55 Pull requests merged by 24 people

• [HTA] Add new security integration package to publish dashboards for Security: Host module

  #13001 merged Mar 7, 2025

• packages/openai: Release integration as GA

  #12984 merged Mar 7, 2025

• [docs] Fix external links

  #12990 merged Mar 7, 2025

• Fixed typos in ssl verification node descriptions

  #13008 merged Mar 7, 2025

• Update ssl option descriptions package in manifest.yml remaining packages obs infraobs integrations

  #13010 merged Mar 7, 2025

• panw_cortex_xdr: Fix CEL type conversion in alerts v2.

  #13007 merged Mar 7, 2025

• [cisco_aironet] Properly parse CLIENT_ORCH_LOG-6-CLIENT_ADDED_TO_RUN_STATE messages

  #12975 merged Mar 6, 2025

• atlassian_{bitbucket,confluence,jira}: improve pipeline robustness to empty strings

  #12977 merged Mar 6, 2025

• Updated description on ssl nodes in package level manifest.yml for files owned by obs-infraobs-integrations

  #12780 merged Mar 6, 2025

• build(deps): bump golang.org/x/tools from 0.30.0 to 0.31.0

  #12987 merged Mar 6, 2025

• qualys_vmdr: Fix package_nested field in asset data stream.

  #12969 merged Mar 6, 2025

• [cisco_asa] Add parsing for 4 new message types

  #12773 merged Mar 5, 2025

• build(deps): bump github.com/elastic/elastic-package from 0.110.1 to 0.110.2

  #12972 merged Mar 5, 2025

• microsoft_sentinel: Add agentless deployment

  #12586 merged Mar 5, 2025

• [checkpoint] Extend key/value parsing and expand supported fields

  #12929 merged Mar 5, 2025

• snyk: fix the expected formats of created_at timestamp

  #12964 merged Mar 5, 2025

• Fix boolean key in security pipelines

  #12963 merged Mar 5, 2025

• Jamf Protect 3.0.0

  #12871 merged Mar 5, 2025

• [AmazonMQ] Add RabbitMQ metrics dataset

  #12924 merged Mar 5, 2025

• [Azure] [PlatformLogs] Fix pipeline for edge cases

  #12735 merged Mar 5, 2025

• [AWS S3] Introduce start timestamp and ignore older timespan to AWS S3 based integrations

  #12645 merged Mar 4, 2025

• box_events: handle collaboration invite events and improve user field handling

  #12944 merged Mar 4, 2025

• infoblox_nios: support AD authentication failure log messages and DHCPACK events without device names

  #12933 merged Mar 4, 2025

• eset_protect: add support for fields that were missed

  #12934 merged Mar 4, 2025

• Bump github.com/elastic/elastic-package from 0.109.1 to 0.110.1

  #12948 merged Mar 4, 2025

• [Fortinet Fortigate] Add url parsing error handling

  #12895 merged Mar 4, 2025

• #11810 - Enabling google_scc with Agentless deployment

  #12907 merged Mar 4, 2025

• #11810 - Enabling m365_defender with Agentless deployment

  #12891 merged Mar 4, 2025

• [google_workspace] Enable agentless integration

  #12921 merged Mar 4, 2025

• Update Security ML packages' manifest for 9.0

  #12940 merged Mar 4, 2025

• Update security service integrations packages transform mappings

  #12841 merged Mar 4, 2025

• [o365_metrics]Update ownership for O365 Metrics integration

  #12814 merged Mar 4, 2025

• ssi_all: update Kibana version constraint to support 9.0

  #12919 merged Mar 4, 2025

• mimecast: Handle empty events in a time window inside threat events.

  #12937 merged Mar 4, 2025

• [rubrik] Enable TSDB

  #12917 merged Mar 4, 2025

• [teleport] Update event-groups ingest pipeline to manage cloud fields if already present

  #12851 merged Mar 4, 2025

• mimecast: Prevent pageToken from incorrectly reappearing in interval requests in multiple datastreams

  #12936 merged Mar 4, 2025

• http_endpoint: improve HMAC config documentation

  #12942 merged Mar 4, 2025

• http_endpoint: improve HMAC config documentation

  #12943 merged Mar 4, 2025

• jamf_pro: add ecs mappings for jamf fields

  #12760 merged Mar 3, 2025

• [docs] Clean up cross-repo links

  #12927 merged Mar 3, 2025

• #11810 - Enabling Microsoft Defender for Endpoint with Agentless deployment

  #12901 merged Mar 3, 2025

• [citrix_adc] Support parsing syslog RFC 5424 messages

  #12608 merged Mar 3, 2025

• [tenable_io] Enable agentless collection

  #12893 merged Mar 3, 2025

• {system,windows} Sync windows pipelines with beats

  #12889 merged Mar 3, 2025

• [winlog] Add xml_query and level options

  #12938 merged Mar 3, 2025

• Agentless deployment of ess_billing integration

  #12906 merged Mar 3, 2025

• {o365.audit},{m365_defender.alert}: Enhance field mappings

  #12888 merged Mar 3, 2025

• crowdstrike: deflake test

  #12848 merged Mar 3, 2025

• ti_crowdstrike: populate required threat.intelligence fields

  #12915 merged Mar 3, 2025

• mimecast: set event.kind:alert for appropriate events

  #12835 merged Mar 3, 2025

• entityanalytics_okta: split user and device data into their own data streams

  #12798 merged Mar 3, 2025

• imperva_waf: improve config robustness and error reporting

  #12894 merged Mar 2, 2025

• [rubrik] Add sla_domains data stream

  #12923 merged Mar 1, 2025

• [azlogs] Fix the custom storage container description for the Azure Logs integration v2

  #12926 merged Feb 28, 2025

20 Pull requests opened by 15 people

• [O365 Metrics] Add metric types for all data streams

  #12935 opened Mar 3, 2025

• [wiz] Enable agentless integration

  #12941 opened Mar 3, 2025

• [O11y][MongoDB Atlas] Update dashboard titles and rename `accessListEntry` field to `whitelistEntry`

  #12945 opened Mar 4, 2025

• A new integration for tencent_cloud_audit_log

  #12946 opened Mar 4, 2025

• [O365 Metrics] Parse nested fields for Teams Call Quality and Subscriptions data streams

  #12949 opened Mar 4, 2025

• Add new Wiz Cloud Configuration Finding Full Posture data stream and update misconfig transform to use it

  #12961 opened Mar 5, 2025

• [ti_threatq] Update confidence scoring logic, IOC ingestion batch size, ECS field mapping issues and dashboard

  #12968 opened Mar 5, 2025

• [crowdstrike] Add support of Vulnerability Events.

  #12973 opened Mar 5, 2025

• Add Kibana 9.0 support.

  #12982 opened Mar 6, 2025

• Test elastic-package#2450 - DO NOT MERGE

  #12983 opened Mar 6, 2025

• [O11y][MongoDB Atlas] Update organization and project data streams

  #12985 opened Mar 6, 2025

• [O365 Metrics] Fix pipeline for SharePoint Site Usage Detail

  #12989 opened Mar 6, 2025

• bugfix/update-ssl-option-descriptions-package-manifest-cleanup-securi…

  #12997 opened Mar 6, 2025

• [CI] Update timeout for serverless pipeline

  #12998 opened Mar 6, 2025

• [rubrik] Update docs and enable tsdb for sla domains and unmanaged objects

  #13006 opened Mar 7, 2025

• checkpoint_harmony_endpoint: improve handling of 404 and 503 errors

  #13009 opened Mar 7, 2025

• Update SSL node description in manifest.yml file for packages owned by sec-deployment-and-devices

  #13011 opened Mar 7, 2025

• [AD Entity Analytics] Fix SID parsing and improve mappings

  #13013 opened Mar 7, 2025

• [CI] Update teams permissions in pull rqeuest pipeline

  #13016 opened Mar 7, 2025

• OTel Metrics for Docker Stats

  #13018 opened Mar 7, 2025

45 Issues closed by 15 people

• [OpenAI]: Release integration as GA

  #12960 closed Mar 7, 2025

• Documentation changes for SSL node for integrations - cleanup - obs-ds-hosted-services

  #12996 closed Mar 7, 2025

• Documentation changes for SSL node for integrations - cleanup - obs-infraobs-integrations

  #12993 closed Mar 7, 2025

• Documentation changes to package level manifest.yml file for integrations owned by obs-infraobs-integrations

  #12708 closed Mar 6, 2025

• [Tomcat] Access logs: Missing time to process request field in parsing

  #7584 closed Mar 6, 2025

• [ti_crowdstrike.ioc]: field [original] not present as part of path [event.original]]

  #10575 closed Mar 5, 2025

• [ti_crowdstrike]: integration degraded after update to 8.15.0 and 1.1.3

  #10850 closed Mar 5, 2025

• [checkpoint] Extend key/value parsing and expand supported fields

  #12928 closed Mar 5, 2025

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [network_traffic] Failing test daily: system test: dns-mx in network_traffic.dns

  #12952 closed Mar 5, 2025

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [network_traffic] Failing test daily: system test: dns-tcp-axfr in network_traffic.dns

  #12953 closed Mar 5, 2025

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [network_traffic] Failing test daily: system test: dns-udp-edns-ds in network_traffic.dns

  #12954 closed Mar 5, 2025

• [Stack 9.1.0-SNAPSHOT] [network_traffic] Failing test daily: system test: dns-mx in network_traffic.dns

  #12957 closed Mar 5, 2025

• [Stack 9.1.0-SNAPSHOT] [network_traffic] Failing test daily: system test: dns-tcp-axfr in network_traffic.dns

  #12958 closed Mar 5, 2025

• [Stack 9.1.0-SNAPSHOT] [network_traffic] Failing test daily: system test: dns-udp-edns-ds in network_traffic.dns

  #12959 closed Mar 5, 2025

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [gcp] Failing test daily: system test: pubsub in gcp.firewall

  #12951 closed Mar 5, 2025

• [Stack 9.1.0-SNAPSHOT] [gcp] Failing test daily: system test: pubsub in gcp.firewall

  #12956 closed Mar 5, 2025

• [Custom Threat Intelligence] Add support for client cert authentication

  #11585 closed Mar 5, 2025

• [Azure] [Platform Logs] Issues with processing certain fields

  #12217 closed Mar 5, 2025

• [entityanalytics_ad]: computer names are mapped as user names

  #11818 closed Mar 5, 2025

• [Stack 8.16.0-SNAPSHOT] [cloudflare] Failing test daily: system test: cursor in cloudflare.logpull

  #10872 closed Mar 4, 2025

• [AWS] Introduce ignore_older & start_timestamp

  #11919 closed Mar 4, 2025

• [box_events]: doesn't set user.??? fields, as well as user.target.???? for event.action COLLABORATION_INVITE

  #12920 closed Mar 4, 2025

• [Infoblox NIOS]: error.message For input string: "7257537 offered-duration 7257579 (RENEW)"

  #12728 closed Mar 4, 2025

• [Infoblox NIOS]: Text 'my-dc.mysubdom.mydom.tld: AD authentication for user AlphaNumericUser123' could not be parsed at index 0

  #12730 closed Mar 4, 2025

• [eset_protect]: Add new fields

  #12890 closed Mar 4, 2025

• [AWS][Firehose] Documentation

  #12150 closed Mar 4, 2025

• [Mimecast] Mapping and illegal value issues mapping

  #4909 closed Mar 4, 2025

• [azure_frontdoor] access ingest pipeline does not preserve event.original when preserve toggle selected

  #6848 closed Mar 4, 2025

• [ti_crowdstrike.intel]: pipeline error: '134.35.8.0/21' is not an IP string literal

  #10576 closed Mar 4, 2025

• [Jamf Pro]: update mapping of certain fields to ECS values

  #12722 closed Mar 3, 2025

• [winlog] Support xml_query as a configuration option

  #9450 closed Mar 3, 2025

• Make event.original available to the custom pipeline

  #7636 closed Mar 3, 2025

• [windows] Upgrade package-spec

  #9906 closed Mar 3, 2025

• [Stack 9.0.0-SNAPSHOT] [microsoft_exchange_server] Failing test daily: system test: default in microsoft_exchange_server.httpproxy

  #12317 closed Mar 3, 2025

• [Stack 9.0.0-SNAPSHOT] [microsoft_exchange_server] Failing test daily: system test: default in microsoft_exchange_server.messagetracking

  #12319 closed Mar 3, 2025

• [winlog] Cannot index events after index rollover

  #4761 closed Mar 3, 2025

• [windows] Update to package-spec 3.0

  #8677 closed Mar 3, 2025

• Systems Integration - Windows Event Logging Event ID limitation

  #6228 closed Mar 3, 2025

• [Meta Issue] Integrations Test Environment

  #5340 closed Mar 3, 2025

• [m365_defender] [o365] Add new fields to o365 and M365 Defender integrations

  #12519 closed Mar 3, 2025

• [LogsDB] [Stack 8.18.0-SNAPSHOT] [crowdstrike] Failing test daily: system test: keep-metadata in crowdstrike.fdr

  #12683 closed Mar 3, 2025

• [CrowdStrike TI]: Indicator column in Security Intelligence not filled

  #12852 closed Mar 3, 2025

• [Mimecast] Add `event.kind: alert` to parse alert data

  #12600 closed Mar 3, 2025

• [entityanalytics_okta]: device assets mixed up with user assets

  #12657 closed Mar 3, 2025

• [Azure] [Database Account Metrics] Add support for more dimensions

  #7511 closed Mar 1, 2025

29 Issues opened by 17 people

• [Threat Map]: Threat Map breaks all other integrations using the `log` input

  #13017 opened Mar 7, 2025

• [Logstash] Change log default to match system default

  #13015 opened Mar 7, 2025

• [Okta]: Update to parse the rootSessionId and RootApiTokenId fields from Okta logs

  #13014 opened Mar 7, 2025

• [Checkpoint Harmony Endpoint]: Failed to unmarshall JSON message

  #13012 opened Mar 7, 2025

• [Stack 8.19.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: mysql_8_0_35) in mysql.status

  #13005 opened Mar 7, 2025

• [Stack 9.1.0-SNAPSHOT] [cisco_umbrella] Failing test daily: system test: default in cisco_umbrella.log

  #13004 opened Mar 7, 2025

• [aws.cloudtrail]: Failure executing script to set 'related.entity'

  #13003 opened Mar 7, 2025

• ssi: add support for request trace deletion

  #13002 opened Mar 6, 2025

• [abnormal_security] Add Support for Not Analyzed Messages in Abuse Mailbox

  #13000 opened Mar 6, 2025

• [abnormal_security] Enrich Threat Events with Attachment and Link Details

  #12999 opened Mar 6, 2025

• Documentation changes for SSL node for integrations - cleanup - sec-deployment-and-devices

  #12995 opened Mar 6, 2025

• Documentation changes for SSL node for integrations - cleanup- security-service-integrations

  #12994 opened Mar 6, 2025

• Documentation changes for SSL node for integrations - cleanup

  #12992 opened Mar 6, 2025

• [CoreDNS]: Incorrectly setting related.ip with non-IP value

  #12991 opened Mar 6, 2025

• [Atlassian Jira]: Duplicate record pulls due to cursor not progressing

  #12988 opened Mar 6, 2025

• [Cisco ISE]: CISE_Administrative_and_Operational_Audit - field [cisco_ise.log.log_details_raw] does not contain value_split if cisco_ise.log.log_details_raw contains an escaped comma

  #12986 opened Mar 6, 2025

• [Stack 9.1.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: mysql_8_0_35) in mysql.status

  #12981 opened Mar 6, 2025

• [Stack 9.1.0-SNAPSHOT] [aws] Failing test daily: system test: default in aws.route53_resolver_logs

  #12980 opened Mar 6, 2025

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: percona_8_0_36) in mysql.replica_status

  #12979 opened Mar 6, 2025

• [Stack 8.19.0-SNAPSHOT] [google_workspace] Failing test daily: system test: default in google_workspace.saml

  #12978 opened Mar 6, 2025

• [Google Workspace]: Misclassification of Successful Logins with "Challenge Passed" Status

  #12976 opened Mar 5, 2025

• [box_events]: user.XXX fields wrongly set, not conforming to ECS

  #12971 opened Mar 5, 2025

• [AWS Security Hub]: Event.kind should not be a constant keyword

  #12970 opened Mar 5, 2025

• [Synthetics]: Support http.request.headers for browser monitors

  #12967 opened Mar 5, 2025

• [Stack 8.19.0-SNAPSHOT] [mysql] Failing test daily: system test: default (variant: percona_8_0_36) in mysql.replica_status

  #12955 opened Mar 5, 2025

• [entityanalytics_ad]: Include computers in AD query

  #12950 opened Mar 5, 2025

• abnormal_security.ai_security_mailbox: items in scanning state are not properly updated

  #12932 opened Mar 2, 2025

• [Stack 9.1.0-SNAPSHOT] [enterprisesearch] Failing test daily: system test: default (variant: enterprisesearch_8.7.0) in enterprisesearch.health

  #12931 opened Mar 2, 2025

• [Stack 9.1.0-SNAPSHOT] [enterprisesearch] Failing test daily: system test: default (variant: enterprisesearch_8.7.0) in enterprisesearch.stats

  #12930 opened Mar 2, 2025

81 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• [azure logs] enable event hub processor v2

  #12802 commented on Mar 6, 2025 • 8 new comments

• crowdstrike: implement enhanced field mapping logic

  #12913 commented on Mar 4, 2025 • 7 new comments

• [Falco] Split datastream based on CNCF or agent-based ingest type

  #12896 commented on Mar 3, 2025 • 6 new comments

• [PAD] Add new advanced analytical security integration Privileged Access Detection

  #12864 commented on Mar 7, 2025 • 5 new comments

• [windows_etw] Make etw input package GA

  #12638 commented on Mar 3, 2025 • 1 new comment

• [cisco_asa] parse 'message repeated X times' updated

  #12682 commented on Mar 3, 2025 • 1 new comment

• Add custom configuration to nginx/metrics

  #12865 commented on Mar 4, 2025 • 1 new comment

• [Trendmicro Vision One] - Fixed cursor & pagination logic for "detections" data stream

  #12916 commented on Mar 3, 2025 • 1 new comment

• Add plain text parser for ESET Protect

  #12887 commented on Mar 3, 2025 • 0 new comments

• [Stack 8.19.0-SNAPSHOT] [system] Failing test daily: system test: journald in system.auth

  #12763 commented on Mar 7, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [system] Failing test daily: system test: journald in system.auth

  #12785 commented on Mar 7, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [juniper_netscreen] Failing test daily: system test: logfile in juniper_netscreen.log

  #12745 commented on Mar 7, 2025 • 0 new comments

• [Stack 9.1.0-SNAPSHOT] [juniper_junos] Failing test daily: system test: logfile in juniper_junos.log

  #12744 commented on Mar 7, 2025 • 0 new comments

• [Abnormal Security]: Add support for vendor-cases from API

  #11473 commented on Mar 6, 2025 • 0 new comments

• [ITF][Spring Boot][All On Cloud Use Case] Integration policy is not getting created while bringing up the integration

  #8396 commented on Mar 6, 2025 • 0 new comments

• [Palo Alto Prisma Cloud]: Host data collection creates oversized documents (>5MB) in production environments

  #12540 commented on Mar 4, 2025 • 0 new comments

• [New Integration] Proofpoint ITM

  #12472 commented on Mar 5, 2025 • 0 new comments

• [AWS Firehose] populate event.dataset field for ingested records

  #12750 commented on Mar 5, 2025 • 0 new comments

• Perfmon - Show process instance number when multiple instances exist

  #12925 commented on Mar 5, 2025 • 0 new comments

• [System] The core metrics do not use the `period` variable

  #9267 commented on Mar 4, 2025 • 0 new comments

• GCP: audit logs producing mapping issues when used with GCP Dataflow Templates

  #8315 commented on Mar 5, 2025 • 0 new comments

• [discuss] Change rerouting mechanism

  #9146 commented on Mar 5, 2025 • 0 new comments

• [Cloudflare Logpush] Add support for new fields and Page Shield data stream

  #9809 commented on Mar 5, 2025 • 0 new comments

• [Custom Threat Intelligence]: Unexpected Content-Type Header in Request

  #12874 commented on Mar 5, 2025 • 0 new comments

• [Wiz Integration] - Doc update

  #11520 commented on Mar 5, 2025 • 0 new comments

• feat: [mysql] add support for condition

  #12881 commented on Mar 7, 2025 • 0 new comments

• feat: [filestream] add support for condition

  #12880 commented on Mar 5, 2025 • 0 new comments

• feat: [apache_tomcat] add support for condition

  #12879 commented on Mar 7, 2025 • 0 new comments

• feat: [prometheus_input] add support for leader election and condition

  #12876 commented on Mar 7, 2025 • 0 new comments

• Tenable OT Security

  #12850 commented on Mar 6, 2025 • 0 new comments

• [Windows] Add custom conditions support for Perfmon

  #12830 commented on Mar 3, 2025 • 0 new comments

• cloudflare_logpush: expand set of supported fields and add data streams

  #12782 commented on Mar 6, 2025 • 0 new comments

• [google_secops] Initial release of the google secops

  #12767 commented on Mar 6, 2025 • 0 new comments

• Cloudtrail add actor and target

  #12685 commented on Mar 7, 2025 • 0 new comments

• fixed build README to generate

  #12461 commented on Mar 3, 2025 • 0 new comments

• Update sec-linux-platform integrations to ECS 8.17

  #12299 commented on Mar 6, 2025 • 0 new comments

• Endace

  #11738 commented on Mar 6, 2025 • 0 new comments

• Update description of Kafka protocol version to mention required value for Kafka 4.0

  #11655 commented on Mar 3, 2025 • 0 new comments

• New Azure Functions logs format?

  #11729 commented on Mar 7, 2025 • 0 new comments

• Remove deprecated data streams for 9.0

  #11775 commented on Mar 7, 2025 • 0 new comments

• [LogsDB] [Stack 8.19.0-SNAPSHOT] [system] Failing test daily: system test: journald in system.auth

  #12765 commented on Mar 7, 2025 • 0 new comments

• [M365 Defender] Change `event.type` of `AlertInfo`

  #10109 commented on Mar 4, 2025 • 0 new comments

• [Tenable.io] Add Audit Log data stream

  #10317 commented on Mar 4, 2025 • 0 new comments

• [entity analytics entra id] Expanded properties

  #10321 commented on Mar 4, 2025 • 0 new comments

• [entityanalytics_ad] Add config option to set TLS options

  #10335 commented on Mar 4, 2025 • 0 new comments

• [Imperva Cloud WAF] Add system test for the CEL code

  #10357 commented on Mar 4, 2025 • 0 new comments

• New Integration Request: Admin By Request

  #10404 commented on Mar 4, 2025 • 0 new comments

• [Mimecast]Add support for Brand Exploit Protect alerts

  #11161 commented on Mar 4, 2025 • 0 new comments

• [Sysdig Secure] New data stream: CIEM

  #12272 commented on Mar 4, 2025 • 0 new comments

• [Sysdig Secure] New data stream: CSPM

  #12271 commented on Mar 4, 2025 • 0 new comments

• [Sysdig Secure] New data stream: Runtime Threat Detection

  #12270 commented on Mar 4, 2025 • 0 new comments

• Standardize Ingested Data for Response Actions

  #12563 commented on Mar 4, 2025 • 0 new comments

• [atlassian_jira]: '1.2.3.4, 192.168.22.33' is not an IP string literal.

  #12885 commented on Mar 4, 2025 • 0 new comments

• https://docs.elastic.co/integrations/cloudflare_logpush documentation doesn t mention GCP on the overview section

  #9254 commented on Mar 4, 2025 • 0 new comments

• [m365_defender.alert] Prefer: include-unknown-enum-members Header

  #12573 commented on Mar 4, 2025 • 0 new comments

• [microsoft/defender_atp]: Offer initial_interval instead of hardcoding to 5m

  #12912 commented on Mar 4, 2025 • 0 new comments

• integration:cisco_secure_endpoint Fix noisy error log entry when pagination completes

  #10527 commented on Mar 4, 2025 • 0 new comments

• [SentinelOne] Parse and Populate ECS `message` Field with Alert Titles

  #12564 commented on Mar 4, 2025 • 0 new comments

• [teleport] Allow the user to decide which values should be set in `cloud.*` fields

  #12918 commented on Mar 4, 2025 • 0 new comments

• [Milestone 1] Create a versioned findings latest transform with index alias in the integrations repository

  #10251 commented on Mar 4, 2025 • 0 new comments

• [Netskope] Test ingestion of compressed Netskope cloud storage logs

  #10744 commented on Mar 3, 2025 • 0 new comments

• add additional CiscoIOS Log parsing & address ECS/normalization inconsistencies

  #5463 commented on Mar 4, 2025 • 0 new comments

• [Google Workspace] Support All Event Types

  #4722 commented on Mar 4, 2025 • 0 new comments

• [Sysdig Secure] New data stream: Vulnerabilities

  #12269 commented on Mar 4, 2025 • 0 new comments

• [GitHub] httpjson input `map has no entry for key` error

  #5809 commented on Mar 4, 2025 • 0 new comments

• [GCP Audit Integration] gcp.audit.resource_name not extracted from k8s audit logs

  #6024 commented on Mar 4, 2025 • 0 new comments

• [azure_frontdoor] waf ingest pipeline does not parse correctly to ECS Fields

  #7017 commented on Mar 4, 2025 • 0 new comments

• Add Security Solution Tag to Threat Integrations

  #3951 commented on Mar 4, 2025 • 0 new comments

• Atlassian Jira (cloud): Auditing API returns "invalid date"

  #4391 commented on Mar 4, 2025 • 0 new comments

• [Security Solution] No geo data from Microsoft 365 Integration

  #4803 commented on Mar 4, 2025 • 0 new comments

• [mimecast] Issues with configuration

  #4921 commented on Mar 4, 2025 • 0 new comments

• [AWS] Network Firewall logs ingest pipeline duplicate field error

  #5071 commented on Mar 4, 2025 • 0 new comments

• aws vpcflow integration should properly set event.type

  #5478 commented on Mar 4, 2025 • 0 new comments

• [Google Workspace] Missing Data Stream Fields

  #5909 commented on Mar 4, 2025 • 0 new comments

• [GitHub] How to get `topic` field value for `repo.add_topic` events

  #8369 commented on Mar 4, 2025 • 0 new comments

• F5's logs (using syslog) are not parsed

  #7236 commented on Mar 4, 2025 • 0 new comments

• [Cisco Meraki Events] Meraki Martian event information

  #8590 commented on Mar 4, 2025 • 0 new comments

• [Cisco Meraki Events] Pipeline_error for DHCP offer events

  #8589 commented on Mar 4, 2025 • 0 new comments

• trendmicro: enhance ecs mappings for `event.category` and `event.type`

  #8631 commented on Mar 4, 2025 • 0 new comments

• Events are not parsing correctly in Prisma cloud integration

  #8994 commented on Mar 4, 2025 • 0 new comments

• [Zscaler ZIA] Expanding support for new event types and fields

  #9232 commented on Mar 4, 2025 • 0 new comments