diff --git a/packages/ti_domaintools/_dev/build/docs/README.md b/packages/ti_domaintools/_dev/build/docs/README.md index 0048b055578..75f51f55f85 100644 --- a/packages/ti_domaintools/_dev/build/docs/README.md +++ b/packages/ti_domaintools/_dev/build/docs/README.md @@ -17,6 +17,11 @@ Ideal for threat hunting, phishing prevention, and brand protection. For example, if you wanted to monitor Newly Observed Domains (NOD) feed, you could ingest the DomainTools NOD feed. Then you can reference ti_domaintools.nod_feed when using visualizations or alerts. +## Agentless Enabled Integration + +Agentless integrations allow you to collect data without having to manage Elastic Agent in your cloud. They make manual agent deployment unnecessary, so you can focus on your data instead of the agent that collects it. For more information, refer to [Agentless integrations](https://www.elastic.co/guide/en/serverless/current/security-agentless-integrations.html) and the [Agentless integrations FAQ](https://www.elastic.co/guide/en/serverless/current/agentless-integration-troubleshooting.html). +Agentless deployments are only supported in Elastic Serverless and Elastic Cloud environments. This functionality is in beta and is subject to change. Beta features are not subject to the support SLA of official GA features. + ## Data streams The DomainTools Feeds integration collects one type of data streams: **logs** diff --git a/packages/ti_domaintools/changelog.yml b/packages/ti_domaintools/changelog.yml index 60cde57528a..05a286592be 100644 --- a/packages/ti_domaintools/changelog.yml +++ b/packages/ti_domaintools/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.0" + changes: + - description: Enable Agentless deployment. + type: enhancement + link: https://github.com/elastic/integrations/pull/19598 - version: "1.4.0" changes: - description: Use num_failure_retries instead of unattended mode for transform failure recovery. diff --git a/packages/ti_domaintools/docs/README.md b/packages/ti_domaintools/docs/README.md index d371bd36206..9cc1bd7b908 100644 --- a/packages/ti_domaintools/docs/README.md +++ b/packages/ti_domaintools/docs/README.md @@ -17,6 +17,11 @@ Ideal for threat hunting, phishing prevention, and brand protection. For example, if you wanted to monitor Newly Observed Domains (NOD) feed, you could ingest the DomainTools NOD feed. Then you can reference ti_domaintools.nod_feed when using visualizations or alerts. +## Agentless Enabled Integration + +Agentless integrations allow you to collect data without having to manage Elastic Agent in your cloud. They make manual agent deployment unnecessary, so you can focus on your data instead of the agent that collects it. For more information, refer to [Agentless integrations](https://www.elastic.co/guide/en/serverless/current/security-agentless-integrations.html) and the [Agentless integrations FAQ](https://www.elastic.co/guide/en/serverless/current/agentless-integration-troubleshooting.html). +Agentless deployments are only supported in Elastic Serverless and Elastic Cloud environments. This functionality is in beta and is subject to change. Beta features are not subject to the support SLA of official GA features. + ## Data streams The DomainTools Feeds integration collects one type of data streams: **logs** diff --git a/packages/ti_domaintools/manifest.yml b/packages/ti_domaintools/manifest.yml index d250864851f..51a8772eb32 100644 --- a/packages/ti_domaintools/manifest.yml +++ b/packages/ti_domaintools/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.3.2 name: ti_domaintools title: "DomainTools Feeds" -version: "1.4.0" +version: "1.5.0" source: license: "Elastic-2.0" description: "DomainTools Feeds provide data on the different stages of the domain lifecycle: from first-observed in the wild, to newly re-activated after a period of quiet." @@ -11,7 +11,7 @@ categories: - threat_intel conditions: kibana: - version: "^8.16.0 || ^9.0.0" + version: "^8.19.2 || ^9.0.5" elastic: subscription: "basic" screenshots: @@ -28,6 +28,15 @@ policy_templates: - name: domaintools title: DomainTools Feeds description: "The DomainTools Feed provides real-time access to newly registered and observed domains, enabling proactive threat detection and defense." + deployment_modes: + default: + enabled: true + agentless: + enabled: true + release: beta + organization: security + division: engineering + team: security-service-integrations inputs: - type: cel title: "Collect DomainTools Feeds" diff --git a/packages/ti_eset/_dev/build/docs/README.md b/packages/ti_eset/_dev/build/docs/README.md index 92a72c83cbc..bacc11b99b8 100644 --- a/packages/ti_eset/_dev/build/docs/README.md +++ b/packages/ti_eset/_dev/build/docs/README.md @@ -13,6 +13,11 @@ It includes the following datasets for retrieving logs: | ip | ip stix 2.1 | | url | url stix 2.1 | +## Agentless Enabled Integration + +Agentless integrations allow you to collect data without having to manage Elastic Agent in your cloud. They make manual agent deployment unnecessary, so you can focus on your data instead of the agent that collects it. For more information, refer to [Agentless integrations](https://www.elastic.co/guide/en/serverless/current/security-agentless-integrations.html) and the [Agentless integrations FAQ](https://www.elastic.co/guide/en/serverless/current/agentless-integration-troubleshooting.html). +Agentless deployments are only supported in Elastic Serverless and Elastic Cloud environments. This functionality is in beta and is subject to change. Beta features are not subject to the support SLA of official GA features. + ## Expiration of Indicators of Compromise (IOCs) The ingested IOCs expire after certain duration. An [Elastic Transform](https://www.elastic.co/guide/en/elasticsearch/reference/current/transforms.html) is created for every source index to diff --git a/packages/ti_eset/changelog.yml b/packages/ti_eset/changelog.yml index bd381ca481d..afd267669f9 100644 --- a/packages/ti_eset/changelog.yml +++ b/packages/ti_eset/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.11.0" + changes: + - description: Enable Agentless deployment. + type: enhancement + link: https://github.com/elastic/integrations/pull/19598 - version: "1.10.0" changes: - description: Use num_failure_retries instead of unattended mode for transform failure recovery. diff --git a/packages/ti_eset/data_stream/apt/elasticsearch/ingest_pipeline/default.yml b/packages/ti_eset/data_stream/apt/elasticsearch/ingest_pipeline/default.yml index e926209d3f9..43db36ea63e 100644 --- a/packages/ti_eset/data_stream/apt/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_eset/data_stream/apt/elasticsearch/ingest_pipeline/default.yml @@ -23,6 +23,12 @@ processors: target_field: event.original ignore_missing: true if: ctx.event?.original == null + - remove: + field: message + tag: remove_message + ignore_missing: true + if: ctx.event?.original != null + description: 'The `message` field is no longer required if the document has an `event.original` field.' - json: field: event.original target_field: eti diff --git a/packages/ti_eset/data_stream/botnet/elasticsearch/ingest_pipeline/default.yml b/packages/ti_eset/data_stream/botnet/elasticsearch/ingest_pipeline/default.yml index 5e3a86118c6..fce90015743 100644 --- a/packages/ti_eset/data_stream/botnet/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_eset/data_stream/botnet/elasticsearch/ingest_pipeline/default.yml @@ -23,6 +23,12 @@ processors: target_field: event.original ignore_missing: true if: ctx.event?.original == null + - remove: + field: message + tag: remove_message + ignore_missing: true + if: ctx.event?.original != null + description: 'The `message` field is no longer required if the document has an `event.original` field.' - json: field: event.original target_field: eti diff --git a/packages/ti_eset/data_stream/cc/elasticsearch/ingest_pipeline/default.yml b/packages/ti_eset/data_stream/cc/elasticsearch/ingest_pipeline/default.yml index d90d6f25cce..2c1d2c17cd1 100644 --- a/packages/ti_eset/data_stream/cc/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_eset/data_stream/cc/elasticsearch/ingest_pipeline/default.yml @@ -23,6 +23,12 @@ processors: target_field: event.original ignore_missing: true if: ctx.event?.original == null + - remove: + field: message + tag: remove_message + ignore_missing: true + if: ctx.event?.original != null + description: 'The `message` field is no longer required if the document has an `event.original` field.' - json: field: event.original target_field: eti diff --git a/packages/ti_eset/data_stream/domains/elasticsearch/ingest_pipeline/default.yml b/packages/ti_eset/data_stream/domains/elasticsearch/ingest_pipeline/default.yml index 82575630cf2..af95b65b1f6 100644 --- a/packages/ti_eset/data_stream/domains/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_eset/data_stream/domains/elasticsearch/ingest_pipeline/default.yml @@ -23,6 +23,12 @@ processors: target_field: event.original ignore_missing: true if: ctx.event?.original == null + - remove: + field: message + tag: remove_message + ignore_missing: true + if: ctx.event?.original != null + description: 'The `message` field is no longer required if the document has an `event.original` field.' - json: field: event.original target_field: eti diff --git a/packages/ti_eset/data_stream/files/elasticsearch/ingest_pipeline/default.yml b/packages/ti_eset/data_stream/files/elasticsearch/ingest_pipeline/default.yml index 43e2dc1753e..a25f66f28bb 100644 --- a/packages/ti_eset/data_stream/files/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_eset/data_stream/files/elasticsearch/ingest_pipeline/default.yml @@ -23,6 +23,12 @@ processors: target_field: event.original ignore_missing: true if: ctx.event?.original == null + - remove: + field: message + tag: remove_message + ignore_missing: true + if: ctx.event?.original != null + description: 'The `message` field is no longer required if the document has an `event.original` field.' - json: field: event.original target_field: eti diff --git a/packages/ti_eset/data_stream/ip/elasticsearch/ingest_pipeline/default.yml b/packages/ti_eset/data_stream/ip/elasticsearch/ingest_pipeline/default.yml index bd4ba733cfa..340c6b712f2 100644 --- a/packages/ti_eset/data_stream/ip/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_eset/data_stream/ip/elasticsearch/ingest_pipeline/default.yml @@ -23,6 +23,12 @@ processors: target_field: event.original ignore_missing: true if: ctx.event?.original == null + - remove: + field: message + tag: remove_message + ignore_missing: true + if: ctx.event?.original != null + description: 'The `message` field is no longer required if the document has an `event.original` field.' - json: field: event.original target_field: eti diff --git a/packages/ti_eset/data_stream/url/elasticsearch/ingest_pipeline/default.yml b/packages/ti_eset/data_stream/url/elasticsearch/ingest_pipeline/default.yml index 888bc3a4a4e..61af78af604 100644 --- a/packages/ti_eset/data_stream/url/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_eset/data_stream/url/elasticsearch/ingest_pipeline/default.yml @@ -23,6 +23,12 @@ processors: target_field: event.original ignore_missing: true if: ctx.event?.original == null + - remove: + field: message + tag: remove_message + ignore_missing: true + if: ctx.event?.original != null + description: 'The `message` field is no longer required if the document has an `event.original` field.' - json: field: event.original target_field: eti diff --git a/packages/ti_eset/docs/README.md b/packages/ti_eset/docs/README.md index aff6ed31395..78ab80eaa66 100644 --- a/packages/ti_eset/docs/README.md +++ b/packages/ti_eset/docs/README.md @@ -13,6 +13,11 @@ It includes the following datasets for retrieving logs: | ip | ip stix 2.1 | | url | url stix 2.1 | +## Agentless Enabled Integration + +Agentless integrations allow you to collect data without having to manage Elastic Agent in your cloud. They make manual agent deployment unnecessary, so you can focus on your data instead of the agent that collects it. For more information, refer to [Agentless integrations](https://www.elastic.co/guide/en/serverless/current/security-agentless-integrations.html) and the [Agentless integrations FAQ](https://www.elastic.co/guide/en/serverless/current/agentless-integration-troubleshooting.html). +Agentless deployments are only supported in Elastic Serverless and Elastic Cloud environments. This functionality is in beta and is subject to change. Beta features are not subject to the support SLA of official GA features. + ## Expiration of Indicators of Compromise (IOCs) The ingested IOCs expire after certain duration. An [Elastic Transform](https://www.elastic.co/guide/en/elasticsearch/reference/current/transforms.html) is created for every source index to diff --git a/packages/ti_eset/manifest.yml b/packages/ti_eset/manifest.yml index 71197569042..7e91d912b0a 100644 --- a/packages/ti_eset/manifest.yml +++ b/packages/ti_eset/manifest.yml @@ -1,7 +1,7 @@ -format_version: 3.0.3 +format_version: 3.3.2 name: ti_eset title: "ESET Threat Intelligence" -version: "1.10.0" +version: "1.11.0" description: "Ingest threat intelligence indicators from ESET Threat Intelligence with Elastic Agent." type: integration categories: @@ -34,6 +34,15 @@ policy_templates: - name: eset title: ETI feeds (TAXII version 2) description: Collect data from ETI feeds (TAXII version 2) + deployment_modes: + default: + enabled: true + agentless: + enabled: true + release: beta + organization: security + division: engineering + team: security-service-integrations inputs: - type: httpjson title: ETI feeds (TAXII version 2) diff --git a/packages/ti_maltiverse/_dev/build/docs/README.md b/packages/ti_maltiverse/_dev/build/docs/README.md index 4f63f0b2cf9..ea3a41bad88 100644 --- a/packages/ti_maltiverse/_dev/build/docs/README.md +++ b/packages/ti_maltiverse/_dev/build/docs/README.md @@ -6,6 +6,11 @@ This integration fetches Maltiverse Threat Intelligence feeds and add them into In order to download feed you need to [register](https://maltiverse.com/auth/register) and generate an API key on you profile page. +## Agentless Enabled Integration + +Agentless integrations allow you to collect data without having to manage Elastic Agent in your cloud. They make manual agent deployment unnecessary, so you can focus on your data instead of the agent that collects it. For more information, refer to [Agentless integrations](https://www.elastic.co/guide/en/serverless/current/security-agentless-integrations.html) and the [Agentless integrations FAQ](https://www.elastic.co/guide/en/serverless/current/agentless-integration-troubleshooting.html). +Agentless deployments are only supported in Elastic Serverless and Elastic Cloud environments. This functionality is in beta and is subject to change. Beta features are not subject to the support SLA of official GA features. + ## IoCs Expiration Since we want to retain only valuable information and avoid duplicated data, the Maltiverse Elastic integration forces the indicators to rotate into a custom index called: `logs-ti_maltiverse_latest.indicator`. **Please, refer to this index in order to set alerts and so on.** diff --git a/packages/ti_maltiverse/changelog.yml b/packages/ti_maltiverse/changelog.yml index 996d45e205f..4502a2e0765 100644 --- a/packages/ti_maltiverse/changelog.yml +++ b/packages/ti_maltiverse/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.8.0" + changes: + - description: Enable Agentless deployment. + type: enhancement + link: https://github.com/elastic/integrations/pull/19598 - version: "1.7.0" changes: - description: Use num_failure_retries instead of unattended mode for transform failure recovery. diff --git a/packages/ti_maltiverse/data_stream/indicator/elasticsearch/ingest_pipeline/default.yml b/packages/ti_maltiverse/data_stream/indicator/elasticsearch/ingest_pipeline/default.yml index ed03e750a07..53d08df0541 100644 --- a/packages/ti_maltiverse/data_stream/indicator/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_maltiverse/data_stream/indicator/elasticsearch/ingest_pipeline/default.yml @@ -9,6 +9,12 @@ processors: target_field: event.original ignore_missing: true if: ctx.event?.original == null + - remove: + field: message + tag: remove_message + ignore_missing: true + if: ctx.event?.original != null + description: 'The `message` field is no longer required if the document has an `event.original` field.' - json: field: event.original target_field: maltiverse diff --git a/packages/ti_maltiverse/docs/README.md b/packages/ti_maltiverse/docs/README.md index 247fba02216..09bb12eddda 100644 --- a/packages/ti_maltiverse/docs/README.md +++ b/packages/ti_maltiverse/docs/README.md @@ -6,6 +6,11 @@ This integration fetches Maltiverse Threat Intelligence feeds and add them into In order to download feed you need to [register](https://maltiverse.com/auth/register) and generate an API key on you profile page. +## Agentless Enabled Integration + +Agentless integrations allow you to collect data without having to manage Elastic Agent in your cloud. They make manual agent deployment unnecessary, so you can focus on your data instead of the agent that collects it. For more information, refer to [Agentless integrations](https://www.elastic.co/guide/en/serverless/current/security-agentless-integrations.html) and the [Agentless integrations FAQ](https://www.elastic.co/guide/en/serverless/current/agentless-integration-troubleshooting.html). +Agentless deployments are only supported in Elastic Serverless and Elastic Cloud environments. This functionality is in beta and is subject to change. Beta features are not subject to the support SLA of official GA features. + ## IoCs Expiration Since we want to retain only valuable information and avoid duplicated data, the Maltiverse Elastic integration forces the indicators to rotate into a custom index called: `logs-ti_maltiverse_latest.indicator`. **Please, refer to this index in order to set alerts and so on.** diff --git a/packages/ti_maltiverse/manifest.yml b/packages/ti_maltiverse/manifest.yml index 8fcd9f201ec..270650f951f 100644 --- a/packages/ti_maltiverse/manifest.yml +++ b/packages/ti_maltiverse/manifest.yml @@ -1,15 +1,15 @@ name: ti_maltiverse title: Maltiverse -version: "1.7.0" +version: "1.8.0" description: Ingest threat intelligence indicators from Maltiverse feeds with Elastic Agent type: integration -format_version: 3.0.2 +format_version: 3.3.2 categories: - security - threat_intel conditions: kibana: - version: "^8.13.0 || ^9.0.0" + version: "^8.19.2 || ^9.0.5" icons: - src: /img/logo-maltiverse.svg title: Maltiverse @@ -19,6 +19,15 @@ policy_templates: - name: ti_maltiverse title: Maltiverse description: Ingest threat intelligence indicators from Maltiverse feeds with Elastic Agent + deployment_modes: + default: + enabled: true + agentless: + enabled: true + release: beta + organization: security + division: engineering + team: security-service-integrations inputs: - type: httpjson title: "Collect threat intelligence feeds from Maltiverse API."