.0.4-beta.1

  #13810 merged May 7, 2025

• beyondinsight_password_safe: improve error reporting for API request failures

  #13796 merged May 6, 2025

• [Security Solution] Security AI Prompts

  #13323 merged May 6, 2025

• #11767 - Remove deprecated httpjson from packages zeek, apache, system, windows, aws.cloudtrail and nginx

  #13246 merged May 6, 2025

• Remove event.original processors from several remaining integrations part 1

  #13521 merged May 6, 2025

• build(deps): bump golang.org/x/tools from 0.32.0 to 0.33.0

  #13803 merged May 6, 2025

• o365: improve clarity of CEL code

  #13795 merged May 6, 2025

• [Integrations docs] Fix mispelled word on the screenshot

  #13789 merged May 6, 2025

• [crowdstrike] Improve device.id ECS mapping for FDR data stream

  #13762 merged May 6, 2025

• [Crowdstrike] Fix navigation links in Table of Contents section

  #13763 merged May 6, 2025

• [Cloudflare Logpush] Fix data type for http_request.bot.detection_tags field

  #13581 merged May 6, 2025

• catalog-info: grant manage access to the CI robots team

  #13792 merged May 5, 2025

• #11810 Enabling Agentless for AWS Security Hub

  #13367 merged May 5, 2025

• build(deps): bump updatecli/updatecli-action from 2.82.0 to 2.83.0

  #13791 merged May 5, 2025

• [zeek] Fix date parsing error for smtp logs

  #13780 merged May 5, 2025

• [hpe_aruba_cx] Initial Release for HPE Aruba CX

  #13689 merged May 5, 2025

• [Atlassian JIRA and Atlassian Confluence] Fix Time Parsing in Cursor Logic

  #13784 merged May 5, 2025

• [Pulse Connect Secure] Add Support of Dashboard

  #13747 merged May 5, 2025

• opencanary: do not test redact-enabled pipeline

  #13551 merged May 4, 2025

• sentinel_one_cloud_funnel: ensure that []-indexes are null safe

  #13711 merged May 4, 2025

• entityanalytics_okta,okta: record okta domain into host.name in ingested documents

  #13721 merged May 4, 2025

• [google_workspace] Handle lag time

  #13703 merged May 4, 2025

• [system/process][system/process_summary] Add support degrade_on_partial

  #13074 merged May 4, 2025

• [fortinet_fortigate] Set bad URL to url.original

  #13767 merged May 2, 2025

• [Cloud Security] Fix Cloud Asset Inventory dataview name

  #13768 merged May 2, 2025

• [azure_frontdoor] Clarify supported log types in README

  #13727 merged May 2, 2025

• ti_abusech: Increase memory for agentless deployment

  #13760 merged May 2, 2025

• [symantec_endpoint_security] Event mapping improvements

  #13671 merged May 2, 2025

• [Swimlane] New integration

  #13499 merged May 2, 2025

• [Azure OpenAI] Add support for dynamically loading content filter categories

  #13675 merged May 2, 2025

• [Cloud Security] Change Cloud Asset Inventory to Cloud Asset Discovery

  #13748 merged May 1, 2025

• ssi: ensure request trace is off by default

  #13712 merged Apr 30, 2025

• entityanalytics_ad: map user group details to ecs fields

  #13550 merged Apr 30, 2025

• [Security Rules] Update security rules package to v9.0.3

  #13744 merged Apr 30, 2025

• [Security Rules] Update security rules package to v8.18.3

  #13743 merged Apr 30, 2025

• [Security Rules] Update security rules package to v8.17.10

  #13742 merged Apr 30, 2025

• [Security Rules] Update security rules package to v8.16.12

  #13741 merged Apr 30, 2025

• [Bug]Fixed missing template_path for google_cloud_storage elastic connector

  #13719 merged Apr 30, 2025

• [Security Rules] Update security rules package to v9.0.3-beta.1

  #13737 merged Apr 30, 2025

• [Security Rules] Update security rules package to v8.18.3-beta.1

  #13736 merged Apr 30, 2025

• [Security Rules] Update security rules package to v8.17.10-beta.1

  #13735 merged Apr 30, 2025

• [Security Rules] Update security rules package to v8.16.12-beta.1

  #13734 merged Apr 30, 2025

• [Cloud Asset Inventory] Add required_vars

  #13714 merged Apr 30, 2025

• abnormal_security: fix navigation between dashboards in tables of content

  #13643 merged Apr 30, 2025

• [netskope] Ignore empty string values for ml_detection and is_web_universal_connector

  #13649 merged Apr 30, 2025

• [google_workspace] Add new data stream: vault

  #13662 merged Apr 30, 2025

• m365_defender: improve user.name field handling

  #13554 merged Apr 30, 2025

• o365: improve rendering of event.original in documents

  #13557 merged Apr 30, 2025

• Removed event.original processors for integration Zeek

  #13517 merged Apr 29, 2025

• [O365 Metrics] Add Entra Agent data stream

  #13549 merged Apr 29, 2025

• ti_abusech: Handle API errors inside CEL

  #13708 merged Apr 29, 2025

• [Atlassian JIRA and Atlassian Conflunce] Update Cursor Logic to Remove Duplicate Events

  #13665 merged Apr 28, 2025

• [fortinet_fortigate] Add deltabytes field, ensure rcvddelta and sentdelta fields are integers

  #13668 merged Apr 28, 2025

• [watchguard_firebox] Fix parsing errors

  #13324 merged Apr 28, 2025

• [Cloud Security] bump posture package

  #13582 merged Apr 28, 2025

• [LMD] Remove time_of_day detector from ML module

  #13687 merged Apr 28, 2025

• [Security Rules] Update security rules package to v9.0.2

  #13707 merged Apr 28, 2025

• [Security Rules] Update security rules package to v8.18.2

  #13706 merged Apr 28, 2025

• [Security Rules] Update security rules package to v8.17.9

  #13705 merged Apr 28, 2025

• [Security Rules] Update security rules package to v8.16.11

  #13704 merged Apr 28, 2025

• [Security Rules] Update security rules package to v9.0.2-beta.1

  #13686 merged Apr 28, 2025

• [Security Rules] Update security rules package to v8.18.2-beta.1

  #13685 merged Apr 28, 2025

• [Security Rules] Update security rules package to v8.17.9-beta.1

  #13684 merged Apr 28, 2025

• [Security Rules] Update security rules package to v8.16.11-beta.1

  #13683 merged Apr 28, 2025

• qualys_vmdr: Add latest transform for Asset Host Detections

  #13455 merged Apr 28, 2025

• [Servicenow] Add support to append sysparm query in CEL input

  #13621 merged Apr 28, 2025

• [O365 Metrics] Add Entra Alerts data stream

  #13547 merged Apr 25, 2025

• Rename the log package from Legacy to Deprecated

  #13679 merged Apr 25, 2025

• Handle events without event_data properly

  #13571 merged Apr 25, 2025

• sentinel_one_cloud_funnel: improve error reporting and fix incorrect remove processor

  #13577 merged Apr 24, 2025

• Add warning about migrating from log to filestream

  #13670 merged Apr 24, 2025

• [cisco_ise] Add Support of Timezone Configuration Parameter

  #13540 merged Apr 24, 2025

• Change DED field mappings to ECS

  #13601 merged Apr 24, 2025

• [osquery] Ensure event.type is an array

  #13667 merged Apr 24, 2025

• Rename Custom Filestream Logs -> Custom Logs (Filestream)

  #13666 merged Apr 24, 2025

• Rename Custom Logs -> Custom Logs (Legacy)

  #13664 merged Apr 24, 2025

• [docs] Fix various syntax and rendering errors

  #13653 merged Apr 24, 2025

• [splunk] Update the splunk logo to have transparent background

  #13655 merged Apr 24, 2025

• Allow deprecated mode for the log integration

  #13663 merged Apr 24, 2025

• [Teleport] Add support for configuring which cloud metadata to use

  #13634 merged Apr 24, 2025

• Add support for EDT timezone

  #13654 merged Apr 24, 2025

• [integrations][websocket] - Added support for retry configuration options

  #13657 merged Apr 24, 2025

• fix(packages/falco): use ecs definition for process.group.{id,name}

  #13589 merged Apr 24, 2025

• fix(packages/ti_domaintools): use ecs field definitions

  #13587 merged Apr 24, 2025

• [Ping_Federate] bug fixes error when msg field in extensions is empty

  #13644 merged Apr 23, 2025

• [CSPM] Remove unused azure credentials

  #13652 merged Apr 23, 2025

• [Azure OpenAI] Update billing dashboard panel

  #13481 merged Apr 23, 2025

• Cloud Security Posture - Misconfiguration Latest Transform

  #13444 merged Apr 23, 2025

• checkpoint_harmony_endpoint: fix typo when calculating next start time

  #13642 merged Apr 23, 2025

• [google_workspace] Fix CEL page token and cursor logic

  #13639 merged Apr 23, 2025

• [ESET Protect] Remove BOM from the Syslog message

  #13622 merged Apr 23, 2025

• [sentinel_one] Populate ECS field message for threat, alert and activity datastreams

  #13628 merged Apr 23, 2025

• [HAProxy] Ingest Pipeline Fix to handle Malformed URLs

  #13625 merged Apr 23, 2025

• [google_workspace] Add chat event type as a new data stream

  #13509 merged Apr 22, 2025

• [cisco_meraki_metrics] scale values in device channel utilization so they display correctly as percentages

  #13638 merged Apr 22, 2025

• [GCP] Preserve original value of resource name

  #13633 merged Apr 22, 2025

• build(deps): bump updatecli/updatecli-action from 2.81.0 to 2.82.0

  #13627 merged Apr 21, 2025

• [automation] Update packages in .github/ISSUE_TEMPLATE/integration_*.yml

  #13598 merged Apr 21, 2025

• [AWS] Guardduty dashboard enhancements

  #13542 merged Apr 21, 2025

• fix(issue template): sort packages by title

  #13583 merged Apr 17, 2025

• Add new AWS Security Hub Findings Full Posture data stream and update misconfig transform to use it

  #13372 merged Apr 17, 2025

• abnormal_security: add support for Not Analyzed Messages data stream

  #13483 merged Apr 16, 2025

• [PAD] Fix a small bug in the dashboard

  #13574 merged Apr 16, 2025

• [cisco_meraki_metrics] Rename channel_utilization bands

  #13332 merged Apr 16, 2025

• [system,windows] Fix security pipeline and powershell dashboard

  #13546 merged Apr 16, 2025

• [automation] Update packages in .github/ISSUE_TEMPLATE/integration_*.yml

  #13552 merged Apr 16, 2025

• [Nvidia/GPU] Introduce Nvidia GPU Integration

  #12768 merged Apr 15, 2025

• [docs] Fix image paths for docs-assembler

  #13548 merged Apr 15, 2025

• [EDR Workflows] change the codeowner of osquery to security-defend-workflows

  #13415 merged Apr 15, 2025

• Change ecosystem to integrations-triaging as default owner

  #13545 merged Apr 15, 2025

• [beyondtrust_pra] Initial release of the BeyondTrust PRA

  #13403 merged Apr 15, 2025

• proofpoint_on_demand: fix handling of objects with whitespace keys

  #13541 merged Apr 15, 2025

• [automation] Update packages in .github/ISSUE_TEMPLATE/integration_*.yml

  #13537 merged Apr 15, 2025

• [O365 Metrics] Add field site_type missing in onedrive data streams

  #13139 merged Apr 15, 2025

• microsoft_sentinel, google_secops: Make packages GA

  #13534 merged Apr 15, 2025

• [splunk] adding siem category to splunk

  #13533 merged Apr 14, 2025

• [Cloud Security Posture] UpdateCloud connector integration input

  #13488 merged Apr 14, 2025

• [Splunk] Initial release of the splunk

  #13085 merged Apr 14, 2025

• [windows] Fix PS dashboard filters

  #13532 merged Apr 14, 2025

• [microsoft_defender_endpoint] Add machine and machine action data streams

  #13523 merged Apr 14, 2025

• Update cloud_defend README.md with deprecation notice

  #13475 merged Apr 14, 2025

• [Wiz] Add links to the wiz events

  #13445 merged Apr 13, 2025

• [panw] Fix network traffic direction logic

  #13515 merged Apr 11, 2025

• [cisco_ios] Fix parsing of FQDN hostnames

  #13450 merged Apr 11, 2025

• Downgrade github.com/creack/pty

  #13513 merged Apr 11, 2025

• [CI][Docs] Update ci docs basic subscription

  #13508 merged Apr 11, 2025

• Updating grok pattern for awss3 access ingest pipeline

  #13486 merged Apr 11, 2025

• [CI] Remove workaround test stack 9 packages in daily CI jobs

  #13491 merged Apr 11, 2025

• [O365 Metrics] Add Entra Features data stream

  #13254 merged Apr 11, 2025

• Fix Sign-in logs location.state field to region field

  #13439 merged Apr 11, 2025

• [Elastic Agent] Remove hardcoded agent.name filter from Agent Metrics dashboard

  #13497 merged Apr 10, 2025

• [CI] Create several schedules

  #13484 merged Apr 10, 2025

• build(deps): bump helm.sh/helm/v3 from 3.17.2 to 3.17.3

  #13495 merged Apr 10, 2025

• [CI] Add support to test packages basic subscription and LogsDB index mode

  #13473 merged Apr 10, 2025

• [Auth0] Fix event.type and event.category for failed authentication events

  #13480 merged Apr 10, 2025

• [crowdstrike, microsoft_defender_endpoint, sentinel_one] Update host.* ECS mappings

  #13373 merged Apr 10, 2025

• [google_workspace] Add calendar event type as a new data stream

  #13461 merged Apr 10, 2025

• [crowdstrike, sentinel_one] logo updates to support AI4DSOC

  #13487 merged Apr 9, 2025

• [google_secops, microsoft_sentinel] logo and categorization updates to support AI4DSOC

  #13431 merged Apr 9, 2025

• okta: improve documentation relating to Okta rate limits

  #13479 merged Apr 9, 2025

• [CI] Add support to test packages with basic subscription

  #13377 merged Apr 9, 2025

• sentinel_one: fix handling of events with empty string values

  #13478 merged Apr 9, 2025

• [system][syslog] add a pattern in filebeat.system module to capture greedy multiline logs with ISO timestamps

  #13427 merged Apr 9, 2025

• [O11y][MongoDB Atlas] Make GA

  #13458 merged Apr 9, 2025

• build(deps): bump github.com/elastic/elastic-package from 0.110.2 to 0.111.0

  #13464 merged Apr 9, 2025

• checkpoint_harmony_endpoint: fixes in CEL to control data flow

  #13474 merged Apr 9, 2025

• ssi: add support for request trace deletion

  #13452 merged Apr 8, 2025

• build(deps): bump golang.org/x/tools from 0.31.0 to 0.32.0

  #13463 merged Apr 8, 2025

• [Security Rules] Update security rules package to v8.16.10

  #13472 merged Apr 8, 2025

• [Security Rules] Update security rules package to v9.0.1

  #13471 merged Apr 8, 2025

• [Security Rules] Update security rules package to v8.18.1

  #13470 merged Apr 8, 2025

• [Security Rules] Update security rules package to v8.17.8

  #13469 merged Apr 8, 2025

• [Security Rules] Update security rules package to v8.16.10-beta.1

  #13465 merged Apr 8, 2025

• [Security Rules] Update security rules package to v8.17.8-beta.1

  #13466 merged Apr 8, 2025

• [Security Rules] Update security rules package to v8.18.1-beta.1

  #13467 merged Apr 8, 2025

• [Security Rules] Update security rules package to v9.0.1-beta.1

  #13468 merged Apr 8, 2025

• [O11y][MongoDB Atlas] Update all dashboards as per best practices

  #13425 merged Apr 8, 2025

• [Abnormal Security] - Added support for vendor case data stream

  #13428 merged Apr 8, 2025

• cloudflare_logpush: add tests for gateway_{dns,http}

  #13451 merged Apr 8, 2025

• [O11y][MongoDB Atlas] Update organization and project data streams

  #12985 merged Apr 8, 2025

• proofpoint_on_demand: set subobjects false to msg_parts.metadata field

  #13421 merged Apr 8, 2025

• [O11y][MongoDB Atlas] Keep consistency in the tooltip descriptions

  #13033 merged Apr 8, 2025

• [unifiedlogs] Downgrade package spec version

  #13448 merged Apr 8, 2025

57 Pull requests opened by 34 people

• test kafka logs data stream against Kafka 3.6.0 logs

  #13485 opened Apr 9, 2025

• [windows_etw] Make windows_etw ga

  #13492 opened Apr 10, 2025

• [ti_recordedfuture] Add Support for Legacy and Playbook Alerts

  #13494 opened Apr 10, 2025

• Removed event original processors in database and mq integrations

  #13518 opened Apr 12, 2025

• Removed event.original processors in webserver/proxy related integrations

  #13519 opened Apr 12, 2025

• Removed event.original processors from network and network-obs relate…

  #13520 opened Apr 12, 2025

• Remove event.original processors from several remaining integrations part 2

  #13522 opened Apr 12, 2025

• tencent_cloud: Add new datastreams

  #13565 opened Apr 16, 2025

• [checkpoint] Expand and fix IANA number handling

  #13568 opened Apr 16, 2025

• [DOCS] Part 1 - Remove duplicated installation instructions

  #13573 opened Apr 16, 2025

• Add delete options for Custom Filestream integration

  #13576 opened Apr 16, 2025

• o365: add support for TaskListRead events

  #13578 opened Apr 17, 2025

• [trend_micro_vision_one] Collect telemetry via the Datalake Pipeline API

  #13588 opened Apr 17, 2025

• [M365 Defender] Add support of vulnerability data-stream

  #13595 opened Apr 17, 2025

• Document Journald on docker

  #13597 opened Apr 17, 2025

• [sysdig] Add support for security event datastream

  #13626 opened Apr 21, 2025

• tenable_io: Add mappings and transform for Cloud Detection and Response (CDR) workflow

  #13636 opened Apr 22, 2025

• Make kv more resillient and fingerprint more accurate

  #13640 opened Apr 22, 2025

• [O11y][MongoDB Atlas] Update documentation for alert data stream

  #13641 opened Apr 22, 2025

• [vectra_cloud] Initial release of the Vectra Cloud

  #13646 opened Apr 23, 2025

• [Kafka] Add Consumer and Producer data streams

  #13648 opened Apr 23, 2025

• [panw_cortex_xdr] Add event data stream and dashboards of incident and alert

  #13680 opened Apr 25, 2025

• [O11y][Postgresql] Add support for user specific timezone map

  #13681 opened Apr 25, 2025

• [wiz] Add defend data stream

  #13688 opened Apr 25, 2025

• synthetics - support ssl.cipher_suites

  #13690 opened Apr 25, 2025

• ti_abusech: Update Fleet status message on API 402

  #13718 opened Apr 29, 2025

• [mattermost] Add Support of Dashboard

  #13731 opened Apr 30, 2025

• Gigamon: ZT and OT dashboards added and Renaming of NPM Dashboards to Network Telemetry Insights.

  #13733 opened Apr 30, 2025

• [GreyNoise] Add Integration Package

  #13745 opened Apr 30, 2025

• entityanalytics_okta: add user roles collection support

  #13750 opened May 1, 2025

• feat: [journald] add support for condition

  #13753 opened May 1, 2025

• zscaler_zpa: fix handling of multiple remote IPs, and event categorisation

  #13755 opened May 1, 2025

• Use journald input by default when running system integration for SLES 15-SP6

  #13759 opened May 2, 2025

• [System] Add pipeline for AD FS Auditing to security data stream.

  #13765 opened May 2, 2025

• [Fleet Server] Added support for the fleet scalability settings as direct toggles in fleet ui

  #13766 opened May 2, 2025

• [M365 Defender] Improve response action support in event dataset.

  #13769 opened May 3, 2025

• gcp: remove never-successful violation field renames

  #13777 opened May 4, 2025

• crowdstrike: improve falcon data stream document collision behaviour

  #13779 opened May 5, 2025

• Align datatypes with ECS

  #13781 opened May 5, 2025

• Add enable_batch_api option in azure resource metrics

  #13783 opened May 5, 2025

• [GreyNoise] Add transform pipeline for package

  #13786 opened May 5, 2025

• bk: use OIDC to create AWS cloud resources

  #13790 opened May 5, 2025

• Add support of Vertex AI Audit Logs

  #13799 opened May 6, 2025

• [Falco] Fix Conflicting Field Types

  #13800 opened May 6, 2025

• Test elastic-package#2572 - DO NOT MERGE

  #13801 opened May 6, 2025

• [system][fsstat] - Add support for ignore_types

  #13802 opened May 6, 2025

• [cisco_ios] Improve hostname parsing

  #13816 opened May 7, 2025

• varonis: add pre-processor option to allow ingestion of non-conforman…

  #13822 opened May 7, 2025

• [Jamf Protect] Fix field type from `long` to `keyword` for process fields

  #13824 opened May 7, 2025

• mimecast: resolve field data type conflicts between data streams

  #13825 opened May 7, 2025

• [ti_anomali] Add support for proxy URL and SSL configuration parameters

  #13826 opened May 7, 2025

• [system] Add support for more event-ids in the security data stream

  #13828 opened May 7, 2025

• [Symantec Endpoint Security]Update test logs

  #13829 opened May 7, 2025

• Add new AWS Config datastream.

  #13830 opened May 7, 2025

• Test pr merge 13810

  #13831 opened May 7, 2025

• [CI] Do not use -q parameter together with git commands in pipe

  #13832 opened May 7, 2025

• crowdstrike: handle UTCTimestamp values in Unix seconds

  #13833 opened May 7, 2025

95 Issues closed by 27 people

• [O365 Metrics] Allow resource-specific configurations to be set via integration.

  #13072 closed May 8, 2025

• [tenable_ot_security] message field type conflicts with ECS

  #13594 closed May 8, 2025

• Due diligence ticket for clean up Aruba feature-branch integration before merging into `main`

  #12249 closed May 7, 2025

• [Google Workspace]: Add google meet event type

  #13512 closed May 7, 2025

• [LastPass] Update data collection after resolve request_body_on_pagination issue

  #4256 closed May 7, 2025

• [AWS] Network Firewall logs ingest pipeline duplicate field error

  #5071 closed May 7, 2025

• [Okta]: Incorrect filters in Okta Dashboard elements

  #13615 closed May 7, 2025

• beyondinsight_password_safe: improve error handling in agent collector programs

  #13794 closed May 6, 2025

• [fortinet_fortigate]: pipeline-error unable to parse URI error.message

  #11321 closed May 6, 2025

• Remove Deprecated "Collect Logs from third-party REST API" for 9.0

  #11767 closed May 6, 2025

• [Wiz Integration] - Doc update

  #11520 closed May 6, 2025

• Documentation changes for SSL nodes for integrations owned by security-service-integrations

  #12700 closed May 6, 2025

• [o365] multi-tenancy failing

  #1759 closed May 6, 2025

• [Crowdstrike]: Nav Panel Links do not work

  #13616 closed May 6, 2025

• [Cloudflare Logpush]: Wrong mapping on field cloudflare_logpush.http_request.bot.detection_tags

  #13477 closed May 6, 2025

• [Subscription basic] [opencanary] Failing test daily: pipeline test: test-events.log in opencanary.events

  #13503 closed May 6, 2025

• [New Integration] Add support for Aruba network device logs

  #5255 closed May 5, 2025

• [Sentinel One Cloud Funnel]: Cannot access field from null reference -- isStorylineRoot

  #13709 closed May 4, 2025

• [Google Workspace] Incorrect logic for paginating through out-of-order data

  #13081 closed May 4, 2025

• [symantec_endpoint_security] Comprehensive mapping updates for various SES events

  #13476 closed May 2, 2025

• [Azure Firewall]: Unable to config the integration via eck-stack chart

  #13430 closed May 2, 2025

• Support Healthwatch 2.2 in Cloud Foundry package

  #5056 closed May 1, 2025

• [ITF] Issues faced while running All On Cloud Use case for various integrations

  #8364 closed May 1, 2025

• New Integration Request: Admin By Request

  #10404 closed May 1, 2025

• [ITF][Couchbase][All On Cloud Use Case] Integration policy is not getting created while bringing up the integration

  #8380 closed May 1, 2025

• [BUG] Enable Request Tracer Defaults to null causing request tracing to be collected

  #13710 closed Apr 30, 2025

• [EA Active Directory 0.12.0]: Add support for ECS `user.group` fields

  #13511 closed Apr 30, 2025

• Incorrect Fields Leveraged for AWS RDS Dashboard

  #5117 closed Apr 30, 2025

• [ITF][Oracle WebLogic][All On Cloud Use Case] Facing data collection errors on bringing up the integration

  #8378 closed Apr 30, 2025

• [ITF][Cassandra][All On Cloud Use Case] Facing data collection errors on bringing up the integration

  #8363 closed Apr 30, 2025

• [azure_frontdoor] waf ingest pipeline does not parse correctly to ECS Fields

  #7017 closed Apr 30, 2025

• Qualys VMDR: Implement mappings for Cloud Security Workflows

  #13728 closed Apr 30, 2025

• [meta] Qualys VMDR: Enhancement to leverage cloud workflows

  #11673 closed Apr 30, 2025

• [Serverless observability] [qualys_vmdr] Failing test daily: pipeline test: test-asset-host-detection.log in qualys_vmdr.asset_host_detection

  #13282 closed Apr 30, 2025

• [Serverless security] [qualys_vmdr] Failing test daily: pipeline test: test-knowledge-base.log in qualys_vmdr.knowledge_base

  #13292 closed Apr 30, 2025

• [Serverless security] [qualys_vmdr] Failing test daily: pipeline test: test-asset-host-detection.log in qualys_vmdr.asset_host_detection

  #13291 closed Apr 30, 2025

• [Serverless observability] [qualys_vmdr] Failing test daily: pipeline test: test-knowledge-base.log in qualys_vmdr.knowledge_base

  #13281 closed Apr 30, 2025

• [Google Workspace]: Add support for Vault event type

  #13624 closed Apr 30, 2025

• [Microsoft M365 Defender]: ECS user.name field not always correctly populated

  #13514 closed Apr 30, 2025

• [mimecast] incorrect log type for siem data_stream

  #4764 closed Apr 29, 2025

• enhancement / suggestion: Allow the agent to access a local keystore and use that in the integration configs

  #244 closed Apr 29, 2025

• [Atlassian Jira]: Duplicate record pulls due to cursor not progressing

  #12988 closed Apr 28, 2025

• [aws] Improve documentation on using EC2 IAM Role directly

  #8359 closed Apr 28, 2025

• [Fortinet FortiGate Firewall Logs]: rcvddelta and sentdelta are keywords as opposed to integers

  #11433 closed Apr 28, 2025

• [Fortinet Fortigate Traffic]: Wrong calculation of network.bytes

  #10849 closed Apr 28, 2025

• [watchguard_firebox]: event.kind is pipeline_error when "msg_id=3000-0148" messages have as source port "0"

  #13103 closed Apr 28, 2025

• [watchguard_firebox]: Grok fails when hostname includes "_" character

  #13102 closed Apr 28, 2025

• Qualys VMDR: Implement transform for enhancing cloud security workflow

  #12718 closed Apr 28, 2025

• [servicenow]: User-supplied sysparm_query

  #13413 closed Apr 28, 2025

• [O11y][MongoDB] Add custom number formatting to visualizations

  #7116 closed Apr 27, 2025

• [windows.sysmon] Handle events without winlog.event_data

  #9580 closed Apr 25, 2025

• [sentinel_one_cloud_funnel]: missing process.parent field

  #13575 closed Apr 24, 2025

• [ded] source.bytes field declared as type double conflicts with the ECS data type long

  #13591 closed Apr 24, 2025

• [osquery.result]: incorrect ECS value type for `event.type` field

  #13600 closed Apr 24, 2025

• [teleport] Allow the user to decide which values should be set in `cloud.*` fields

  #12918 closed Apr 24, 2025

• [System] Update ECS version from 8.0 to the latest

  #8296 closed Apr 23, 2025

• [ESET PROTECT]: Syslog message prefix breaks event ingestion pipeline

  #13442 closed Apr 23, 2025

• [SentinelOne] Parse and Populate ECS `message` Field with Alert Titles

  #12564 closed Apr 23, 2025

• Atlassian Jira (cloud): Auditing API returns "invalid date"

  #4391 closed Apr 23, 2025

• Standardize Ingested Data for Response Actions

  #12563 closed Apr 23, 2025

• [HAProxy] Modify Ingest Pipeline to Handle Malformed URLs

  #12199 closed Apr 23, 2025

• Testing Phase I Integrations

  #11813 closed Apr 22, 2025

• [Google Workspace]: Add support for Chat event type

  #13462 closed Apr 22, 2025

• [GCP Audit Integration] gcp.audit.resource_name not extracted from k8s audit logs

  #6024 closed Apr 22, 2025

• Include took_millis field in the default ECS schema for ES Slow Logs

  #8283 closed Apr 21, 2025

• [aws]: Guardduty dashboard enhancements

  #13263 closed Apr 21, 2025

• PR Reviews

  #13623 closed Apr 21, 2025

• [abnormal_security] Add Support for Not Analyzed Messages in Abuse Mailbox

  #13000 closed Apr 16, 2025

• [Windows integration]: Windows Powershell dashboards are empty after upgrade to 2.0.0+

  #11404 closed Apr 16, 2025

• [O11y][Kubernetes] Update terms limit in `Succeeded Job Pods` visualization

  #8245 closed Apr 16, 2025

• [Nvidia GPU] New Integration for Nvidia GPU Monitoring

  #11930 closed Apr 15, 2025

• [Stack 8.19.0-SNAPSHOT] [aws] Failing test daily: system test: (elastic-agent logs - default) in aws.waf

  #13524 closed Apr 15, 2025

• Remove `event.duration` and `event.ingested` from metric events

  #4894 closed Apr 15, 2025

• [New Integration] BeyondTrust PRA

  #13267 closed Apr 15, 2025

• [O11y][Springboot] Missing metric_type in fields.yml file

  #7439 closed Apr 14, 2025

• [Cloud Defend]: Mark Cloud Defend/Defend for Containers as Deprecated

  #12350 closed Apr 14, 2025

• Add filters to all System dashboards

  #8219 closed Apr 13, 2025

• OpenVPN Integration (1. Cloud and 2. On-premise)

  #4570 closed Apr 13, 2025

• Link to event in Wiz system in Elastic Alert created from Wiz Agent integration

  #13459 closed Apr 13, 2025

• migrate `obs-cloud-monitoring` owned packages to `format_version: 3.0.0`

  #8187 closed Apr 13, 2025

• Reindexing steps for Non-TSDB enabled data streams for conflicting fields

  #7624 closed Apr 13, 2025

• Tomcat metrics - Support Prometheus JMX Agent 1.0.1

  #10189 closed Apr 12, 2025

• [Stack 8.19.0-SNAPSHOT] [aws] Failing test daily: system test: default in aws.route53_resolver_logs

  #13356 closed Apr 11, 2025

• [awsfirehose] Bulk request rejected with 413 Request Entity Too Large error

  #9396 closed Apr 11, 2025

• [Stack 9.1.0-SNAPSHOT] [juniper_netscreen] Failing test daily: system test: logfile in juniper_netscreen.log

  #12745 closed Apr 11, 2025

• [Stack 9.1.0-SNAPSHOT] [juniper_junos] Failing test daily: system test: logfile in juniper_junos.log

  #12744 closed Apr 11, 2025

• [Stack 9.1.0-SNAPSHOT] [enterprisesearch] Failing test daily: system test: default (variant: enterprisesearch_8.7.0) in enterprisesearch.stats

  #12930 closed Apr 11, 2025

• [Stack 9.1.0-SNAPSHOT] [enterprisesearch] Failing test daily: system test: default (variant: enterprisesearch_8.7.0) in enterprisesearch.health

  #12931 closed Apr 11, 2025

• [Sublime Security]: Update Agent Docs to include file_selectors

  #12039 closed Apr 10, 2025

• [auth0]: some events are marked as event.type: indicator, without filling any other indicator related fields

  #13262 closed Apr 10, 2025

• [Google Workspace]: Support calendar event type as a new data stream

  #13460 closed Apr 10, 2025

• [SentinelOne]: Processor convert with tag convert_agentIpV6_to_ip in pipeline logs-sentinel_one.threat-1.29.1 failed with message: '' is not an IP string literal.

  #13456 closed Apr 9, 2025

• [VMware vSphere]: Add Support for ESXi/vCenter version 8.0

  #13149 closed Apr 8, 2025

• Discussion for improving security rule: Abnormally Large DNS Response

  #8165 closed Apr 8, 2025

• [Abnormal Security]: Add support for vendor-cases from API

  #11473 closed Apr 8, 2025

135 Issues opened by 40 people

• [Stack 9.1.0-SNAPSHOT] [nats] Failing test daily: system test: default (variant: v2) in nats.connection

  #13821 opened May 7, 2025

• [Stack 9.1.0-SNAPSHOT] [nats] Failing test daily: system test: default (variant: v1) in nats.connection

  #13820 opened May 7, 2025

• [Stack 9.1.0-SNAPSHOT] [nats] Failing test daily: system test: default (variant: v2) in nats.stats

  #13819 opened May 7, 2025

• [Stack 9.1.0-SNAPSHOT] [nats] Failing test daily: system test: default (variant: v1) in nats.stats

  #13818 opened May 7, 2025

• [Stack 9.1.0-SNAPSHOT] [crowdstrike] Failing test daily: system test: (elastic-agent logs - default) in crowdstrike.fdr

  #13817 opened May 7, 2025

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [cassandra] Failing test daily: system test: default (variant: v3.11.11) in cassandra.log

  #13811 opened May 7, 2025

• [LogsDB] [Subscription basic] [mysql] Failing test daily: system test: default (variant: percona_8_0_36) in mysql.status

  #13798 opened May 6, 2025

• [Stack 9.1.0-SNAPSHOT] [hpe_aruba_cx] Failing test daily: system test: filestream in hpe_aruba_cx.log

  #13797 opened May 6, 2025

• [Cisco Duo]: receiving error messages for Auth Logs

  #13793 opened May 5, 2025

• [Feature Request] SAP integrations

  #13788 opened May 5, 2025

• [Feature Request] Cisco Catalyst Center (DNA Center) Integration

  #13787 opened May 5, 2025

• [linux]: Linux Metrics Pageinfo can throw `illegal_argument_exception`

  #13785 opened May 5, 2025

• [Infoblox NIOS]: error.message Processor 'convert' with tag '' in pipeline logs-infoblox_nios.log-1.29.0-pipeline_audit failed with message ''2001\1234\1234\1234\1235\1234' is not an IP string literal.'

  #13782 opened May 5, 2025

• [Stack 9.1.0-SNAPSHOT] [aws] Failing test daily: system test: (elastic-agent logs - default) in aws.vpcflow

  #13778 opened May 5, 2025

• Rapid7 InsightVM: Implement transform for Cloud Security Workflows

  #13776 opened May 4, 2025

• Rapid7 Insight VM: Implement mappings for Cloud Security Workflows

  #13775 opened May 4, 2025

• [Subscription basic] [mysql] Failing test daily: system test: default (variant: percona_8_0_36) in mysql.performance

  #13774 opened May 4, 2025

• [LogsDB] [Subscription basic] [mysql] Failing test daily: system test: default (variant: percona_8_0_36) in mysql.replica_status

  #13773 opened May 4, 2025

• [LogsDB] [Subscription basic] [mysql] Failing test daily: system test: default (variant: mysql_8_0_35) in mysql.replica_status

  #13772 opened May 4, 2025

• [LogsDB] [Subscription basic] [apache_tomcat] Failing test daily: system test: default (variant: v10.1.5) in apache_tomcat.catalina

  #13771 opened May 4, 2025

• [Stack 8.19.0-SNAPSHOT] [network_traffic] Failing test daily: system test: dns-mx in network_traffic.dns

  #13770 opened May 4, 2025

• [Varonis]: Ingest Pipeline Error

  #13764 opened May 2, 2025

• [LogsDB] [Subscription basic] [mysql] Failing test daily: system test: default (variant: mysql_8_0_35) in mysql.performance

  #13758 opened May 2, 2025

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [aws] Failing test daily: system test: default in aws.s3access

  #13757 opened May 2, 2025

• [FireEye Network Security]: ECS Fields Missing

  #13756 opened May 2, 2025

• [Zscaler Private Access]: audit data stream does not tolerate remoteIP lists

  #13754 opened May 1, 2025

• [Prometheus]: Add username, password and SSL related fields for `query` dataset

  #13751 opened May 1, 2025

• [keycloak]: Change Keycloak ingest pipeline to support ECS log support from v26.2.0

  #13749 opened May 1, 2025

• [Microsoft M365 Defender]: Events failing to parse due to index mappings since upgrade to v2.23.0

  #13739 opened Apr 30, 2025

• [pfsense] Parsing errors when rule action is Match

  #13738 opened Apr 30, 2025

• [Cisco DUO]: Add proxy setting for API v1 and v2

  #13730 opened Apr 30, 2025

• [Azure Frontdoor]: Add support for health probe log

  #13729 opened Apr 30, 2025

• [Subscription basic] [mysql] Failing test daily: system test: default (variant: percona_8_0_36) in mysql.replica_status

  #13726 opened Apr 30, 2025

• [Subscription basic] [apache_spark] Failing test daily: system test: metric (variant: v3.2.0) in apache_spark.executor

  #13725 opened Apr 30, 2025

• [LogsDB] [Subscription basic] [couchdb] Failing test daily: system test: metric in couchdb.server

  #13724 opened Apr 30, 2025

• [Stack 8.19.0-SNAPSHOT] [zeek] Failing test daily: system test: splunk in zeek.dhcp

  #13722 opened Apr 30, 2025

• [CrowdStrike]: Processing of different events can lead to identical `_id`s

  #13720 opened Apr 29, 2025

• [elastic_agent] Fix Logs Ingest in Agent Metrics dashboard

  #13716 opened Apr 29, 2025

• Input type package for the MQTT input

  #13715 opened Apr 29, 2025

• SSI Integration: Missing Dashboard

  #13702 opened Apr 28, 2025

• [Stack 8.19.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: mysql_8_0_35) in mysql.error

  #13701 opened Apr 28, 2025

• [Stack 8.19.0-SNAPSHOT] [couchbase] Failing test daily: system test: default (variant: v7.1.0) in couchbase.miscellaneous

  #13700 opened Apr 28, 2025

• [Stack 8.19.0-SNAPSHOT] [cisco_umbrella] Failing test daily: system test: default in cisco_umbrella.log

  #13699 opened Apr 28, 2025

• [LogsDB] [Subscription basic] [apache_spark] Failing test daily: system test: metric (variant: v3.2.0) in apache_spark.executor

  #13697 opened Apr 27, 2025

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [symantec_endpoint_security] Failing test daily: system test: (elastic-agent logs - default) in symantec_endpoint_security.event

  #13696 opened Apr 27, 2025

• [ GCP ] The field gcp.audit.authorization_info in the Audit Logs is mapped as nested, but should be mapped as flattened

  #13695 opened Apr 27, 2025

• [Subscription basic] [kafka_log] Failing test daily: system test: kafka in kafka_log.generic

  #13694 opened Apr 26, 2025

• [Stack 9.1.0-SNAPSHOT] [trellix_edr_cloud] Failing test daily: system test: (elastic-agent logs - default) in trellix_edr_cloud.event

  #13693 opened Apr 26, 2025

• [ Azure Logs ] Wrong mapping in the Activity Logs data set result in ignored fields and poor data set quality

  #13692 opened Apr 26, 2025

• [Cisco FTD]: Event 313005 grok error for "<unknown>" input.type

  #13691 opened Apr 25, 2025

• [O11y][PostgreSQL] Limited timezone support in script

  #13682 opened Apr 25, 2025

• [LogsDB] [Subscription basic] [aws] Failing test daily: system test: default in aws.ec2_logs

  #13678 opened Apr 25, 2025

• [Subscription basic] [imperva_cloud_waf] Failing test daily: system test: default in imperva_cloud_waf.event

  #13677 opened Apr 25, 2025

• [Salesforce]: Add support for http timeout

  #13673 opened Apr 24, 2025

• [Kubernetes]: Overview dashboard visualizations break if Elasticsearch node does not have "remote_cluster_client" role.

  #13672 opened Apr 24, 2025

• [File Integrity Monitoring]: Provide more specific actions

  #13669 opened Apr 24, 2025

• [LogsDB] [Subscription basic] [mysql] Failing test daily: system test: default (variant: mysql_8_0_35) in mysql.galera_status

  #13661 opened Apr 24, 2025

• [LogsDB] [Subscription basic] [couchbase] Failing test daily: system test: default (variant: v7.1.0) in couchbase.cbl_replication

  #13660 opened Apr 24, 2025

• [Subscription basic] [mysql] Failing test daily: system test: default (variant: mysql_8_0_35) in mysql.error

  #13659 opened Apr 24, 2025

• [Subscription basic] [aws] Failing test daily: system test: default in aws.redshift

  #13658 opened Apr 24, 2025

• [Stack 8.19.0-SNAPSHOT] [o365_metrics] Failing test daily: system test: default in o365_metrics.entra_id_users

  #13656 opened Apr 24, 2025

• [Postgresql] Add support for all timezones in logs datastream

  #13651 opened Apr 23, 2025

• [Microsoft Office 365 Metrics]: Service Health input is bugged

  #13650 opened Apr 23, 2025

• [meta][CDR] Update Rapid7 integration to Leverage Native CDR Workflows

  #13647 opened Apr 23, 2025

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [aws] Failing test daily: system test: default in aws.cloudtrail

  #13645 opened Apr 23, 2025

• [System]: "Seek" and "since" configurations of Journald input should be exposed

  #13635 opened Apr 22, 2025

• [Stack 8.19.0-SNAPSHOT] [couchbase] Failing test daily: system test: default (variant: v7.1.0) in couchbase.cbl_replication

  #13632 opened Apr 22, 2025

• [Serverless] Integration dashboards that use `#/dashboard` link structure result in 404's

  #13630 opened Apr 21, 2025

• [auditd]: Ingest Pipeline errors on initialization logs

  #13629 opened Apr 21, 2025

• [Subscription basic] [mysql] Failing test daily: system test: default (variant: percona_8_0_36) in mysql.status

  #13620 opened Apr 21, 2025

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [couchdb] Failing test daily: system test: metric in couchdb.server

  #13619 opened Apr 21, 2025

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [aws] Failing test daily: system test: default in aws.apigateway_logs

  #13618 opened Apr 21, 2025

• [Amazon S3]: Grok Parsing Error with Valid S3 Object Key Characters

  #13617 opened Apr 20, 2025

• [Subscription basic] [system] Failing test daily: system test: default in system.process

  #13614 opened Apr 20, 2025

• [Stack 9.1.0-SNAPSHOT] [couchbase] Failing test daily: system test: default (variant: v7.1.0) in couchbase.miscellaneous

  #13613 opened Apr 20, 2025

• [Stack 9.1.0-SNAPSHOT] [couchbase] Failing test daily: system test: default (variant: v7.1.0) in couchbase.xdcr

  #13612 opened Apr 20, 2025

• [Stack 9.1.0-SNAPSHOT] [couchbase] Failing test daily: system test: default (variant: v7.1.0) in couchbase.resource

  #13611 opened Apr 20, 2025

• [Stack 9.1.0-SNAPSHOT] [couchbase] Failing test daily: system test: default (variant: v7.1.0) in couchbase.query_index

  #13610 opened Apr 20, 2025

• [Stack 9.1.0-SNAPSHOT] [couchbase] Failing test daily: system test: default (variant: v7.1.0) in couchbase.node

  #13609 opened Apr 20, 2025

• [Stack 9.1.0-SNAPSHOT] [couchbase] Failing test daily: system test: default (variant: v7.1.0) in couchbase.database_stats

  #13608 opened Apr 20, 2025

• [Stack 9.1.0-SNAPSHOT] [couchbase] Failing test daily: system test: default (variant: v7.1.0) in couchbase.cluster

  #13607 opened Apr 20, 2025

• [Stack 8.19.0-SNAPSHOT] [aws] Failing test daily: system test: (elastic-agent logs - default) in aws.emr_logs

  #13606 opened Apr 20, 2025

• [LogsDB] [Subscription basic] [mysql] Failing test daily: system test: default (variant: mysql_8_0_35) in mysql.status

  #13605 opened Apr 19, 2025

• [LogsDB] [Subscription basic] [canva] Failing test daily: system test: default in canva.audit

  #13604 opened Apr 19, 2025

• [LogsDB] [Subscription basic] [aws] Failing test daily: system test: default in aws.emr_logs

  #13603 opened Apr 19, 2025

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [aws] Failing test daily: system test: (elastic-agent logs - default) in aws.cloudfront_logs

  #13602 opened Apr 19, 2025

• [Stack 8.19.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: percona_8_0_36) in mysql.status

  #13599 opened Apr 18, 2025

• [Cloudflare Logpush]: The field cloudflare_logpush.http_request.client.ssl.cipher has the wrong mapping

  #13596 opened Apr 17, 2025

• [tenable_io] vulnerability.description field type conflicts with ECS

  #13593 opened Apr 17, 2025

• [jamf_protect] process field types conflict with ECS

  #13592 opened Apr 17, 2025

• [falco] Conflicting field definitions (scalar fields with children)

  #13590 opened Apr 17, 2025

• [mimecast] Field data type conflicts between data streams

  #13586 opened Apr 17, 2025

• [ti_anomali] Field data type conflicts between data streams

  #13585 opened Apr 17, 2025

• [tychon] Field type conflicts between data streams

  #13584 opened Apr 17, 2025

• [VMware vSphere]: Field type conflict with System package

  #13580 opened Apr 17, 2025

• [Subscription basic] [mysql] Failing test daily: system test: default (variant: percona_8_0_36) in mysql.error

  #13579 opened Apr 17, 2025

• [Custom API / httpjson]: Chain input not functional, template error?

  #13572 opened Apr 16, 2025

• [qualys_was] Additional Datastream - web applications

  #13570 opened Apr 16, 2025

• [Qualys WAS] Vulnerability datastream

  #13569 opened Apr 16, 2025

• [Network Package Capture]: event.action ECS Fields missing

  #13566 opened Apr 16, 2025

• [gitlab]: Do not include the "forwarded" tag in the defaults

  #13564 opened Apr 16, 2025

• [Subscription basic] [mysql] Failing test daily: system test: default (variant: mysql_8_0_35) in mysql.performance

  #13563 opened Apr 16, 2025

• [Subscription basic] [mysql] Failing test daily: system test: default (variant: percona_8_0_36) in mysql.galera_status

  #13562 opened Apr 16, 2025

• [Subscription basic] [fortinet_forticlient] Failing test daily: system test: udp in fortinet_forticlient.log

  #13561 opened Apr 16, 2025

• [LogsDB] [Subscription basic] [mysql] Failing test daily: system test: default (variant: percona_8_0_36) in mysql.error

  #13560 opened Apr 16, 2025

• [LogsDB] [Subscription basic] [mysql] Failing test daily: system test: default (variant: percona_8_0_36) in mysql.slowlog

  #13559 opened Apr 16, 2025

• [Stack 9.1.0-SNAPSHOT] [teleport] Failing test daily: system test: filestream in teleport.audit

  #13556 opened Apr 16, 2025

• [Stack 8.19.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: percona_8_0_36) in mysql.performance

  #13555 opened Apr 16, 2025

• Exact build version is not emitted for some builds

  #13553 opened Apr 16, 2025

• [Subscription basic] [mysql] Failing test daily: system test: default (variant: mysql_8_0_35) in mysql.replica_status

  #13544 opened Apr 15, 2025

• [Subscription basic] [apache_tomcat] Failing test daily: system test: default (variant: v10.1.5) in apache_tomcat.catalina

  #13543 opened Apr 15, 2025

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [network_traffic] Failing test daily: system test: nfs4-close in network_traffic.nfs

  #13539 opened Apr 15, 2025

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: mysql_8_0_35) in mysql.error

  #13538 opened Apr 15, 2025

• Add comment in the README for non-deprecated integrations that are not supported in serverless

  #13536 opened Apr 14, 2025

• [AWS S3 Custom Logs]: Convert/Add an Input variant of Custom AWS Logs

  #13535 opened Apr 14, 2025

• [LogsDB] [Subscription basic] [system] Failing test daily: system test: default in system.process

  #13531 opened Apr 14, 2025

• [LogsDB] [Subscription basic] [mysql] Failing test daily: system test: default (variant: percona_8_0_36) in mysql.galera_status

  #13530 opened Apr 14, 2025

• [LogsDB] [Subscription basic] [mysql] Failing test daily: system test: default (variant: mysql_8_0_35) in mysql.error

  #13529 opened Apr 14, 2025

• [imperva_cloud_waf]: unable to update agent policy

  #13528 opened Apr 14, 2025

• [Subscription basic] [mysql] Failing test daily: system test: default (variant: mysql_8_0_35) in mysql.galera_status

  #13527 opened Apr 13, 2025

• [Stack 9.1.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: mysql_8_0_35) in mysql.slowlog

  #13526 opened Apr 13, 2025

• [Stack 8.19.0-SNAPSHOT] [kafka_log] Failing test daily: system test: kafka in kafka_log.generic

  #13525 opened Apr 13, 2025

• [LogsDB] [Subscription basic] [mysql] Failing test daily: system test: default (variant: mysql_8_0_35) in mysql.slowlog

  #13516 opened Apr 12, 2025

• [CNVM]: CloudFormation template to support AWS accounts without default VPC

  #13507 opened Apr 11, 2025

• [LogsDB] [Subscription basic] [opencanary] Failing test daily: pipeline test: test-events.log in opencanary.events

  #13505 opened Apr 11, 2025

• [LogsDB] [Subscription basic] [mysql] Failing test daily: system test: default (variant: percona_8_0_36) in mysql.performance

  #13504 opened Apr 11, 2025

• [Subscription basic] [auditd_manager] Failing test daily: system test: default in auditd_manager.auditd

  #13502 opened Apr 11, 2025

• [Stack 9.1.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: percona_8_0_36) in mysql.status

  #13501 opened Apr 11, 2025

• [Cloudtrail] flattened fields response_elements, response_elements, additional_eventdata increase storage

  #13500 opened Apr 10, 2025

• [Kafka] Upgrade compatibility version of logs datastream to 3.6.0

  #13496 opened Apr 10, 2025

• [ESS Billing]: ecu rate field

  #13493 opened Apr 10, 2025

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [apache_spark] Failing test daily: system test: metric (variant: v3.2.0) in apache_spark.executor

  #13490 opened Apr 10, 2025

• [Stack 8.19.0-SNAPSHOT] [zeek] Failing test daily: system test: splunk in zeek.dns

  #13489 opened Apr 10, 2025

• cancel

  #13482 opened Apr 9, 2025

• RabbitMQ Logs and Metrics Integration: Specify ssl.certificate_authorities settings should be available in integrations settings

  #13457 opened Apr 8, 2025

209 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• [Armis] Initial release of the armis

  #13429 commented on May 5, 2025 • 31 new comments

• [claroty_xdome] Initial release of Claroty xDome

  #13388 commented on Apr 23, 2025 • 29 new comments

• [Google Threat Intelligence] Add Integration Package

  #13189 commented on May 4, 2025 • 19 new comments

• Enhancement: Add beelzebub integration, resolve #12910

  #12914 commented on May 8, 2025 • 14 new comments

• OTel Metrics for Docker Stats

  #13018 commented on May 5, 2025 • 10 new comments

• [Enhancement] Tenable sc vulnerability mitigated added as new datastream

  #13301 commented on Apr 10, 2025 • 8 new comments

• [AWS] Cloudtrail - Handle TLS version placeholder

  #13345 commented on Apr 29, 2025 • 7 new comments

• [integration/system] add use_performance_counters in system integration

  #13150 commented on May 7, 2025 • 4 new comments

• Add custom configuration to nginx/metrics

  #12865 commented on Apr 29, 2025 • 1 new comment

• apm: Add integration policy variable `tail_sampling_ttl` to configure `apm-server.sampling.tail.ttl`

  #13348 commented on Apr 8, 2025 • 1 new comment

• [Falco] Split datastream based on CNCF or agent-based ingest type

  #12896 commented on May 6, 2025 • 1 new comment

• [Stack 8.19.0-SNAPSHOT] [google_workspace] Failing test daily: system test: default in google_workspace.saml

  #12978 commented on May 7, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [bitwarden] Failing test daily: pipeline test: test-policy.log in bitwarden.policy

  #13225 commented on May 7, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [box_events] Failing test daily: pipeline test: test-suspicious-locations.log in box_events.events

  #13228 commented on May 7, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [box_events] Failing test daily: pipeline test: test-suspicious-sessions.log in box_events.events

  #13229 commented on May 7, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [ti_misp] Failing test daily: pipeline test: test-misp-attributes-ndjson.log in ti_misp.threat

  #13223 commented on May 7, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [ti_misp] Failing test daily: pipeline test: test-misp-sample-ndjson.log in ti_misp.threat

  #13224 commented on May 7, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [ti_misp] Failing test daily: pipeline test: test-misp-attributes-ndjson.log in ti_misp.threat

  #13233 commented on May 7, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [ti_misp] Failing test daily: pipeline test: test-misp-sample-ndjson.log in ti_misp.threat

  #13234 commented on May 7, 2025 • 0 new comments

• Bug: MISP elastic-agent integration don't get any logs in Kibana discover view

  #5684 commented on May 7, 2025 • 0 new comments

• ssi: add support for request trace deletion

  #13002 commented on Apr 8, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [aws] Failing test daily: system test: default in aws.route53_resolver_logs

  #12980 commented on May 7, 2025 • 0 new comments

• [Office365] Populate ECS `message` Field with Alert Titles for DLP Exchange Alerts

  #12598 commented on May 7, 2025 • 0 new comments

• [Azure]: Standardize Azure field names across all integrations

  #13369 commented on May 7, 2025 • 0 new comments

• [Office365] Populate ECS `message` Field with Alert Titles from SecurityComplianceAlerts

  #12596 commented on May 7, 2025 • 0 new comments

• [Azure Logs]: AzureFirewallNetworkRuleLog - Provided Grok expressions do not match field value

  #13096 commented on May 7, 2025 • 0 new comments

• [SentinelOne]: Activities by OS Family visualization is unpopulated

  #12902 commented on May 7, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [ti_misp] Failing test daily: pipeline test: test-misp-sample-ndjson.log in ti_misp.threat

  #13220 commented on May 7, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [ti_misp] Failing test daily: pipeline test: test-misp-attributes-ndjson.log in ti_misp.threat

  #13218 commented on May 7, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [cisco_umbrella] Failing test daily: system test: default in cisco_umbrella.log

  #13004 commented on May 7, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [symantec_endpoint_security] Failing test daily: system test: default in symantec_endpoint_security.event

  #13381 commented on May 7, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [qualys_vmdr] Failing test daily: pipeline test: test-asset-host-detection.log in qualys_vmdr.asset_host_detection

  #13231 commented on May 7, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [github] Failing test daily: pipeline test: test-github-issues-json.log in github.issues

  #13230 commented on May 7, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [qualys_vmdr] Failing test daily: pipeline test: test-knowledge-base.log in qualys_vmdr.knowledge_base

  #13222 commented on May 7, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [qualys_vmdr] Failing test daily: pipeline test: test-asset-host-detection.log in qualys_vmdr.asset_host_detection

  #13221 commented on May 7, 2025 • 0 new comments

• ti_threatconnect: revise pagination and cursor logic in agent config

  #13336 commented on May 6, 2025 • 0 new comments

• [opencanary]: Various bug fixes / enhancements

  #13025 commented on May 6, 2025 • 0 new comments

• [entityanalytics_ad.user]: Unable to select OU other then Users

  #13055 commented on May 6, 2025 • 0 new comments

• [entityanalytics_ad]: Support to Computer Object Collection

  #13176 commented on May 6, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [box_events] Failing test daily: pipeline test: test-suspicious-locations.log in box_events.events

  #13214 commented on May 6, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [box_events] Failing test daily: pipeline test: test-malicious-content.log in box_events.events

  #13212 commented on May 6, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [box_events] Failing test daily: pipeline test: test-suspicious-sessions.log in box_events.events

  #13211 commented on May 6, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [box_events] Failing test daily: pipeline test: test-anomalous-download.log in box_events.events

  #13210 commented on May 6, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [box_events] Failing test daily: pipeline test: test-suspicious-locations.log in box_events.events

  #13209 commented on May 6, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [box_events] Failing test daily: pipeline test: test-malicious-content.log in box_events.events

  #13207 commented on May 6, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [box_events] Failing test daily: pipeline test: test-anomalous-download.log in box_events.events

  #13206 commented on May 6, 2025 • 0 new comments

• Use 'terminate' processor instead of 'fail'

  #12083 commented on May 6, 2025 • 0 new comments

• [USN Journal]: Ingest and parse USN journal file

  #13154 commented on May 6, 2025 • 0 new comments

• [TI Recorded Future] Request gzip compressed CSV

  #6011 commented on May 6, 2025 • 0 new comments

• Ensure Consistency Across Ingested Data for Analyzer Development

  #12562 commented on May 6, 2025 • 0 new comments

• Change Rapid7 InsightVM integration to one doc per vulnerability

  #9354 commented on May 6, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: percona_8_0_36) in mysql.galera_status

  #13030 commented on May 7, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [sql_input] Failing test daily: system test: mssql in sql_input.

  #13113 commented on May 7, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: mysql_8_0_35) in mysql.status

  #13005 commented on May 7, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [sql_input] Failing test daily: system test: mssql in sql_input.

  #13128 commented on May 7, 2025 • 0 new comments

• [entityanalytics_ad]: Include computers in AD query

  #12950 commented on May 7, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [qualys_vmdr] Failing test daily: pipeline test: test-knowledge-base.log in qualys_vmdr.knowledge_base

  #13232 commented on May 7, 2025 • 0 new comments

• Add username fields to CrowdStrike FDR

  #10661 commented on May 7, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [github] Failing test daily: pipeline test: test-github-issues-json.log in github.issues

  #13219 commented on May 7, 2025 • 0 new comments

• Security ai prompts

  #12721 commented on May 7, 2025 • 0 new comments

• [Windows] Add custom conditions support for Perfmon

  #12830 commented on Apr 23, 2025 • 0 new comments

• Update manifest.yml

  #12843 commented on Apr 12, 2025 • 0 new comments

• feat: [prometheus_input] add support for leader election and condition

  #12876 commented on Apr 23, 2025 • 0 new comments

• Migrate filestream package to input type

  #12878 commented on Apr 24, 2025 • 0 new comments

• feat: [apache_tomcat] add support for condition

  #12879 commented on Apr 16, 2025 • 0 new comments

• feat: [mysql] add support for condition

  #12881 commented on Apr 16, 2025 • 0 new comments

• Initial commit of osquery_manager browser query pack

  #12898 commented on Apr 12, 2025 • 0 new comments

• crowdstrike: implement enhanced field mapping logic

  #12913 commented on May 7, 2025 • 0 new comments

• OpenCanary update, resolves multiple issues

  #13026 commented on Apr 19, 2025 • 0 new comments

• Update `fim` Kibana constraint integration to support to 9.0

  #13106 commented on Apr 20, 2025 • 0 new comments

• Update: Add proxy setting input for anomali's package

  #13115 commented on Apr 25, 2025 • 0 new comments

• [do not merge]

  #13156 commented on Apr 17, 2025 • 0 new comments

• [Google Threat Intelligence] Add linux, malicious_network_infrastructure, malware, mobile and osx data streams

  #13190 commented on Apr 15, 2025 • 0 new comments

• [Google Threat Intelligence] Add phishing, ransomware, threat_actor, trending and vulnerability_weaponization data streams

  #13236 commented on May 8, 2025 • 0 new comments

• [Faitour] Initial Push of Beta Integration

  #13304 commented on Apr 25, 2025 • 0 new comments

• fix(azure): fix dashboard link

  #13313 commented on Apr 25, 2025 • 0 new comments

• Aws-s3-bulkfix-2

  #13318 commented on Apr 25, 2025 • 0 new comments

• fix(azure_fw): add regexp to grok

  #13402 commented on May 2, 2025 • 0 new comments

• Enable fleet management of APM Server with serverless

  #13412 commented on Apr 15, 2025 • 0 new comments

• Logstash fix health report conditional cel logic

  #13416 commented on May 4, 2025 • 0 new comments

• [AWS] Update README - EC2 Instance IAM Role for AWS Authentication

  #13434 commented on May 7, 2025 • 0 new comments

• [Google Threat Intelligence] Add IOC Stream data stream

  #13449 commented on May 7, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [qualys_vmdr] Failing test daily: pipeline test: test-asset-host-detection.log in qualys_vmdr.asset_host_detection

  #13217 commented on May 7, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [qualys_vmdr] Failing test daily: pipeline test: test-knowledge-base.log in qualys_vmdr.knowledge_base

  #13215 commented on May 7, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [github] Failing test daily: pipeline test: test-github-issues-json.log in github.issues

  #13213 commented on May 7, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [bitwarden] Failing test daily: pipeline test: test-policy.log in bitwarden.policy

  #13208 commented on May 7, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [bitwarden] Failing test daily: pipeline test: test-policy.log in bitwarden.policy

  #13205 commented on May 7, 2025 • 0 new comments

• [Google Workspace] Support All Event Types

  #4722 commented on May 7, 2025 • 0 new comments

• [Juniper SRX] Documentation improvement needed

  #11807 commented on May 7, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [system] Failing test daily: system test: journald in system.auth

  #12765 commented on May 8, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [system] Failing test daily: system test: journald in system.auth

  #12763 commented on May 8, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [system] Failing test daily: system test: default in system.process

  #13091 commented on May 8, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: mysql_8_0_35) in mysql.error

  #13384 commented on May 8, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: percona_8_0_36) in mysql.error

  #13419 commented on May 8, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [sql_input] Failing test daily: system test: mssql in sql_input.

  #13027 commented on May 8, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [system] Failing test daily: system test: journald in system.auth

  #12785 commented on May 8, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [cisco_umbrella] Failing test daily: system test: default in cisco_umbrella.log

  #13432 commented on May 8, 2025 • 0 new comments

• Update description of Kafka protocol version to mention required value for Kafka 4.0

  #11655 commented on May 2, 2025 • 0 new comments

• POC - add a random log generator for arista_ngfw

  #12137 commented on Apr 12, 2025 • 0 new comments

• Update sec-linux-platform integrations to ECS 8.17

  #12299 commented on Apr 12, 2025 • 0 new comments

• fixed build README to generate

  #12461 commented on May 2, 2025 • 0 new comments

• Switch container logs input to /var/log/pod/* path

  #12500 commented on Apr 12, 2025 • 0 new comments

• [rubrik] Move templating in CEL state

  #12615 commented on Apr 8, 2025 • 0 new comments

• [windows_etw] Make etw input package GA

  #12638 commented on Apr 20, 2025 • 0 new comments

• Inital PR for WMI Input Package

  #12654 commented on Apr 12, 2025 • 0 new comments

• Prometheus integration not scraping summary metrics

  #9265 commented on Apr 14, 2025 • 0 new comments

• [AWS] Add support for external_id config parameter

  #11419 commented on Apr 14, 2025 • 0 new comments

• [Fortinet Fortigate] Split current dataset into multiple datasets

  #12606 commented on Apr 14, 2025 • 0 new comments

• [Custom API]: Ability to provide custom headers

  #13191 commented on Apr 15, 2025 • 0 new comments

• Qualys Web application Scanning (qualys_was) Integration Release Checklist

  #13395 commented on Apr 15, 2025 • 0 new comments

• Add support for redis 7 in the redis integration

  #10199 commented on Apr 15, 2025 • 0 new comments

• [Elasticsearch] Ingest/Storage dashboards only show hot data

  #9476 commented on Apr 15, 2025 • 0 new comments

• [Logsdb] Strategy to enable logsdb it on stateful & documentation

  #12298 commented on Apr 15, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: percona_8_0_36) in mysql.replica_status

  #12979 commented on Apr 16, 2025 • 0 new comments

• [Oracle] Add Resource limit datastream

  #9603 commented on Apr 16, 2025 • 0 new comments

• [Springboot] Provide support of Springboot v3.1.5

  #8318 commented on Apr 16, 2025 • 0 new comments

• [Crowdstrike FDR] Scale host metadata enrichment

  #12822 commented on Apr 16, 2025 • 0 new comments

• [meta][tanium] Improve setup and mappings, or switch data source

  #12069 commented on Apr 16, 2025 • 0 new comments

• [azure_metrics] container_instance declares the same field as both float and alias

  #7713 commented on Apr 16, 2025 • 0 new comments

• [Kubernetes]: API Server Request Counters change depending on which API server pod handled the request

  #13159 commented on Apr 17, 2025 • 0 new comments

• [Trend Micro Vision One] Adding support for Datalake Pipeline

  #10192 commented on Apr 17, 2025 • 0 new comments

• [Kubernetes Integration] Kubernetes pod Dashboard should derivative for Network usage

  #9613 commented on Apr 17, 2025 • 0 new comments

• [Kubernetes Integration] Cronjobs dates should be displayed in a human-friendly format not in Unix Epoch

  #9614 commented on Apr 17, 2025 • 0 new comments

• [Kubernetes Integration] Replicas per deployment/daemonset enhancements

  #9617 commented on Apr 17, 2025 • 0 new comments

• [Feature Request] PowerShell Integration

  #9636 commented on Apr 17, 2025 • 0 new comments

• [Kubernetes Integration] Proxy Graph show latency in the given frame rather during the whole lifetime

  #9646 commented on Apr 18, 2025 • 0 new comments

• Add support for PostgreSQL Audit Extension logs

  #5247 commented on Apr 18, 2025 • 0 new comments

• New OpenShift Integration?

  #9648 commented on Apr 18, 2025 • 0 new comments

• Introduce Bastion Wallix Integration

  #9647 commented on Apr 18, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: percona_8_0_36) in mysql.status

  #13052 commented on Apr 21, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: mysql_8_0_35) in mysql.replica_status

  #13357 commented on Apr 22, 2025 • 0 new comments

• [Microsoft DNS Server] Map keywords output field to human-readable format

  #13438 commented on Apr 9, 2025 • 0 new comments

• [O11Y] [Nginx Ingress Controller] Make visualization title consistent.

  #8127 commented on Apr 9, 2025 • 0 new comments

• Palo Alto Cortex XDR Event Forwarding

  #13268 commented on Apr 9, 2025 • 0 new comments

• ssi: system test coverage for integrations

  #13453 commented on Apr 9, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [zeek] Failing test daily: system test: logs in zeek.dns

  #13407 commented on Apr 10, 2025 • 0 new comments

• [meta] Improve windows fleet experience

  #13075 commented on Apr 10, 2025 • 0 new comments

• [meta] Upgrade integrations to ECS 8.17

  #11952 commented on Apr 10, 2025 • 0 new comments

• [Feature Request] Add `condition` field to `Custom Filestream Logs` integration in Kibana

  #7311 commented on Apr 10, 2025 • 0 new comments

• Integration for CloudFoundry

  #3524 commented on Apr 12, 2025 • 0 new comments

• Remove event.original removal processors from ingest pipelines

  #10072 commented on Apr 12, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: percona_8_0_36) in mysql.slowlog

  #13135 commented on Apr 13, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: mysql_8_0_35) in mysql.status

  #12981 commented on Apr 13, 2025 • 0 new comments

• [Serverless security] [bitwarden] Failing test daily: pipeline test: test-policy.log in bitwarden.policy

  #13285 commented on Apr 14, 2025 • 0 new comments

• [Serverless security] [box_events] Failing test daily: pipeline test: test-anomalous-download.log in box_events.events

  #13286 commented on Apr 14, 2025 • 0 new comments

• [Serverless security] [box_events] Failing test daily: pipeline test: test-malicious-content.log in box_events.events

  #13287 commented on Apr 14, 2025 • 0 new comments

• [Serverless security] [box_events] Failing test daily: pipeline test: test-suspicious-locations.log in box_events.events

  #13288 commented on Apr 14, 2025 • 0 new comments

• [Serverless security] [box_events] Failing test daily: pipeline test: test-suspicious-sessions.log in box_events.events

  #13289 commented on Apr 14, 2025 • 0 new comments

• [Serverless security] [github] Failing test daily: pipeline test: test-github-issues-json.log in github.issues

  #13290 commented on Apr 14, 2025 • 0 new comments

• [Serverless observability] [bitwarden] Failing test daily: pipeline test: test-policy.log in bitwarden.policy

  #13275 commented on Apr 14, 2025 • 0 new comments

• [Serverless observability] [box_events] Failing test daily: pipeline test: test-anomalous-download.log in box_events.events

  #13276 commented on Apr 14, 2025 • 0 new comments

• [Serverless observability] [box_events] Failing test daily: pipeline test: test-malicious-content.log in box_events.events

  #13277 commented on Apr 14, 2025 • 0 new comments

• [Serverless observability] [box_events] Failing test daily: pipeline test: test-suspicious-locations.log in box_events.events

  #13278 commented on Apr 14, 2025 • 0 new comments

• [Serverless observability] [box_events] Failing test daily: pipeline test: test-suspicious-sessions.log in box_events.events

  #13279 commented on Apr 14, 2025 • 0 new comments

• [Serverless observability] [github] Failing test daily: pipeline test: test-github-issues-json.log in github.issues

  #13280 commented on Apr 14, 2025 • 0 new comments

• Make system integration the gold standard for Kibana best practices

  #4868 commented on Apr 14, 2025 • 0 new comments

• Use `links` panel in System dashboards

  #8218 commented on Apr 14, 2025 • 0 new comments

• [Zscaler ZIA]: poorly mapped to ECS categorisation fields

  #13100 commented on Apr 30, 2025 • 0 new comments

• [trendmicro] Upgrade integration would overwrite the integration settings

  #9813 commented on Apr 30, 2025 • 0 new comments

• [Qualys VMDR]: Generate unique identifiers for each interval ingestion

  #13167 commented on Apr 30, 2025 • 0 new comments

• [System] The core metrics do not use the `period` variable

  #9267 commented on Apr 30, 2025 • 0 new comments

• Support processing of AD FS logs with the system integration

  #11539 commented on Apr 30, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: mysql_8_0_35) in mysql.performance

  #13131 commented on May 1, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [couchdb] Failing test daily: system test: metric in couchdb.server

  #13022 commented on May 1, 2025 • 0 new comments

• F5's logs (using syslog) are not parsed

  #7236 commented on May 1, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [box_events] Failing test daily: pipeline test: test-malicious-content.log in box_events.events

  #13227 commented on May 1, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [box_events] Failing test daily: pipeline test: test-anomalous-download.log in box_events.events

  #13226 commented on May 1, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [box_events] Failing test daily: pipeline test: test-suspicious-sessions.log in box_events.events

  #13216 commented on May 1, 2025 • 0 new comments

• [Azure Logs]: Sign-In Logs Reporting `none` Where Value Exists

  #12833 commented on May 1, 2025 • 0 new comments

• [SLES 15]: No "system.auth" logs for system integration under Data Streams tab for SLES 15 linux agent.

  #13752 commented on May 2, 2025 • 0 new comments

• [Usability] Improve/align user experience for Custom * Integrations

  #11375 commented on May 2, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: percona_8_0_36) in mysql.error

  #13273 commented on May 3, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [kafka_log] Failing test daily: system test: kafka in kafka_log.generic

  #13383 commented on May 3, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: mysql_8_0_35) in mysql.replica_status

  #13308 commented on May 3, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: mysql_8_0_35) in mysql.performance

  #13327 commented on May 4, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: percona_8_0_36) in mysql.galera_status

  #13252 commented on May 4, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: percona_8_0_36) in mysql.performance

  #13259 commented on May 5, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: mysql_8_0_35) in mysql.slowlog

  #13051 commented on May 5, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: mysql_8_0_35) in mysql.slowlog

  #13134 commented on May 5, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: mysql_8_0_35) in mysql.galera_status

  #13151 commented on May 5, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: mysql_8_0_35) in mysql.galera_status

  #13127 commented on May 6, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: mysql_8_0_35) in mysql.performance

  #13406 commented on May 6, 2025 • 0 new comments

• [entityanalytics_ad]: Investigate efficient handling of group membership data

  #12520 commented on May 6, 2025 • 0 new comments

• [M365 Defender] - Add a new data stream to support vulnerability logs

  #7482 commented on Apr 22, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: percona_8_0_36) in mysql.slowlog

  #13129 commented on Apr 22, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: percona_8_0_36) in mysql.performance

  #13385 commented on Apr 22, 2025 • 0 new comments

• [New Integration] AWS Config

  #10272 commented on Apr 22, 2025 • 0 new comments

• [Custom Packages] Moving to Input packages

  #8435 commented on Apr 22, 2025 • 0 new comments

• [Sysdig Secure] New data stream: Vulnerabilities

  #12269 commented on Apr 24, 2025 • 0 new comments

• [Google Workspace] Missing Data Stream Fields

  #5909 commented on Apr 25, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: percona_8_0_36) in mysql.replica_status

  #13023 commented on Apr 27, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [couchbase] Failing test daily: system test: default (variant: v7.1.0) in couchbase.xdcr

  #13258 commented on Apr 28, 2025 • 0 new comments

• [Serverless observability] [ti_misp] Failing test daily: pipeline test: test-misp-attributes-ndjson.log in ti_misp.threat

  #13283 commented on Apr 28, 2025 • 0 new comments

• [Serverless observability] [ti_misp] Failing test daily: pipeline test: test-misp-sample-ndjson.log in ti_misp.threat

  #13284 commented on Apr 28, 2025 • 0 new comments

• [Serverless security] [ti_misp] Failing test daily: pipeline test: test-misp-attributes-ndjson.log in ti_misp.threat

  #13293 commented on Apr 28, 2025 • 0 new comments

• [Serverless security] [ti_misp] Failing test daily: pipeline test: test-misp-sample-ndjson.log in ti_misp.threat

  #13294 commented on Apr 28, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: mysql_8_0_35) in mysql.replica_status

  #13112 commented on Apr 29, 2025 • 0 new comments

• Security Integrations | Missing Dashboards

  #3102 commented on Apr 29, 2025 • 0 new comments

• [box_events]: user.XXX fields wrongly set, not conforming to ECS

  #12971 commented on Apr 29, 2025 • 0 new comments

• [Okta Entity Analytics]: Add the `user.roles` field to user entities containing their Okta admin role assignments

  #13165 commented on Apr 29, 2025 • 0 new comments

• [SQL Input] Add support for logs in database

  #9347 commented on Apr 29, 2025 • 0 new comments

• Support for Artemis version of ActiveMQ.

  #8718 commented on Apr 29, 2025 • 0 new comments

• [O11y][Redis] Add AUTH (username) and SSL/TLS support

  #9787 commented on Apr 29, 2025 • 0 new comments

• [Elasticsearch]: New index_pivot transform isn't starting

  #12761 commented on Apr 29, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: percona_8_0_36) in mysql.replica_status

  #12955 commented on Apr 30, 2025 • 0 new comments

• [aws]: inspector2/guarduty/securityhub - no role_arn or session_token

  #10784 commented on Apr 30, 2025 • 0 new comments

• Combine Okta and Entra ID Entity Analytics Integrations with their "Event Based" counterparts

  #13143 commented on Apr 30, 2025 • 0 new comments

• [Security Solution] No geo data from Microsoft 365 Integration

  #4803 commented on Apr 30, 2025 • 0 new comments

• [Cribl] Release integration as GA

  #12480 commented on Apr 30, 2025 • 0 new comments