[ti_domaintools, ti_eset, ti_maltiverse] Add Agentless Deployment

packages/ti_domaintools/_dev/build/docs/README.md

@@ -17,6 +17,11 @@ Ideal for threat hunting, phishing prevention, and brand protection.
 For example, if you wanted to monitor Newly Observed Domains (NOD) feed, you could ingest the DomainTools NOD feed.
 Then you can reference ti_domaintools.nod_feed when using visualizations or alerts.
 
+## Agentless Enabled Integration
+
+Agentless integrations allow you to collect data without having to manage Elastic Agent in your cloud. They make manual agent deployment unnecessary, so you can focus on your data instead of the agent that collects it. For more information, refer to [Agentless integrations](https://www.elastic.co/guide/en/serverless/current/security-agentless-integrations.html) and the [Agentless integrations FAQ](https://www.elastic.co/guide/en/serverless/current/agentless-integration-troubleshooting.html).
+Agentless deployments are only supported in Elastic Serverless and Elastic Cloud environments.  This functionality is in beta and is subject to change. Beta features are not subject to the support SLA of official GA features.
+
 ## Data streams
 
 The DomainTools Feeds integration collects one type of data streams: **logs**

packages/ti_domaintools/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.5.0"
+  changes:
+    - description: Enable Agentless deployment.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/19598
 - version: "1.4.0"
   changes:
     - description: Use num_failure_retries instead of unattended mode for transform failure recovery.

packages/ti_domaintools/docs/README.md

@@ -17,6 +17,11 @@ Ideal for threat hunting, phishing prevention, and brand protection.
 For example, if you wanted to monitor Newly Observed Domains (NOD) feed, you could ingest the DomainTools NOD feed.
 Then you can reference ti_domaintools.nod_feed when using visualizations or alerts.
 
+## Agentless Enabled Integration
+
+Agentless integrations allow you to collect data without having to manage Elastic Agent in your cloud. They make manual agent deployment unnecessary, so you can focus on your data instead of the agent that collects it. For more information, refer to [Agentless integrations](https://www.elastic.co/guide/en/serverless/current/security-agentless-integrations.html) and the [Agentless integrations FAQ](https://www.elastic.co/guide/en/serverless/current/agentless-integration-troubleshooting.html).
+Agentless deployments are only supported in Elastic Serverless and Elastic Cloud environments.  This functionality is in beta and is subject to change. Beta features are not subject to the support SLA of official GA features.
+
 ## Data streams
 
 The DomainTools Feeds integration collects one type of data streams: **logs**

packages/ti_domaintools/manifest.yml

@@ -1,7 +1,7 @@
 format_version: 3.3.2
 name: ti_domaintools
 title: "DomainTools Feeds"
-version: "1.4.0"
+version: "1.5.0"
 source:
   license: "Elastic-2.0"
 description: "DomainTools Feeds provide data on the different stages of the domain lifecycle: from first-observed in the wild, to newly re-activated after a period of quiet."
@@ -11,7 +11,7 @@ categories:
   - threat_intel
 conditions:
   kibana:
-    version: "^8.16.0 || ^9.0.0"
+    version: "^8.19.2 || ^9.0.5"
   elastic:
     subscription: "basic"
 screenshots:
@@ -28,6 +28,15 @@ policy_templates:
   - name: domaintools
     title: DomainTools Feeds
     description: "The DomainTools Feed provides real-time access to newly registered and observed domains, enabling proactive threat detection and defense."
+    deployment_modes:
+      default:
+        enabled: true
+      agentless:
+        enabled: true
+        release: beta
+        organization: security
+        division: engineering
+        team: security-service-integrations
     inputs:
       - type: cel
         title: "Collect DomainTools Feeds"

packages/ti_eset/_dev/build/docs/README.md

@@ -13,6 +13,11 @@ It includes the following datasets for retrieving logs:
 |      ip | ip stix 2.1            |
 |     url | url stix 2.1           |
 
+## Agentless Enabled Integration
+
+Agentless integrations allow you to collect data without having to manage Elastic Agent in your cloud. They make manual agent deployment unnecessary, so you can focus on your data instead of the agent that collects it. For more information, refer to [Agentless integrations](https://www.elastic.co/guide/en/serverless/current/security-agentless-integrations.html) and the [Agentless integrations FAQ](https://www.elastic.co/guide/en/serverless/current/agentless-integration-troubleshooting.html).
+Agentless deployments are only supported in Elastic Serverless and Elastic Cloud environments.  This functionality is in beta and is subject to change. Beta features are not subject to the support SLA of official GA features.
+
 ## Expiration of Indicators of Compromise (IOCs)
 
 The ingested IOCs expire after certain duration. An [Elastic Transform](https://www.elastic.co/guide/en/elasticsearch/reference/current/transforms.html) is created for every source index to 

packages/ti_eset/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.11.0"
+  changes:
+    - description: Enable Agentless deployment.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/19598
 - version: "1.10.0"
   changes:
     - description: Use num_failure_retries instead of unattended mode for transform failure recovery.

packages/ti_eset/data_stream/apt/elasticsearch/ingest_pipeline/default.yml

@@ -23,6 +23,12 @@ processors:
       target_field: event.original
       ignore_missing: true
       if: ctx.event?.original == null
+  - remove:
+      field: message
+      tag: remove_message
+      ignore_missing: true
+      if: ctx.event?.original != null
+      description: 'The `message` field is no longer required if the document has an `event.original` field.'
   - json:
       field: event.original
       target_field: eti

packages/ti_eset/data_stream/botnet/elasticsearch/ingest_pipeline/default.yml

@@ -23,6 +23,12 @@ processors:
       target_field: event.original
       ignore_missing: true
       if: ctx.event?.original == null
+  - remove:
+      field: message
+      tag: remove_message
+      ignore_missing: true
+      if: ctx.event?.original != null
+      description: 'The `message` field is no longer required if the document has an `event.original` field.'
   - json:
       field: event.original
       target_field: eti

packages/ti_eset/data_stream/cc/elasticsearch/ingest_pipeline/default.yml

@@ -23,6 +23,12 @@ processors:
       target_field: event.original
       ignore_missing: true
       if: ctx.event?.original == null
+  - remove:
+      field: message
+      tag: remove_message
+      ignore_missing: true
+      if: ctx.event?.original != null
+      description: 'The `message` field is no longer required if the document has an `event.original` field.'
   - json:
       field: event.original
       target_field: eti

packages/ti_eset/data_stream/domains/elasticsearch/ingest_pipeline/default.yml

@@ -23,6 +23,12 @@ processors:
       target_field: event.original
       ignore_missing: true
       if: ctx.event?.original == null
+  - remove:
+      field: message
+      tag: remove_message
+      ignore_missing: true
+      if: ctx.event?.original != null
+      description: 'The `message` field is no longer required if the document has an `event.original` field.'
   - json:
       field: event.original
       target_field: eti

packages/ti_eset/data_stream/files/elasticsearch/ingest_pipeline/default.yml

@@ -23,6 +23,12 @@ processors:
       target_field: event.original
       ignore_missing: true
       if: ctx.event?.original == null
+  - remove:
+      field: message
+      tag: remove_message
+      ignore_missing: true
+      if: ctx.event?.original != null
+      description: 'The `message` field is no longer required if the document has an `event.original` field.'
   - json:
       field: event.original
       target_field: eti

packages/ti_eset/data_stream/ip/elasticsearch/ingest_pipeline/default.yml

@@ -23,6 +23,12 @@ processors:
       target_field: event.original
       ignore_missing: true
       if: ctx.event?.original == null
+  - remove:
+      field: message
+      tag: remove_message
+      ignore_missing: true
+      if: ctx.event?.original != null
+      description: 'The `message` field is no longer required if the document has an `event.original` field.'
   - json:
       field: event.original
       target_field: eti

packages/ti_eset/data_stream/url/elasticsearch/ingest_pipeline/default.yml

@@ -23,6 +23,12 @@ processors:
       target_field: event.original
       ignore_missing: true
       if: ctx.event?.original == null
+  - remove:
+      field: message
+      tag: remove_message
+      ignore_missing: true
+      if: ctx.event?.original != null
+      description: 'The `message` field is no longer required if the document has an `event.original` field.'
   - json:
       field: event.original
       target_field: eti

packages/ti_eset/docs/README.md

@@ -13,6 +13,11 @@ It includes the following datasets for retrieving logs:
 |      ip | ip stix 2.1            |
 |     url | url stix 2.1           |
 
+## Agentless Enabled Integration
+
+Agentless integrations allow you to collect data without having to manage Elastic Agent in your cloud. They make manual agent deployment unnecessary, so you can focus on your data instead of the agent that collects it. For more information, refer to [Agentless integrations](https://www.elastic.co/guide/en/serverless/current/security-agentless-integrations.html) and the [Agentless integrations FAQ](https://www.elastic.co/guide/en/serverless/current/agentless-integration-troubleshooting.html).
+Agentless deployments are only supported in Elastic Serverless and Elastic Cloud environments.  This functionality is in beta and is subject to change. Beta features are not subject to the support SLA of official GA features.
+
 ## Expiration of Indicators of Compromise (IOCs)
 
 The ingested IOCs expire after certain duration. An [Elastic Transform](https://www.elastic.co/guide/en/elasticsearch/reference/current/transforms.html) is created for every source index to 

packages/ti_eset/manifest.yml

@@ -1,7 +1,7 @@
-format_version: 3.0.3
+format_version: 3.3.2
 name: ti_eset
 title: "ESET Threat Intelligence"
-version: "1.10.0"
+version: "1.11.0"
 description: "Ingest threat intelligence indicators from ESET Threat Intelligence with Elastic Agent."
 type: integration
 categories:
@@ -34,6 +34,15 @@ policy_templates:
   - name: eset
     title: ETI feeds (TAXII version 2)
     description: Collect data from ETI feeds (TAXII version 2)
+    deployment_modes:
+      default:
+        enabled: true
+      agentless:
+        enabled: true
+        release: beta
+        organization: security
+        division: engineering
+        team: security-service-integrations
     inputs:
       - type: httpjson
         title: ETI feeds (TAXII version 2)

packages/ti_maltiverse/_dev/build/docs/README.md

@@ -6,6 +6,11 @@ This integration fetches Maltiverse Threat Intelligence feeds and add them into
 
 In order to download feed you need to [register](https://maltiverse.com/auth/register) and generate an API key on you profile page.
 
+## Agentless Enabled Integration
+
+Agentless integrations allow you to collect data without having to manage Elastic Agent in your cloud. They make manual agent deployment unnecessary, so you can focus on your data instead of the agent that collects it. For more information, refer to [Agentless integrations](https://www.elastic.co/guide/en/serverless/current/security-agentless-integrations.html) and the [Agentless integrations FAQ](https://www.elastic.co/guide/en/serverless/current/agentless-integration-troubleshooting.html).
+Agentless deployments are only supported in Elastic Serverless and Elastic Cloud environments.  This functionality is in beta and is subject to change. Beta features are not subject to the support SLA of official GA features.
+
 ## IoCs Expiration
 Since we want to retain only valuable information and avoid duplicated data, the Maltiverse Elastic integration forces the indicators to rotate into a custom index called: `logs-ti_maltiverse_latest.indicator`.
 **Please, refer to this index in order to set alerts and so on.**

packages/ti_maltiverse/changelog.yml

@@ -1,3 +1,8 @@
+- version: "1.8.0"
+  changes:
+    - description: Enable Agentless deployment.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/19598
 - version: "1.7.0"
   changes:
     - description: Use num_failure_retries instead of unattended mode for transform failure recovery.

packages/ti_maltiverse/data_stream/indicator/elasticsearch/ingest_pipeline/default.yml

@@ -9,6 +9,12 @@ processors:
       target_field: event.original
       ignore_missing: true
       if: ctx.event?.original == null
+  - remove:
+      field: message
+      tag: remove_message
+      ignore_missing: true
+      if: ctx.event?.original != null
+      description: 'The `message` field is no longer required if the document has an `event.original` field.'
   - json:
       field: event.original
       target_field: maltiverse

packages/ti_maltiverse/docs/README.md

@@ -6,6 +6,11 @@ This integration fetches Maltiverse Threat Intelligence feeds and add them into
 
 In order to download feed you need to [register](https://maltiverse.com/auth/register) and generate an API key on you profile page.
 
+## Agentless Enabled Integration
+
+Agentless integrations allow you to collect data without having to manage Elastic Agent in your cloud. They make manual agent deployment unnecessary, so you can focus on your data instead of the agent that collects it. For more information, refer to [Agentless integrations](https://www.elastic.co/guide/en/serverless/current/security-agentless-integrations.html) and the [Agentless integrations FAQ](https://www.elastic.co/guide/en/serverless/current/agentless-integration-troubleshooting.html).
+Agentless deployments are only supported in Elastic Serverless and Elastic Cloud environments.  This functionality is in beta and is subject to change. Beta features are not subject to the support SLA of official GA features.
+
 ## IoCs Expiration
 Since we want to retain only valuable information and avoid duplicated data, the Maltiverse Elastic integration forces the indicators to rotate into a custom index called: `logs-ti_maltiverse_latest.indicator`.
 **Please, refer to this index in order to set alerts and so on.**

packages/ti_maltiverse/manifest.yml

@@ -1,15 +1,15 @@
 name: ti_maltiverse
 title: Maltiverse
-version: "1.7.0"
+version: "1.8.0"
 description: Ingest threat intelligence indicators from Maltiverse feeds with Elastic Agent
 type: integration
-format_version: 3.0.2
+format_version: 3.3.2
 categories:
   - security
   - threat_intel
 conditions:
   kibana:
-    version: "^8.13.0 || ^9.0.0"
+    version: "^8.19.2 || ^9.0.5"
 icons:
   - src: /img/logo-maltiverse.svg
     title: Maltiverse
@@ -19,6 +19,15 @@ policy_templates:
   - name: ti_maltiverse
     title: Maltiverse
     description: Ingest threat intelligence indicators from Maltiverse feeds with Elastic Agent
+    deployment_modes:
+      default:
+        enabled: true
+      agentless:
+        enabled: true
+        release: beta
+        organization: security
+        division: engineering
+        team: security-service-integrations
     inputs:
       - type: httpjson
         title: "Collect threat intelligence feeds from Maltiverse API."