From ef373ee4b2546350e50b2d85c74243f16ab6cc1b Mon Sep 17 00:00:00 2001 From: Dan Kortschak Date: Mon, 16 Dec 2024 13:05:49 +1030 Subject: [PATCH] ssi_all: add "preserve_original_event" tag to documents with event.kind manually set to "pipeline_error" --- packages/abnormal_security/changelog.yml | 5 +++++ .../elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../audit/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../case/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../threat/elasticsearch/ingest_pipeline/default.yml | 5 +++++ packages/abnormal_security/manifest.yml | 2 +- packages/amazon_security_lake/changelog.yml | 5 +++++ .../event/elasticsearch/ingest_pipeline/default.yml | 5 +++++ packages/amazon_security_lake/manifest.yml | 2 +- packages/authentik/changelog.yml | 5 +++++ .../event/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../group/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../user/elasticsearch/ingest_pipeline/default.yml | 5 +++++ packages/authentik/manifest.yml | 2 +- packages/azure_network_watcher_nsg/changelog.yml | 5 +++++ .../log/elasticsearch/ingest_pipeline/default.yml | 5 +++++ packages/azure_network_watcher_nsg/manifest.yml | 2 +- packages/azure_network_watcher_vnet/changelog.yml | 5 +++++ .../log/elasticsearch/ingest_pipeline/default.yml | 5 +++++ packages/azure_network_watcher_vnet/manifest.yml | 2 +- packages/bitwarden/changelog.yml | 5 +++++ .../elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../event/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../group/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../member/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../policy/elasticsearch/ingest_pipeline/default.yml | 5 +++++ packages/bitwarden/manifest.yml | 2 +- packages/canva/changelog.yml | 5 +++++ .../audit/elasticsearch/ingest_pipeline/default.yml | 5 +++++ packages/canva/manifest.yml | 2 +- packages/checkpoint_email/changelog.yml | 5 +++++ .../event/elasticsearch/ingest_pipeline/default.yml | 5 +++++ packages/checkpoint_email/manifest.yml | 2 +- packages/claroty_ctd/changelog.yml | 5 +++++ .../asset/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../baseline/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../event/elasticsearch/ingest_pipeline/default.yml | 5 +++++ packages/claroty_ctd/manifest.yml | 2 +- packages/crowdstrike/changelog.yml | 5 +++++ .../alert/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../host/elasticsearch/ingest_pipeline/default.yml | 5 +++++ packages/crowdstrike/manifest.yml | 2 +- packages/cybereason/changelog.yml | 5 +++++ .../elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../malware/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../elasticsearch/ingest_pipeline/default.yml | 5 +++++ packages/cybereason/manifest.yml | 2 +- packages/digital_guardian/changelog.yml | 5 +++++ .../arc/elasticsearch/ingest_pipeline/default.yml | 5 +++++ packages/digital_guardian/manifest.yml | 2 +- packages/entityanalytics_ad/changelog.yml | 5 +++++ .../user/elasticsearch/ingest_pipeline/default.yml | 5 +++++ packages/entityanalytics_ad/manifest.yml | 2 +- packages/entityanalytics_entra_id/changelog.yml | 5 +++++ .../entity/elasticsearch/ingest_pipeline/default.yml | 7 ++++++- packages/entityanalytics_entra_id/manifest.yml | 2 +- packages/entityanalytics_okta/changelog.yml | 5 +++++ .../user/elasticsearch/ingest_pipeline/default.yml | 5 +++++ packages/entityanalytics_okta/manifest.yml | 2 +- packages/eset_protect/changelog.yml | 5 +++++ .../elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../event/elasticsearch/ingest_pipeline/default.yml | 5 +++++ packages/eset_protect/manifest.yml | 2 +- packages/f5_bigip/changelog.yml | 5 +++++ .../log/elasticsearch/ingest_pipeline/default.yml | 5 +++++ packages/f5_bigip/manifest.yml | 2 +- packages/gitlab/changelog.yml | 5 +++++ .../elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../audit/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../auth/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../pages/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../sidekiq/elasticsearch/ingest_pipeline/default.yml | 5 +++++ packages/gitlab/manifest.yml | 2 +- packages/google_scc/changelog.yml | 5 +++++ .../asset/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../audit/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../finding/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../source/elasticsearch/ingest_pipeline/default.yml | 5 +++++ packages/google_scc/manifest.yml | 2 +- packages/google_workspace/changelog.yml | 5 +++++ .../elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../device/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../gcp/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../elasticsearch/ingest_pipeline/default.yml | 5 +++++ packages/google_workspace/manifest.yml | 2 +- packages/imperva_cloud_waf/changelog.yml | 5 +++++ .../event/elasticsearch/ingest_pipeline/default.yml | 5 +++++ packages/imperva_cloud_waf/manifest.yml | 2 +- packages/m365_defender/changelog.yml | 5 +++++ .../alert/elasticsearch/ingest_pipeline/default.yml | 5 +++++ packages/m365_defender/manifest.yml | 2 +- packages/menlo/changelog.yml | 5 +++++ .../dlp/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../web/elasticsearch/ingest_pipeline/default.yml | 5 +++++ packages/menlo/manifest.yml | 2 +- packages/microsoft_defender_cloud/changelog.yml | 5 +++++ .../event/elasticsearch/ingest_pipeline/default.yml | 5 +++++ packages/microsoft_defender_cloud/manifest.yml | 2 +- packages/microsoft_sentinel/changelog.yml | 5 +++++ .../alert/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../event/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../incident/elasticsearch/ingest_pipeline/default.yml | 5 +++++ packages/microsoft_sentinel/manifest.yml | 2 +- packages/prisma_access/changelog.yml | 5 +++++ .../event/elasticsearch/ingest_pipeline/default.yml | 5 +++++ packages/prisma_access/manifest.yml | 2 +- packages/prisma_cloud/changelog.yml | 5 +++++ .../alert/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../audit/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../host/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../elasticsearch/ingest_pipeline/default.yml | 5 +++++ packages/prisma_cloud/manifest.yml | 2 +- packages/proofpoint_on_demand/changelog.yml | 5 +++++ .../audit/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../mail/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../message/elasticsearch/ingest_pipeline/default.yml | 5 +++++ packages/proofpoint_on_demand/manifest.yml | 2 +- packages/qualys_vmdr/changelog.yml | 5 +++++ .../elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../elasticsearch/ingest_pipeline/default.yml | 5 +++++ packages/qualys_vmdr/manifest.yml | 2 +- packages/rapid7_insightvm/changelog.yml | 5 +++++ .../asset/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../elasticsearch/ingest_pipeline/default.yml | 5 +++++ packages/rapid7_insightvm/manifest.yml | 2 +- packages/salesforce/changelog.yml | 10 ++++++++++ packages/salesforce/manifest.yml | 2 +- packages/servicenow/changelog.yml | 5 +++++ .../event/elasticsearch/ingest_pipeline/default.yml | 5 +++++ packages/servicenow/manifest.yml | 2 +- packages/spycloud/changelog.yml | 5 +++++ .../elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../compass/elasticsearch/ingest_pipeline/default.yml | 5 +++++ packages/spycloud/manifest.yml | 2 +- packages/sublime_security/changelog.yml | 5 +++++ .../audit/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../elasticsearch/ingest_pipeline/default.yml | 5 +++++ packages/sublime_security/manifest.yml | 2 +- packages/symantec_edr_cloud/changelog.yml | 5 +++++ .../incident/elasticsearch/ingest_pipeline/default.yml | 5 +++++ packages/symantec_edr_cloud/manifest.yml | 2 +- packages/symantec_endpoint_security/changelog.yml | 5 +++++ .../event/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../incident/elasticsearch/ingest_pipeline/default.yml | 5 +++++ packages/symantec_endpoint_security/manifest.yml | 2 +- packages/tenable_io/changelog.yml | 5 +++++ .../asset/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../plugin/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../elasticsearch/ingest_pipeline/default.yml | 5 +++++ packages/tenable_io/manifest.yml | 2 +- packages/ti_crowdstrike/changelog.yml | 5 +++++ .../intel/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../ioc/elasticsearch/ingest_pipeline/default.yml | 5 +++++ packages/ti_crowdstrike/manifest.yml | 2 +- packages/ti_eset/changelog.yml | 5 +++++ .../apt/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../botnet/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../cc/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../domains/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../files/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../ip/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../url/elasticsearch/ingest_pipeline/default.yml | 5 +++++ packages/ti_eset/manifest.yml | 2 +- packages/ti_mandiant_advantage/changelog.yml | 5 +++++ .../elasticsearch/ingest_pipeline/default.yml | 5 +++++ packages/ti_mandiant_advantage/manifest.yml | 2 +- packages/ti_rapid7_threat_command/changelog.yml | 5 +++++ .../alert/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../ioc/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../elasticsearch/ingest_pipeline/default.yml | 5 +++++ packages/ti_rapid7_threat_command/manifest.yml | 2 +- packages/ti_threatconnect/changelog.yml | 5 +++++ .../elasticsearch/ingest_pipeline/default.yml | 5 +++++ packages/ti_threatconnect/manifest.yml | 2 +- packages/trellix_edr_cloud/changelog.yml | 5 +++++ .../event/elasticsearch/ingest_pipeline/default.yml | 5 +++++ packages/trellix_edr_cloud/manifest.yml | 2 +- packages/trellix_epo_cloud/changelog.yml | 5 +++++ .../device/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../event/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../group/elasticsearch/ingest_pipeline/default.yml | 5 +++++ packages/trellix_epo_cloud/manifest.yml | 2 +- packages/trendmicro/changelog.yml | 5 +++++ .../elasticsearch/ingest_pipeline/default.yml | 5 +++++ packages/trendmicro/manifest.yml | 2 +- packages/vectra_detect/changelog.yml | 5 +++++ .../log/elasticsearch/ingest_pipeline/default.yml | 5 +++++ packages/vectra_detect/manifest.yml | 2 +- packages/wiz/changelog.yml | 5 +++++ .../audit/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../issue/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../elasticsearch/ingest_pipeline/default.yml | 5 +++++ packages/wiz/manifest.yml | 2 +- packages/zscaler_zia/changelog.yml | 5 +++++ .../alerts/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../audit/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../dns/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../firewall/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../tunnel/elasticsearch/ingest_pipeline/default.yml | 5 +++++ .../web/elasticsearch/ingest_pipeline/default.yml | 5 +++++ packages/zscaler_zia/manifest.yml | 2 +- 212 files changed, 874 insertions(+), 49 deletions(-) diff --git a/packages/abnormal_security/changelog.yml b/packages/abnormal_security/changelog.yml index 537069b9e02..56079a9ada7 100644 --- a/packages/abnormal_security/changelog.yml +++ b/packages/abnormal_security/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` manually set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12109 - version: "1.1.0" changes: - description: Add "preserve_original_event" tag to documents with `event.kind` set to "pipeline_error". diff --git a/packages/abnormal_security/data_stream/ai_security_mailbox/elasticsearch/ingest_pipeline/default.yml b/packages/abnormal_security/data_stream/ai_security_mailbox/elasticsearch/ingest_pipeline/default.yml index 08666a07db7..faa56f28800 100644 --- a/packages/abnormal_security/data_stream/ai_security_mailbox/elasticsearch/ingest_pipeline/default.yml +++ b/packages/abnormal_security/data_stream/ai_security_mailbox/elasticsearch/ingest_pipeline/default.yml @@ -275,6 +275,11 @@ processors: value: pipeline_error tag: set_pipeline_error_into_event_kind if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/abnormal_security/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/abnormal_security/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 4842ed12a84..7dae9d0e6f6 100644 --- a/packages/abnormal_security/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/abnormal_security/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -251,6 +251,11 @@ processors: value: pipeline_error tag: set_pipeline_error_into_event_kind if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/abnormal_security/data_stream/case/elasticsearch/ingest_pipeline/default.yml b/packages/abnormal_security/data_stream/case/elasticsearch/ingest_pipeline/default.yml index a91947c09a8..8849284ad5e 100644 --- a/packages/abnormal_security/data_stream/case/elasticsearch/ingest_pipeline/default.yml +++ b/packages/abnormal_security/data_stream/case/elasticsearch/ingest_pipeline/default.yml @@ -214,6 +214,11 @@ processors: value: pipeline_error tag: set_pipeline_error_into_event_kind if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/abnormal_security/data_stream/threat/elasticsearch/ingest_pipeline/default.yml b/packages/abnormal_security/data_stream/threat/elasticsearch/ingest_pipeline/default.yml index e2489abcf28..be6b071e816 100644 --- a/packages/abnormal_security/data_stream/threat/elasticsearch/ingest_pipeline/default.yml +++ b/packages/abnormal_security/data_stream/threat/elasticsearch/ingest_pipeline/default.yml @@ -535,6 +535,11 @@ processors: tag: set_pipeline_error_to_event_kind value: pipeline_error if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/abnormal_security/manifest.yml b/packages/abnormal_security/manifest.yml index da86e876d4c..6b53b838390 100644 --- a/packages/abnormal_security/manifest.yml +++ b/packages/abnormal_security/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.2.1 name: abnormal_security title: Abnormal Security -version: 1.1.0 +version: 1.2.0 description: Collect logs from Abnormal Security with Elastic Agent. type: integration categories: diff --git a/packages/amazon_security_lake/changelog.yml b/packages/amazon_security_lake/changelog.yml index f06dab78cc0..d9efe245d87 100644 --- a/packages/amazon_security_lake/changelog.yml +++ b/packages/amazon_security_lake/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.2.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` manually set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12109 - version: "2.1.0" changes: - description: Add "preserve_original_event" tag to documents with `event.kind` set to "pipeline_error". diff --git a/packages/amazon_security_lake/data_stream/event/elasticsearch/ingest_pipeline/default.yml b/packages/amazon_security_lake/data_stream/event/elasticsearch/ingest_pipeline/default.yml index 2ae2c7bf157..36d022d2b4c 100644 --- a/packages/amazon_security_lake/data_stream/event/elasticsearch/ingest_pipeline/default.yml +++ b/packages/amazon_security_lake/data_stream/event/elasticsearch/ingest_pipeline/default.yml @@ -1446,6 +1446,11 @@ processors: value: pipeline_error tag: set_pipeline_error_into_event_kind if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/amazon_security_lake/manifest.yml b/packages/amazon_security_lake/manifest.yml index a4588c779df..9347ab4e478 100644 --- a/packages/amazon_security_lake/manifest.yml +++ b/packages/amazon_security_lake/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.3" name: amazon_security_lake title: Amazon Security Lake -version: "2.1.0" +version: "2.2.0" description: Collect logs from Amazon Security Lake with Elastic Agent. type: integration categories: ["aws", "security"] diff --git a/packages/authentik/changelog.yml b/packages/authentik/changelog.yml index bec68c1a91a..fd5995258a6 100644 --- a/packages/authentik/changelog.yml +++ b/packages/authentik/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` manually set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12109 - version: "1.1.1" changes: - description: Fix broken links in Security Service integrations packages. diff --git a/packages/authentik/data_stream/event/elasticsearch/ingest_pipeline/default.yml b/packages/authentik/data_stream/event/elasticsearch/ingest_pipeline/default.yml index 080d4fd5df9..750fb5f0e6b 100644 --- a/packages/authentik/data_stream/event/elasticsearch/ingest_pipeline/default.yml +++ b/packages/authentik/data_stream/event/elasticsearch/ingest_pipeline/default.yml @@ -512,6 +512,11 @@ processors: value: pipeline_error tag: set_pipeline_error_into_event_kind if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/authentik/data_stream/group/elasticsearch/ingest_pipeline/default.yml b/packages/authentik/data_stream/group/elasticsearch/ingest_pipeline/default.yml index 73104735930..f51eae2fcbb 100644 --- a/packages/authentik/data_stream/group/elasticsearch/ingest_pipeline/default.yml +++ b/packages/authentik/data_stream/group/elasticsearch/ingest_pipeline/default.yml @@ -152,6 +152,11 @@ processors: value: pipeline_error tag: set_pipeline_error_into_event_kind if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/authentik/data_stream/user/elasticsearch/ingest_pipeline/default.yml b/packages/authentik/data_stream/user/elasticsearch/ingest_pipeline/default.yml index 975bde1f01d..bdfabcc2cce 100644 --- a/packages/authentik/data_stream/user/elasticsearch/ingest_pipeline/default.yml +++ b/packages/authentik/data_stream/user/elasticsearch/ingest_pipeline/default.yml @@ -210,6 +210,11 @@ processors: value: pipeline_error tag: set_pipeline_error_into_event_kind if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/authentik/manifest.yml b/packages/authentik/manifest.yml index 0a9140c161e..73637e5839b 100644 --- a/packages/authentik/manifest.yml +++ b/packages/authentik/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.2.1 name: authentik title: authentik -version: 1.1.1 +version: 1.2.0 description: Collect logs from authentik with Elastic Agent. type: integration categories: diff --git a/packages/azure_network_watcher_nsg/changelog.yml b/packages/azure_network_watcher_nsg/changelog.yml index 1914d86f0b8..2b1a32575fb 100644 --- a/packages/azure_network_watcher_nsg/changelog.yml +++ b/packages/azure_network_watcher_nsg/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` manually set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12109 - version: "1.1.0" changes: - description: Add "preserve_original_event" tag to documents with `event.kind` set to "pipeline_error". diff --git a/packages/azure_network_watcher_nsg/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/azure_network_watcher_nsg/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 69e1d1f22ba..133c1bcb38a 100644 --- a/packages/azure_network_watcher_nsg/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/azure_network_watcher_nsg/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -744,6 +744,11 @@ processors: value: pipeline_error tag: set_pipeline_error_into_event_kind if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/azure_network_watcher_nsg/manifest.yml b/packages/azure_network_watcher_nsg/manifest.yml index 5849f43908b..f094da4b10d 100644 --- a/packages/azure_network_watcher_nsg/manifest.yml +++ b/packages/azure_network_watcher_nsg/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.1.2 name: azure_network_watcher_nsg title: Azure Network Watcher NSG -version: "1.1.0" +version: "1.2.0" description: Collect logs from Azure Network Watcher NSG with Elastic Agent. type: integration categories: diff --git a/packages/azure_network_watcher_vnet/changelog.yml b/packages/azure_network_watcher_vnet/changelog.yml index 57cf894d451..24c2104939b 100644 --- a/packages/azure_network_watcher_vnet/changelog.yml +++ b/packages/azure_network_watcher_vnet/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` manually set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12109 - version: "1.1.0" changes: - description: Add "preserve_original_event" tag to documents with `event.kind` set to "pipeline_error". diff --git a/packages/azure_network_watcher_vnet/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/azure_network_watcher_vnet/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 21037b9d071..b8d45b86feb 100644 --- a/packages/azure_network_watcher_vnet/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/azure_network_watcher_vnet/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -727,6 +727,11 @@ processors: value: pipeline_error tag: set_pipeline_error_into_event_kind if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/azure_network_watcher_vnet/manifest.yml b/packages/azure_network_watcher_vnet/manifest.yml index 0ff2bcf70d2..2dc76c82e79 100644 --- a/packages/azure_network_watcher_vnet/manifest.yml +++ b/packages/azure_network_watcher_vnet/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.1.2 name: azure_network_watcher_vnet title: Azure Network Watcher VNet -version: "1.1.0" +version: "1.2.0" description: Collect logs from Azure Network Watcher VNet with Elastic Agent. type: integration categories: diff --git a/packages/bitwarden/changelog.yml b/packages/bitwarden/changelog.yml index ea309fab1db..637b42775ab 100644 --- a/packages/bitwarden/changelog.yml +++ b/packages/bitwarden/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.16.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` manually set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12109 - version: "1.15.0" changes: - description: Do not remove `event.original` in main ingest pipeline. diff --git a/packages/bitwarden/data_stream/collection/elasticsearch/ingest_pipeline/default.yml b/packages/bitwarden/data_stream/collection/elasticsearch/ingest_pipeline/default.yml index 94c56cfbaa6..4ece1409dcd 100644 --- a/packages/bitwarden/data_stream/collection/elasticsearch/ingest_pipeline/default.yml +++ b/packages/bitwarden/data_stream/collection/elasticsearch/ingest_pipeline/default.yml @@ -66,6 +66,11 @@ processors: field: event.kind value: pipeline_error if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/bitwarden/data_stream/event/elasticsearch/ingest_pipeline/default.yml b/packages/bitwarden/data_stream/event/elasticsearch/ingest_pipeline/default.yml index f9b5e985d74..528036614dd 100644 --- a/packages/bitwarden/data_stream/event/elasticsearch/ingest_pipeline/default.yml +++ b/packages/bitwarden/data_stream/event/elasticsearch/ingest_pipeline/default.yml @@ -730,6 +730,11 @@ processors: field: event.kind value: pipeline_error if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/bitwarden/data_stream/group/elasticsearch/ingest_pipeline/default.yml b/packages/bitwarden/data_stream/group/elasticsearch/ingest_pipeline/default.yml index e0ca0935e8b..a4b8dc622db 100644 --- a/packages/bitwarden/data_stream/group/elasticsearch/ingest_pipeline/default.yml +++ b/packages/bitwarden/data_stream/group/elasticsearch/ingest_pipeline/default.yml @@ -124,6 +124,11 @@ processors: field: event.kind value: pipeline_error if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/bitwarden/data_stream/member/elasticsearch/ingest_pipeline/default.yml b/packages/bitwarden/data_stream/member/elasticsearch/ingest_pipeline/default.yml index 0233a796e8e..1c6e262a002 100644 --- a/packages/bitwarden/data_stream/member/elasticsearch/ingest_pipeline/default.yml +++ b/packages/bitwarden/data_stream/member/elasticsearch/ingest_pipeline/default.yml @@ -258,6 +258,11 @@ processors: value: pipeline_error tag: set_pipeline_error_into_event_kind if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/bitwarden/data_stream/policy/elasticsearch/ingest_pipeline/default.yml b/packages/bitwarden/data_stream/policy/elasticsearch/ingest_pipeline/default.yml index b86aff0bcee..8029bcefbda 100644 --- a/packages/bitwarden/data_stream/policy/elasticsearch/ingest_pipeline/default.yml +++ b/packages/bitwarden/data_stream/policy/elasticsearch/ingest_pipeline/default.yml @@ -326,6 +326,11 @@ processors: field: event.kind value: pipeline_error if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/bitwarden/manifest.yml b/packages/bitwarden/manifest.yml index e88c9b1be02..40f6cba414f 100644 --- a/packages/bitwarden/manifest.yml +++ b/packages/bitwarden/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: bitwarden title: Bitwarden -version: "1.15.0" +version: "1.16.0" source: license: Elastic-2.0 description: Collect logs from Bitwarden with Elastic Agent. diff --git a/packages/canva/changelog.yml b/packages/canva/changelog.yml index 1f8d198761e..92427801f17 100644 --- a/packages/canva/changelog.yml +++ b/packages/canva/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.3.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` manually set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12109 - version: "0.2.0" changes: - description: Add "preserve_original_event" tag to documents with `event.kind` set to "pipeline_error". diff --git a/packages/canva/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/canva/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index b6a258e932c..e1faa9758de 100644 --- a/packages/canva/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/canva/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -1048,6 +1048,11 @@ processors: value: pipeline_error tag: set_pipeline_error_into_event_kind if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/canva/manifest.yml b/packages/canva/manifest.yml index a2acb5e6c7e..f3ebbfb0b73 100644 --- a/packages/canva/manifest.yml +++ b/packages/canva/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.2.1 name: canva title: Canva -version: 0.2.0 +version: 0.3.0 description: Collect logs from Canva with Elastic Agent. type: integration categories: diff --git a/packages/checkpoint_email/changelog.yml b/packages/checkpoint_email/changelog.yml index 2bda48b6d19..d4de7264805 100644 --- a/packages/checkpoint_email/changelog.yml +++ b/packages/checkpoint_email/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.4.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` manually set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12109 - version: "0.3.0" changes: - description: Add "preserve_original_event" tag to documents with `event.kind` set to "pipeline_error". diff --git a/packages/checkpoint_email/data_stream/event/elasticsearch/ingest_pipeline/default.yml b/packages/checkpoint_email/data_stream/event/elasticsearch/ingest_pipeline/default.yml index 60c4a782211..5d2dd429cad 100644 --- a/packages/checkpoint_email/data_stream/event/elasticsearch/ingest_pipeline/default.yml +++ b/packages/checkpoint_email/data_stream/event/elasticsearch/ingest_pipeline/default.yml @@ -343,6 +343,11 @@ processors: tag: set_pipeline_error_to_event_kind value: pipeline_error if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/checkpoint_email/manifest.yml b/packages/checkpoint_email/manifest.yml index 6a4a7d074cc..0523c10741d 100644 --- a/packages/checkpoint_email/manifest.yml +++ b/packages/checkpoint_email/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.2.2 name: checkpoint_email title: Check Point Harmony Email & Collaboration -version: 0.3.0 +version: 0.4.0 description: Collect logs from Check Point Harmony Email & Collaboration with Elastic Agent. type: integration categories: diff --git a/packages/claroty_ctd/changelog.yml b/packages/claroty_ctd/changelog.yml index 6a8a0f7da69..ec8d8fdcbdf 100644 --- a/packages/claroty_ctd/changelog.yml +++ b/packages/claroty_ctd/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.4.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` manually set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12109 - version: "0.3.0" changes: - description: Add "preserve_original_event" tag to documents with `event.kind` set to "pipeline_error". diff --git a/packages/claroty_ctd/data_stream/asset/elasticsearch/ingest_pipeline/default.yml b/packages/claroty_ctd/data_stream/asset/elasticsearch/ingest_pipeline/default.yml index 239e8d86ef1..6ae4bc0509d 100644 --- a/packages/claroty_ctd/data_stream/asset/elasticsearch/ingest_pipeline/default.yml +++ b/packages/claroty_ctd/data_stream/asset/elasticsearch/ingest_pipeline/default.yml @@ -1324,6 +1324,11 @@ processors: tag: set_pipeline_error_to_event_kind value: pipeline_error if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/claroty_ctd/data_stream/baseline/elasticsearch/ingest_pipeline/default.yml b/packages/claroty_ctd/data_stream/baseline/elasticsearch/ingest_pipeline/default.yml index 83b2efd7f20..eb87de96f7b 100644 --- a/packages/claroty_ctd/data_stream/baseline/elasticsearch/ingest_pipeline/default.yml +++ b/packages/claroty_ctd/data_stream/baseline/elasticsearch/ingest_pipeline/default.yml @@ -540,6 +540,11 @@ processors: tag: set_pipeline_error_to_event_kind value: pipeline_error if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/claroty_ctd/data_stream/event/elasticsearch/ingest_pipeline/default.yml b/packages/claroty_ctd/data_stream/event/elasticsearch/ingest_pipeline/default.yml index 54e0eeba518..abed9a09a35 100644 --- a/packages/claroty_ctd/data_stream/event/elasticsearch/ingest_pipeline/default.yml +++ b/packages/claroty_ctd/data_stream/event/elasticsearch/ingest_pipeline/default.yml @@ -2195,6 +2195,11 @@ processors: tag: set_pipeline_error_to_event_kind value: pipeline_error if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/claroty_ctd/manifest.yml b/packages/claroty_ctd/manifest.yml index 2b05262bbdc..1b0e411f6f3 100644 --- a/packages/claroty_ctd/manifest.yml +++ b/packages/claroty_ctd/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.1.4 name: claroty_ctd title: Claroty CTD -version: 0.3.0 +version: 0.4.0 description: Collect logs from Claroty CTD using Elastic Agent. type: integration categories: diff --git a/packages/crowdstrike/changelog.yml b/packages/crowdstrike/changelog.yml index f42e09536b4..d5bc32bc002 100644 --- a/packages/crowdstrike/changelog.yml +++ b/packages/crowdstrike/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.49.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` manually set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12109 - version: "1.48.0" changes: - description: Add "preserve_original_event" tag to documents with `event.kind` set to "pipeline_error". diff --git a/packages/crowdstrike/data_stream/alert/elasticsearch/ingest_pipeline/default.yml b/packages/crowdstrike/data_stream/alert/elasticsearch/ingest_pipeline/default.yml index 18c48e70600..c5d43259df2 100644 --- a/packages/crowdstrike/data_stream/alert/elasticsearch/ingest_pipeline/default.yml +++ b/packages/crowdstrike/data_stream/alert/elasticsearch/ingest_pipeline/default.yml @@ -2651,6 +2651,11 @@ processors: tag: set_pipeline_error_to_event_kind value: pipeline_error if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/crowdstrike/data_stream/host/elasticsearch/ingest_pipeline/default.yml b/packages/crowdstrike/data_stream/host/elasticsearch/ingest_pipeline/default.yml index 1725cc8848e..3ab8d3adb46 100644 --- a/packages/crowdstrike/data_stream/host/elasticsearch/ingest_pipeline/default.yml +++ b/packages/crowdstrike/data_stream/host/elasticsearch/ingest_pipeline/default.yml @@ -808,6 +808,11 @@ processors: value: pipeline_error allow_duplicates: false if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/crowdstrike/manifest.yml b/packages/crowdstrike/manifest.yml index e933096df2a..5ffef099957 100644 --- a/packages/crowdstrike/manifest.yml +++ b/packages/crowdstrike/manifest.yml @@ -1,6 +1,6 @@ name: crowdstrike title: CrowdStrike -version: "1.48.0" +version: "1.49.0" description: Collect logs from Crowdstrike with Elastic Agent. type: integration format_version: "3.0.3" diff --git a/packages/cybereason/changelog.yml b/packages/cybereason/changelog.yml index 6447c104d7f..b51d2b9de46 100644 --- a/packages/cybereason/changelog.yml +++ b/packages/cybereason/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` manually set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12109 - version: "1.1.0" changes: - description: Add "preserve_original_event" tag to documents with `event.kind` set to "pipeline_error". diff --git a/packages/cybereason/data_stream/logon_session/elasticsearch/ingest_pipeline/default.yml b/packages/cybereason/data_stream/logon_session/elasticsearch/ingest_pipeline/default.yml index 51a6796635c..0839ce13493 100644 --- a/packages/cybereason/data_stream/logon_session/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cybereason/data_stream/logon_session/elasticsearch/ingest_pipeline/default.yml @@ -806,6 +806,11 @@ processors: value: pipeline_error allow_duplicates: false if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/cybereason/data_stream/malop_connection/elasticsearch/ingest_pipeline/default.yml b/packages/cybereason/data_stream/malop_connection/elasticsearch/ingest_pipeline/default.yml index f156dd1400c..ed161c5d013 100644 --- a/packages/cybereason/data_stream/malop_connection/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cybereason/data_stream/malop_connection/elasticsearch/ingest_pipeline/default.yml @@ -1205,6 +1205,11 @@ processors: value: pipeline_error allow_duplicates: false if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/cybereason/data_stream/malop_process/elasticsearch/ingest_pipeline/default.yml b/packages/cybereason/data_stream/malop_process/elasticsearch/ingest_pipeline/default.yml index 330101e10a6..ccdedd68a41 100644 --- a/packages/cybereason/data_stream/malop_process/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cybereason/data_stream/malop_process/elasticsearch/ingest_pipeline/default.yml @@ -2326,6 +2326,11 @@ processors: value: pipeline_error allow_duplicates: false if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/cybereason/data_stream/malware/elasticsearch/ingest_pipeline/default.yml b/packages/cybereason/data_stream/malware/elasticsearch/ingest_pipeline/default.yml index 1d4017f48bf..2099c207ac8 100644 --- a/packages/cybereason/data_stream/malware/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cybereason/data_stream/malware/elasticsearch/ingest_pipeline/default.yml @@ -256,6 +256,11 @@ processors: value: pipeline_error allow_duplicates: false if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/cybereason/data_stream/poll_malop/elasticsearch/ingest_pipeline/default.yml b/packages/cybereason/data_stream/poll_malop/elasticsearch/ingest_pipeline/default.yml index d0debc2624d..91fd97b59b8 100644 --- a/packages/cybereason/data_stream/poll_malop/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cybereason/data_stream/poll_malop/elasticsearch/ingest_pipeline/default.yml @@ -605,6 +605,11 @@ processors: value: pipeline_error allow_duplicates: false if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/cybereason/data_stream/suspicions_process/elasticsearch/ingest_pipeline/default.yml b/packages/cybereason/data_stream/suspicions_process/elasticsearch/ingest_pipeline/default.yml index 31df172c2cb..e810d99e341 100644 --- a/packages/cybereason/data_stream/suspicions_process/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cybereason/data_stream/suspicions_process/elasticsearch/ingest_pipeline/default.yml @@ -1341,6 +1341,11 @@ processors: value: pipeline_error allow_duplicates: false if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/cybereason/manifest.yml b/packages/cybereason/manifest.yml index 8ee32d1e9e1..25175365284 100644 --- a/packages/cybereason/manifest.yml +++ b/packages/cybereason/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.0.3 name: cybereason title: Cybereason -version: "1.1.0" +version: "1.2.0" description: Collect logs from Cybereason with Elastic Agent. type: integration categories: diff --git a/packages/digital_guardian/changelog.yml b/packages/digital_guardian/changelog.yml index 4227e3c925c..bc354722238 100644 --- a/packages/digital_guardian/changelog.yml +++ b/packages/digital_guardian/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` manually set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12109 - version: "1.2.0" changes: - description: Add "preserve_original_event" tag to documents with `event.kind` set to "pipeline_error". diff --git a/packages/digital_guardian/data_stream/arc/elasticsearch/ingest_pipeline/default.yml b/packages/digital_guardian/data_stream/arc/elasticsearch/ingest_pipeline/default.yml index 4f2d3df66bc..d43cdcd652d 100644 --- a/packages/digital_guardian/data_stream/arc/elasticsearch/ingest_pipeline/default.yml +++ b/packages/digital_guardian/data_stream/arc/elasticsearch/ingest_pipeline/default.yml @@ -193,6 +193,11 @@ processors: value: pipeline_error tag: set_pipeline_error_into_event_kind if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/digital_guardian/manifest.yml b/packages/digital_guardian/manifest.yml index c1cc152929e..cd0ff4713d6 100644 --- a/packages/digital_guardian/manifest.yml +++ b/packages/digital_guardian/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.3" name: digital_guardian title: Digital Guardian -version: "1.2.0" +version: "1.3.0" description: Collect logs from Digital Guardian with Elastic Agent. type: integration categories: diff --git a/packages/entityanalytics_ad/changelog.yml b/packages/entityanalytics_ad/changelog.yml index e9f1d98f307..e8030bcd32e 100644 --- a/packages/entityanalytics_ad/changelog.yml +++ b/packages/entityanalytics_ad/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.6.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` manually set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12109 - version: "0.5.0" changes: - description: Add "preserve_original_event" tag to documents with `event.kind` set to "pipeline_error". diff --git a/packages/entityanalytics_ad/data_stream/user/elasticsearch/ingest_pipeline/default.yml b/packages/entityanalytics_ad/data_stream/user/elasticsearch/ingest_pipeline/default.yml index 5c21ae845dd..f6a982fae9b 100644 --- a/packages/entityanalytics_ad/data_stream/user/elasticsearch/ingest_pipeline/default.yml +++ b/packages/entityanalytics_ad/data_stream/user/elasticsearch/ingest_pipeline/default.yml @@ -45,6 +45,11 @@ processors: tag: set_pipeline_error_into_event_kind value: pipeline_error if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/entityanalytics_ad/manifest.yml b/packages/entityanalytics_ad/manifest.yml index 90d91c09123..e83d892b7aa 100644 --- a/packages/entityanalytics_ad/manifest.yml +++ b/packages/entityanalytics_ad/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: entityanalytics_ad title: Active Directory Entity Analytics -version: "0.5.0" +version: "0.6.0" description: "Collect User Identities from Active Directory Entity with Elastic Agent." type: integration categories: diff --git a/packages/entityanalytics_entra_id/changelog.yml b/packages/entityanalytics_entra_id/changelog.yml index 39550acb3ea..217ae153638 100644 --- a/packages/entityanalytics_entra_id/changelog.yml +++ b/packages/entityanalytics_entra_id/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` manually set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12109 - version: "1.4.0" changes: - description: Add "preserve_original_event" tag to documents with `event.kind` set to "pipeline_error". diff --git a/packages/entityanalytics_entra_id/data_stream/entity/elasticsearch/ingest_pipeline/default.yml b/packages/entityanalytics_entra_id/data_stream/entity/elasticsearch/ingest_pipeline/default.yml index 41686aa5a7a..95ae29bfc2f 100644 --- a/packages/entityanalytics_entra_id/data_stream/entity/elasticsearch/ingest_pipeline/default.yml +++ b/packages/entityanalytics_entra_id/data_stream/entity/elasticsearch/ingest_pipeline/default.yml @@ -145,12 +145,17 @@ processors: return false; } drop(ctx); + - set: field: event.kind tag: set_pipeline_error_into_event_kind value: pipeline_error if: ctx.error?.message != null - + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/entityanalytics_entra_id/manifest.yml b/packages/entityanalytics_entra_id/manifest.yml index 636e4439284..f598d4f9979 100644 --- a/packages/entityanalytics_entra_id/manifest.yml +++ b/packages/entityanalytics_entra_id/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: entityanalytics_entra_id title: "Microsoft Entra ID Entity Analytics" -version: "1.4.0" +version: "1.5.0" description: "Collect identities from Microsoft Entra ID (formerly Azure Active Directory) with Elastic Agent." type: integration categories: diff --git a/packages/entityanalytics_okta/changelog.yml b/packages/entityanalytics_okta/changelog.yml index 54d15b0f291..f28365bde88 100644 --- a/packages/entityanalytics_okta/changelog.yml +++ b/packages/entityanalytics_okta/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.7.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` manually set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12109 - version: "1.6.0" changes: - description: Add "preserve_original_event" tag to documents with `event.kind` set to "pipeline_error". diff --git a/packages/entityanalytics_okta/data_stream/user/elasticsearch/ingest_pipeline/default.yml b/packages/entityanalytics_okta/data_stream/user/elasticsearch/ingest_pipeline/default.yml index ba82c04958e..9c4d6e91f65 100644 --- a/packages/entityanalytics_okta/data_stream/user/elasticsearch/ingest_pipeline/default.yml +++ b/packages/entityanalytics_okta/data_stream/user/elasticsearch/ingest_pipeline/default.yml @@ -674,6 +674,11 @@ processors: tag: set_pipeline_error_into_event_kind value: pipeline_error if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/entityanalytics_okta/manifest.yml b/packages/entityanalytics_okta/manifest.yml index 36db5ee082b..2efb4470d73 100644 --- a/packages/entityanalytics_okta/manifest.yml +++ b/packages/entityanalytics_okta/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: entityanalytics_okta title: Okta Entity Analytics -version: "1.6.0" +version: "1.7.0" description: "Collect User Identities from Okta with Elastic Agent." type: integration categories: diff --git a/packages/eset_protect/changelog.yml b/packages/eset_protect/changelog.yml index e45465fcfe8..91c16b29e07 100644 --- a/packages/eset_protect/changelog.yml +++ b/packages/eset_protect/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` manually set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12109 - version: "1.4.0" changes: - description: Do not remove `event.original` in main ingest pipeline. diff --git a/packages/eset_protect/data_stream/detection/elasticsearch/ingest_pipeline/default.yml b/packages/eset_protect/data_stream/detection/elasticsearch/ingest_pipeline/default.yml index 281672e1e3e..a1cdfffd9e0 100644 --- a/packages/eset_protect/data_stream/detection/elasticsearch/ingest_pipeline/default.yml +++ b/packages/eset_protect/data_stream/detection/elasticsearch/ingest_pipeline/default.yml @@ -488,6 +488,11 @@ processors: value: pipeline_error allow_duplicates: false if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/eset_protect/data_stream/device_task/elasticsearch/ingest_pipeline/default.yml b/packages/eset_protect/data_stream/device_task/elasticsearch/ingest_pipeline/default.yml index 81335b56308..994d9aef999 100644 --- a/packages/eset_protect/data_stream/device_task/elasticsearch/ingest_pipeline/default.yml +++ b/packages/eset_protect/data_stream/device_task/elasticsearch/ingest_pipeline/default.yml @@ -224,6 +224,11 @@ processors: value: pipeline_error allow_duplicates: false if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/eset_protect/data_stream/event/elasticsearch/ingest_pipeline/default.yml b/packages/eset_protect/data_stream/event/elasticsearch/ingest_pipeline/default.yml index b0a2e308158..de5122c0f4c 100644 --- a/packages/eset_protect/data_stream/event/elasticsearch/ingest_pipeline/default.yml +++ b/packages/eset_protect/data_stream/event/elasticsearch/ingest_pipeline/default.yml @@ -870,6 +870,11 @@ processors: value: pipeline_error allow_duplicates: false if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/eset_protect/manifest.yml b/packages/eset_protect/manifest.yml index 4872b16c308..2f0512b64ce 100644 --- a/packages/eset_protect/manifest.yml +++ b/packages/eset_protect/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.0.3 name: eset_protect title: ESET PROTECT -version: "1.4.0" +version: "1.5.0" description: Collect logs from ESET PROTECT with Elastic Agent. type: integration categories: diff --git a/packages/f5_bigip/changelog.yml b/packages/f5_bigip/changelog.yml index fc65ddcff41..d916332e289 100644 --- a/packages/f5_bigip/changelog.yml +++ b/packages/f5_bigip/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.22.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` manually set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12109 - version: "1.21.0" changes: - description: Add "preserve_original_event" tag to documents with `event.kind` set to "pipeline_error". diff --git a/packages/f5_bigip/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/f5_bigip/data_stream/log/elasticsearch/ingest_pipeline/default.yml index d2bbb2ad4da..264dd3f6eaf 100644 --- a/packages/f5_bigip/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/f5_bigip/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -139,6 +139,11 @@ processors: value: pipeline_error tag: set_pipeline_error_into_event_kind if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/f5_bigip/manifest.yml b/packages/f5_bigip/manifest.yml index 7c38f7847c0..20fa2c76d30 100644 --- a/packages/f5_bigip/manifest.yml +++ b/packages/f5_bigip/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: f5_bigip title: F5 BIG-IP -version: "1.21.0" +version: "1.22.0" description: Collect logs from F5 BIG-IP with Elastic Agent. type: integration categories: diff --git a/packages/gitlab/changelog.yml b/packages/gitlab/changelog.yml index 84ab7ce6e30..4ddfa57e7cf 100644 --- a/packages/gitlab/changelog.yml +++ b/packages/gitlab/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` manually set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12109 - version: "1.3.0" changes: - description: Do not remove `event.original` in main ingest pipeline. diff --git a/packages/gitlab/data_stream/application/elasticsearch/ingest_pipeline/default.yml b/packages/gitlab/data_stream/application/elasticsearch/ingest_pipeline/default.yml index 6afecb08ec4..5bab958a3a4 100644 --- a/packages/gitlab/data_stream/application/elasticsearch/ingest_pipeline/default.yml +++ b/packages/gitlab/data_stream/application/elasticsearch/ingest_pipeline/default.yml @@ -256,6 +256,11 @@ processors: value: pipeline_error allow_duplicates: false if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/gitlab/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/gitlab/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index d252d4cc159..0138ae16425 100644 --- a/packages/gitlab/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/gitlab/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -209,6 +209,11 @@ processors: value: pipeline_error allow_duplicates: false if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - set: field: event.kind diff --git a/packages/gitlab/data_stream/auth/elasticsearch/ingest_pipeline/default.yml b/packages/gitlab/data_stream/auth/elasticsearch/ingest_pipeline/default.yml index a3a6435ad4a..515fe209ac2 100644 --- a/packages/gitlab/data_stream/auth/elasticsearch/ingest_pipeline/default.yml +++ b/packages/gitlab/data_stream/auth/elasticsearch/ingest_pipeline/default.yml @@ -196,6 +196,11 @@ processors: value: pipeline_error allow_duplicates: false if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - set: field: event.kind diff --git a/packages/gitlab/data_stream/pages/elasticsearch/ingest_pipeline/default.yml b/packages/gitlab/data_stream/pages/elasticsearch/ingest_pipeline/default.yml index e5aefcfafe1..6324283fb27 100644 --- a/packages/gitlab/data_stream/pages/elasticsearch/ingest_pipeline/default.yml +++ b/packages/gitlab/data_stream/pages/elasticsearch/ingest_pipeline/default.yml @@ -147,6 +147,11 @@ processors: value: pipeline_error allow_duplicates: false if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - set: field: event.kind diff --git a/packages/gitlab/data_stream/sidekiq/elasticsearch/ingest_pipeline/default.yml b/packages/gitlab/data_stream/sidekiq/elasticsearch/ingest_pipeline/default.yml index bce00e4057e..8b97386af47 100644 --- a/packages/gitlab/data_stream/sidekiq/elasticsearch/ingest_pipeline/default.yml +++ b/packages/gitlab/data_stream/sidekiq/elasticsearch/ingest_pipeline/default.yml @@ -172,6 +172,11 @@ processors: value: pipeline_error allow_duplicates: false if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - set: field: event.kind diff --git a/packages/gitlab/manifest.yml b/packages/gitlab/manifest.yml index 5a9cbbc1956..c0c9cf7987c 100644 --- a/packages/gitlab/manifest.yml +++ b/packages/gitlab/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.1.3 name: gitlab title: GitLab -version: 1.3.0 +version: 1.4.0 description: Collect logs from GitLab with Elastic Agent. type: integration categories: diff --git a/packages/google_scc/changelog.yml b/packages/google_scc/changelog.yml index 8c34f171d87..d568e2af921 100644 --- a/packages/google_scc/changelog.yml +++ b/packages/google_scc/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.7.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` manually set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12109 - version: "1.6.0" changes: - description: Do not remove `event.original` in main ingest pipeline. diff --git a/packages/google_scc/data_stream/asset/elasticsearch/ingest_pipeline/default.yml b/packages/google_scc/data_stream/asset/elasticsearch/ingest_pipeline/default.yml index 372c37c6253..e7ab0e5e5a1 100644 --- a/packages/google_scc/data_stream/asset/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_scc/data_stream/asset/elasticsearch/ingest_pipeline/default.yml @@ -167,6 +167,11 @@ processors: value: pipeline_error tag: set_pipeline_error_into_event_kind if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/google_scc/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/google_scc/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index a5d9418ecba..cac03540eef 100644 --- a/packages/google_scc/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_scc/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -944,6 +944,11 @@ processors: value: pipeline_error tag: set_pipeline_error_into_event_kind if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/google_scc/data_stream/finding/elasticsearch/ingest_pipeline/default.yml b/packages/google_scc/data_stream/finding/elasticsearch/ingest_pipeline/default.yml index d56ac724a0a..2e72fdc9bda 100644 --- a/packages/google_scc/data_stream/finding/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_scc/data_stream/finding/elasticsearch/ingest_pipeline/default.yml @@ -1880,6 +1880,11 @@ processors: value: pipeline_error tag: set_pipeline_error_into_event_kind if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/google_scc/data_stream/source/elasticsearch/ingest_pipeline/default.yml b/packages/google_scc/data_stream/source/elasticsearch/ingest_pipeline/default.yml index 33da4779010..04ca7c60a9c 100644 --- a/packages/google_scc/data_stream/source/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_scc/data_stream/source/elasticsearch/ingest_pipeline/default.yml @@ -95,6 +95,11 @@ processors: value: pipeline_error tag: set_pipeline_error_into_event_kind if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/google_scc/manifest.yml b/packages/google_scc/manifest.yml index ceb0e926d24..fb5f7bfc8d1 100644 --- a/packages/google_scc/manifest.yml +++ b/packages/google_scc/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.3" name: google_scc title: Google Security Command Center -version: "1.6.0" +version: "1.7.0" description: Collect logs from Google Security Command Center with Elastic Agent. type: integration categories: diff --git a/packages/google_workspace/changelog.yml b/packages/google_workspace/changelog.yml index 59dfa1eabcd..9f25953c803 100644 --- a/packages/google_workspace/changelog.yml +++ b/packages/google_workspace/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.27.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` manually set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12109 - version: "2.26.1" changes: - description: Fix string literals in painless scripts. diff --git a/packages/google_workspace/data_stream/access_transparency/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/access_transparency/elasticsearch/ingest_pipeline/default.yml index a2369232412..7eb372f6275 100644 --- a/packages/google_workspace/data_stream/access_transparency/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/access_transparency/elasticsearch/ingest_pipeline/default.yml @@ -375,6 +375,11 @@ processors: field: event.kind value: pipeline_error if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/google_workspace/data_stream/context_aware_access/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/context_aware_access/elasticsearch/ingest_pipeline/default.yml index d7e67ada403..61266a67cb9 100644 --- a/packages/google_workspace/data_stream/context_aware_access/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/context_aware_access/elasticsearch/ingest_pipeline/default.yml @@ -350,6 +350,11 @@ processors: field: event.kind value: pipeline_error if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/google_workspace/data_stream/device/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/device/elasticsearch/ingest_pipeline/default.yml index eb6c0df14d1..893ce1b5ced 100644 --- a/packages/google_workspace/data_stream/device/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/device/elasticsearch/ingest_pipeline/default.yml @@ -547,6 +547,11 @@ processors: field: event.kind value: pipeline_error if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/google_workspace/data_stream/gcp/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/gcp/elasticsearch/ingest_pipeline/default.yml index 355d7196d99..cb06199b144 100644 --- a/packages/google_workspace/data_stream/gcp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/gcp/elasticsearch/ingest_pipeline/default.yml @@ -330,6 +330,11 @@ processors: field: event.kind value: pipeline_error if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/google_workspace/data_stream/group_enterprise/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/group_enterprise/elasticsearch/ingest_pipeline/default.yml index e730c0fdc95..feeaa8686a1 100644 --- a/packages/google_workspace/data_stream/group_enterprise/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/group_enterprise/elasticsearch/ingest_pipeline/default.yml @@ -370,6 +370,11 @@ processors: field: event.kind value: pipeline_error if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/google_workspace/manifest.yml b/packages/google_workspace/manifest.yml index fd9c25e95b5..7619ba7bef4 100644 --- a/packages/google_workspace/manifest.yml +++ b/packages/google_workspace/manifest.yml @@ -1,6 +1,6 @@ name: google_workspace title: Google Workspace -version: "2.26.1" +version: "2.27.0" source: license: Elastic-2.0 description: Collect logs from Google Workspace with Elastic Agent. diff --git a/packages/imperva_cloud_waf/changelog.yml b/packages/imperva_cloud_waf/changelog.yml index eeea6798b4c..da5cf14e404 100644 --- a/packages/imperva_cloud_waf/changelog.yml +++ b/packages/imperva_cloud_waf/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` manually set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12109 - version: "1.3.0" changes: - description: Do not remove `event.original` in main ingest pipeline. diff --git a/packages/imperva_cloud_waf/data_stream/event/elasticsearch/ingest_pipeline/default.yml b/packages/imperva_cloud_waf/data_stream/event/elasticsearch/ingest_pipeline/default.yml index 893920126d4..82bfc68592e 100644 --- a/packages/imperva_cloud_waf/data_stream/event/elasticsearch/ingest_pipeline/default.yml +++ b/packages/imperva_cloud_waf/data_stream/event/elasticsearch/ingest_pipeline/default.yml @@ -628,6 +628,11 @@ processors: value: pipeline_error allow_duplicates: false if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/imperva_cloud_waf/manifest.yml b/packages/imperva_cloud_waf/manifest.yml index b35db5c9ddc..03d96ad81ac 100644 --- a/packages/imperva_cloud_waf/manifest.yml +++ b/packages/imperva_cloud_waf/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.0.3 name: imperva_cloud_waf title: Imperva Cloud WAF -version: "1.3.0" +version: "1.4.0" description: Collect logs from Imperva Cloud WAF with Elastic Agent. type: integration categories: diff --git a/packages/m365_defender/changelog.yml b/packages/m365_defender/changelog.yml index d95e64dda96..886948514d0 100644 --- a/packages/m365_defender/changelog.yml +++ b/packages/m365_defender/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.18.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` manually set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12109 - version: "2.17.0" changes: - description: Do not remove `event.original` in main ingest pipeline. diff --git a/packages/m365_defender/data_stream/alert/elasticsearch/ingest_pipeline/default.yml b/packages/m365_defender/data_stream/alert/elasticsearch/ingest_pipeline/default.yml index b59468058db..36f4ed16642 100644 --- a/packages/m365_defender/data_stream/alert/elasticsearch/ingest_pipeline/default.yml +++ b/packages/m365_defender/data_stream/alert/elasticsearch/ingest_pipeline/default.yml @@ -2540,6 +2540,11 @@ processors: value: pipeline_error allow_duplicates: false if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/m365_defender/manifest.yml b/packages/m365_defender/manifest.yml index e1d37f9f073..14513bad235 100644 --- a/packages/m365_defender/manifest.yml +++ b/packages/m365_defender/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: m365_defender title: Microsoft M365 Defender -version: "2.17.0" +version: "2.18.0" description: Collect logs from Microsoft M365 Defender with Elastic Agent. categories: - "security" diff --git a/packages/menlo/changelog.yml b/packages/menlo/changelog.yml index 9a2ea9d8b61..033b3093adb 100644 --- a/packages/menlo/changelog.yml +++ b/packages/menlo/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` manually set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12109 - version: "1.3.0" changes: - description: Do not remove `event.original` in main ingest pipeline. diff --git a/packages/menlo/data_stream/dlp/elasticsearch/ingest_pipeline/default.yml b/packages/menlo/data_stream/dlp/elasticsearch/ingest_pipeline/default.yml index 1999e30e88f..4c854b2b48e 100644 --- a/packages/menlo/data_stream/dlp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/menlo/data_stream/dlp/elasticsearch/ingest_pipeline/default.yml @@ -186,6 +186,11 @@ processors: value: pipeline_error allow_duplicates: false if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - set: field: event.kind diff --git a/packages/menlo/data_stream/web/elasticsearch/ingest_pipeline/default.yml b/packages/menlo/data_stream/web/elasticsearch/ingest_pipeline/default.yml index 8fd6ccfe571..11457d9299c 100644 --- a/packages/menlo/data_stream/web/elasticsearch/ingest_pipeline/default.yml +++ b/packages/menlo/data_stream/web/elasticsearch/ingest_pipeline/default.yml @@ -332,6 +332,11 @@ processors: value: pipeline_error allow_duplicates: false if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - set: field: event.kind diff --git a/packages/menlo/manifest.yml b/packages/menlo/manifest.yml index 8237ba56566..822c37572eb 100644 --- a/packages/menlo/manifest.yml +++ b/packages/menlo/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: menlo title: "Menlo Security" -version: "1.3.0" +version: "1.4.0" source: license: "Elastic-2.0" description: "Collect logs from Menlo Security products with Elastic Agent" diff --git a/packages/microsoft_defender_cloud/changelog.yml b/packages/microsoft_defender_cloud/changelog.yml index 9a34b33d571..f1d4eb19435 100644 --- a/packages/microsoft_defender_cloud/changelog.yml +++ b/packages/microsoft_defender_cloud/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.3.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` manually set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12109 - version: "2.2.0" changes: - description: Do not remove `event.original` in main ingest pipeline. diff --git a/packages/microsoft_defender_cloud/data_stream/event/elasticsearch/ingest_pipeline/default.yml b/packages/microsoft_defender_cloud/data_stream/event/elasticsearch/ingest_pipeline/default.yml index edc492c0d65..c617c7870a8 100644 --- a/packages/microsoft_defender_cloud/data_stream/event/elasticsearch/ingest_pipeline/default.yml +++ b/packages/microsoft_defender_cloud/data_stream/event/elasticsearch/ingest_pipeline/default.yml @@ -1701,6 +1701,11 @@ processors: value: pipeline_error tag: set_pipeline_error_into_event_kind if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/microsoft_defender_cloud/manifest.yml b/packages/microsoft_defender_cloud/manifest.yml index 21fa9d7e098..22b444a9f35 100644 --- a/packages/microsoft_defender_cloud/manifest.yml +++ b/packages/microsoft_defender_cloud/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: microsoft_defender_cloud title: Microsoft Defender for Cloud -version: "2.2.0" +version: "2.3.0" description: Collect logs from Microsoft Defender for Cloud with Elastic Agent. type: integration categories: diff --git a/packages/microsoft_sentinel/changelog.yml b/packages/microsoft_sentinel/changelog.yml index e8abd1692db..9fc7f01f6ef 100644 --- a/packages/microsoft_sentinel/changelog.yml +++ b/packages/microsoft_sentinel/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.3.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` manually set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12109 - version: "0.2.0" changes: - description: Add "preserve_original_event" tag to documents with `event.kind` set to "pipeline_error". diff --git a/packages/microsoft_sentinel/data_stream/alert/elasticsearch/ingest_pipeline/default.yml b/packages/microsoft_sentinel/data_stream/alert/elasticsearch/ingest_pipeline/default.yml index 03d9c2bb5cd..139a6cf34a3 100644 --- a/packages/microsoft_sentinel/data_stream/alert/elasticsearch/ingest_pipeline/default.yml +++ b/packages/microsoft_sentinel/data_stream/alert/elasticsearch/ingest_pipeline/default.yml @@ -436,6 +436,11 @@ processors: tag: set_pipeline_error_in_event_kind value: pipeline_error if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/microsoft_sentinel/data_stream/event/elasticsearch/ingest_pipeline/default.yml b/packages/microsoft_sentinel/data_stream/event/elasticsearch/ingest_pipeline/default.yml index f6372162cd3..8519f91fc65 100644 --- a/packages/microsoft_sentinel/data_stream/event/elasticsearch/ingest_pipeline/default.yml +++ b/packages/microsoft_sentinel/data_stream/event/elasticsearch/ingest_pipeline/default.yml @@ -442,6 +442,11 @@ processors: tag: set_pipeline_error_to_event_kind value: pipeline_error if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/microsoft_sentinel/data_stream/incident/elasticsearch/ingest_pipeline/default.yml b/packages/microsoft_sentinel/data_stream/incident/elasticsearch/ingest_pipeline/default.yml index 105832eb974..5fa3fa7151f 100644 --- a/packages/microsoft_sentinel/data_stream/incident/elasticsearch/ingest_pipeline/default.yml +++ b/packages/microsoft_sentinel/data_stream/incident/elasticsearch/ingest_pipeline/default.yml @@ -446,6 +446,11 @@ processors: tag: set_pipeline_error_in_event_kind value: pipeline_error if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/microsoft_sentinel/manifest.yml b/packages/microsoft_sentinel/manifest.yml index e875d35499d..49234267f66 100644 --- a/packages/microsoft_sentinel/manifest.yml +++ b/packages/microsoft_sentinel/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.2.1 name: microsoft_sentinel title: Microsoft Sentinel -version: 0.2.0 +version: 0.3.0 description: Collect logs from Microsoft Sentinel with Elastic Agent. type: integration categories: diff --git a/packages/prisma_access/changelog.yml b/packages/prisma_access/changelog.yml index bb1c178024e..9b898f0e81c 100644 --- a/packages/prisma_access/changelog.yml +++ b/packages/prisma_access/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` manually set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12109 - version: "1.2.0" changes: - description: Do not remove `event.original` in main ingest pipeline. diff --git a/packages/prisma_access/data_stream/event/elasticsearch/ingest_pipeline/default.yml b/packages/prisma_access/data_stream/event/elasticsearch/ingest_pipeline/default.yml index d495d36e51b..24e5999824f 100644 --- a/packages/prisma_access/data_stream/event/elasticsearch/ingest_pipeline/default.yml +++ b/packages/prisma_access/data_stream/event/elasticsearch/ingest_pipeline/default.yml @@ -5298,6 +5298,11 @@ processors: tag: set_pipeline_error value: pipeline_error if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/prisma_access/manifest.yml b/packages/prisma_access/manifest.yml index 39b4fd85a9d..871f9df6150 100644 --- a/packages/prisma_access/manifest.yml +++ b/packages/prisma_access/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.1.4 name: prisma_access title: Palo Alto Prisma Access -version: 1.2.0 +version: 1.3.0 description: Collect logs from Palo Alto Prisma Access with Elastic Agent. type: integration categories: diff --git a/packages/prisma_cloud/changelog.yml b/packages/prisma_cloud/changelog.yml index 1bad5f81b24..7ecc077453c 100644 --- a/packages/prisma_cloud/changelog.yml +++ b/packages/prisma_cloud/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.7.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` manually set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12109 - version: "1.6.0" changes: - description: Do not remove `event.original` in main ingest pipeline. diff --git a/packages/prisma_cloud/data_stream/alert/elasticsearch/ingest_pipeline/default.yml b/packages/prisma_cloud/data_stream/alert/elasticsearch/ingest_pipeline/default.yml index 92785a5c224..8870e234a5c 100644 --- a/packages/prisma_cloud/data_stream/alert/elasticsearch/ingest_pipeline/default.yml +++ b/packages/prisma_cloud/data_stream/alert/elasticsearch/ingest_pipeline/default.yml @@ -1496,6 +1496,11 @@ processors: tag: set_event_kind_pipeline_error value: pipeline_error if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/prisma_cloud/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/prisma_cloud/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 368a9a73148..45de4eb5e98 100644 --- a/packages/prisma_cloud/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/prisma_cloud/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -221,6 +221,11 @@ processors: field: event.kind value: pipeline_error if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/prisma_cloud/data_stream/host/elasticsearch/ingest_pipeline/default.yml b/packages/prisma_cloud/data_stream/host/elasticsearch/ingest_pipeline/default.yml index 2e3b3d0cc5c..fb87ffc7d06 100644 --- a/packages/prisma_cloud/data_stream/host/elasticsearch/ingest_pipeline/default.yml +++ b/packages/prisma_cloud/data_stream/host/elasticsearch/ingest_pipeline/default.yml @@ -4247,6 +4247,11 @@ processors: tag: set_pipeline_error_in_event_kind value: pipeline_error if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/prisma_cloud/data_stream/host_profile/elasticsearch/ingest_pipeline/default.yml b/packages/prisma_cloud/data_stream/host_profile/elasticsearch/ingest_pipeline/default.yml index e23d05f57e6..5fd583ee59b 100644 --- a/packages/prisma_cloud/data_stream/host_profile/elasticsearch/ingest_pipeline/default.yml +++ b/packages/prisma_cloud/data_stream/host_profile/elasticsearch/ingest_pipeline/default.yml @@ -743,6 +743,11 @@ processors: field: event.kind value: pipeline_error if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/prisma_cloud/data_stream/incident_audit/elasticsearch/ingest_pipeline/default.yml b/packages/prisma_cloud/data_stream/incident_audit/elasticsearch/ingest_pipeline/default.yml index 046a0453ecc..df4ba39e985 100644 --- a/packages/prisma_cloud/data_stream/incident_audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/prisma_cloud/data_stream/incident_audit/elasticsearch/ingest_pipeline/default.yml @@ -802,6 +802,11 @@ processors: field: event.kind value: pipeline_error if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/prisma_cloud/manifest.yml b/packages/prisma_cloud/manifest.yml index 1c4f97596f1..573844602f6 100644 --- a/packages/prisma_cloud/manifest.yml +++ b/packages/prisma_cloud/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.0.3 name: prisma_cloud title: "Palo Alto Prisma Cloud" -version: "1.6.0" +version: "1.7.0" description: "Collect logs from Prisma Cloud with Elastic Agent." type: integration categories: diff --git a/packages/proofpoint_on_demand/changelog.yml b/packages/proofpoint_on_demand/changelog.yml index d50c16ecd70..5ce51364219 100644 --- a/packages/proofpoint_on_demand/changelog.yml +++ b/packages/proofpoint_on_demand/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` manually set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12109 - version: "1.1.0" changes: - description: Add "preserve_original_event" tag to documents with `event.kind` set to "pipeline_error". diff --git a/packages/proofpoint_on_demand/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/proofpoint_on_demand/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index a83ffa7dc61..545c4e4a3b7 100644 --- a/packages/proofpoint_on_demand/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/proofpoint_on_demand/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -462,6 +462,11 @@ processors: tag: set_pipeline_error_to_event_kind value: pipeline_error if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/proofpoint_on_demand/data_stream/mail/elasticsearch/ingest_pipeline/default.yml b/packages/proofpoint_on_demand/data_stream/mail/elasticsearch/ingest_pipeline/default.yml index 9dd5c8338f0..9fae6bd547d 100644 --- a/packages/proofpoint_on_demand/data_stream/mail/elasticsearch/ingest_pipeline/default.yml +++ b/packages/proofpoint_on_demand/data_stream/mail/elasticsearch/ingest_pipeline/default.yml @@ -454,6 +454,11 @@ processors: tag: set_pipeline_error_to_event_kind value: pipeline_error if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/proofpoint_on_demand/data_stream/message/elasticsearch/ingest_pipeline/default.yml b/packages/proofpoint_on_demand/data_stream/message/elasticsearch/ingest_pipeline/default.yml index b276b45d847..5fa9e9dda67 100644 --- a/packages/proofpoint_on_demand/data_stream/message/elasticsearch/ingest_pipeline/default.yml +++ b/packages/proofpoint_on_demand/data_stream/message/elasticsearch/ingest_pipeline/default.yml @@ -1380,6 +1380,11 @@ processors: tag: set_pipeline_error_to_event_kind value: pipeline_error if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/proofpoint_on_demand/manifest.yml b/packages/proofpoint_on_demand/manifest.yml index 9ebbc643364..278d3743735 100644 --- a/packages/proofpoint_on_demand/manifest.yml +++ b/packages/proofpoint_on_demand/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.1.4 name: proofpoint_on_demand title: Proofpoint On Demand -version: 1.1.0 +version: 1.2.0 description: Collect logs from Proofpoint On Demand with Elastic Agent. type: integration categories: diff --git a/packages/qualys_vmdr/changelog.yml b/packages/qualys_vmdr/changelog.yml index 4b24dc6ed61..ced6199a4ac 100644 --- a/packages/qualys_vmdr/changelog.yml +++ b/packages/qualys_vmdr/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "5.8.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` manually set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12109 - version: "5.7.0" changes: - description: Do not remove `event.original` in main ingest pipeline. diff --git a/packages/qualys_vmdr/data_stream/asset_host_detection/elasticsearch/ingest_pipeline/default.yml b/packages/qualys_vmdr/data_stream/asset_host_detection/elasticsearch/ingest_pipeline/default.yml index 351c120d655..7fca7e3cb07 100644 --- a/packages/qualys_vmdr/data_stream/asset_host_detection/elasticsearch/ingest_pipeline/default.yml +++ b/packages/qualys_vmdr/data_stream/asset_host_detection/elasticsearch/ingest_pipeline/default.yml @@ -1477,6 +1477,11 @@ processors: tag: set_event_kind_2 value: pipeline_error if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/qualys_vmdr/data_stream/knowledge_base/elasticsearch/ingest_pipeline/default.yml b/packages/qualys_vmdr/data_stream/knowledge_base/elasticsearch/ingest_pipeline/default.yml index 70d0ed362de..7875638f8ba 100644 --- a/packages/qualys_vmdr/data_stream/knowledge_base/elasticsearch/ingest_pipeline/default.yml +++ b/packages/qualys_vmdr/data_stream/knowledge_base/elasticsearch/ingest_pipeline/default.yml @@ -843,6 +843,11 @@ processors: tag: set_event_kind_2 value: pipeline_error if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/qualys_vmdr/manifest.yml b/packages/qualys_vmdr/manifest.yml index 2e10e5f6e46..1eaac1700ef 100644 --- a/packages/qualys_vmdr/manifest.yml +++ b/packages/qualys_vmdr/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: qualys_vmdr title: Qualys VMDR -version: "5.7.0" +version: "5.8.0" description: Collect data from Qualys VMDR platform with Elastic Agent. type: integration categories: diff --git a/packages/rapid7_insightvm/changelog.yml b/packages/rapid7_insightvm/changelog.yml index ec20aefe0fd..2e372be6218 100644 --- a/packages/rapid7_insightvm/changelog.yml +++ b/packages/rapid7_insightvm/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.15.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` manually set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12109 - version: "1.14.0" changes: - description: Do not remove `event.original` in main ingest pipeline. diff --git a/packages/rapid7_insightvm/data_stream/asset/elasticsearch/ingest_pipeline/default.yml b/packages/rapid7_insightvm/data_stream/asset/elasticsearch/ingest_pipeline/default.yml index 84a338a4bee..3facf5cda33 100644 --- a/packages/rapid7_insightvm/data_stream/asset/elasticsearch/ingest_pipeline/default.yml +++ b/packages/rapid7_insightvm/data_stream/asset/elasticsearch/ingest_pipeline/default.yml @@ -719,6 +719,11 @@ processors: field: event.kind value: pipeline_error if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/rapid7_insightvm/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml b/packages/rapid7_insightvm/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml index 3c5ca51a8cd..c81d19bd9b3 100644 --- a/packages/rapid7_insightvm/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml +++ b/packages/rapid7_insightvm/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml @@ -446,6 +446,11 @@ processors: field: event.kind value: pipeline_error if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/rapid7_insightvm/manifest.yml b/packages/rapid7_insightvm/manifest.yml index 91f69b28ae5..819bdfcac3a 100644 --- a/packages/rapid7_insightvm/manifest.yml +++ b/packages/rapid7_insightvm/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: rapid7_insightvm title: Rapid7 InsightVM -version: "1.14.0" +version: "1.15.0" source: license: "Elastic-2.0" description: Collect logs from Rapid7 InsightVM with Elastic Agent. diff --git a/packages/salesforce/changelog.yml b/packages/salesforce/changelog.yml index 669f1032933..38d2d51b9c0 100644 --- a/packages/salesforce/changelog.yml +++ b/packages/salesforce/changelog.yml @@ -1,4 +1,14 @@ # newer versions go on top +- version: "1.2.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` manually set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12109 +- version: "1.1.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/99999999 - version: "1.0.1" changes: - description: Remove indentation from processors to avoid syntax error when adding new processors. diff --git a/packages/salesforce/manifest.yml b/packages/salesforce/manifest.yml index 1c3c8092075..e4f56d393e3 100644 --- a/packages/salesforce/manifest.yml +++ b/packages/salesforce/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.0.2 name: salesforce title: Salesforce -version: "1.0.1" +version: "1.2.0" description: | Collect logs from Salesforce instances using the Elastic Agent. This integration enables monitoring and analysis of various Salesforce logs, including Login, Logout, Setup Audit Trail, and Apex execution logs. Gain insights into user activity, security events, and application performance. type: integration diff --git a/packages/servicenow/changelog.yml b/packages/servicenow/changelog.yml index baa5e131697..3f4cbc435ab 100644 --- a/packages/servicenow/changelog.yml +++ b/packages/servicenow/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.7.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` manually set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12109 - version: "0.6.0" changes: - description: Add "preserve_original_event" tag to documents with `event.kind` set to "pipeline_error". diff --git a/packages/servicenow/data_stream/event/elasticsearch/ingest_pipeline/default.yml b/packages/servicenow/data_stream/event/elasticsearch/ingest_pipeline/default.yml index 36ae4e0950b..476b49ec2e6 100644 --- a/packages/servicenow/data_stream/event/elasticsearch/ingest_pipeline/default.yml +++ b/packages/servicenow/data_stream/event/elasticsearch/ingest_pipeline/default.yml @@ -3330,6 +3330,11 @@ processors: tag: set_pipeline_error_into_event_kind value: pipeline_error if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/servicenow/manifest.yml b/packages/servicenow/manifest.yml index 545eaabe98d..afa145eb80b 100644 --- a/packages/servicenow/manifest.yml +++ b/packages/servicenow/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.2.1 name: servicenow title: "ServiceNow" -version: 0.6.0 +version: 0.7.0 description: "Collect logs from ServiceNow with Elastic Agent." type: integration categories: diff --git a/packages/spycloud/changelog.yml b/packages/spycloud/changelog.yml index 4aa39475aaa..c49856af631 100644 --- a/packages/spycloud/changelog.yml +++ b/packages/spycloud/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` manually set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12109 - version: "1.1.0" changes: - description: Add "preserve_original_event" tag to documents with `event.kind` set to "pipeline_error". diff --git a/packages/spycloud/data_stream/breach_catalog/elasticsearch/ingest_pipeline/default.yml b/packages/spycloud/data_stream/breach_catalog/elasticsearch/ingest_pipeline/default.yml index 526b63c63f4..30575a9661e 100644 --- a/packages/spycloud/data_stream/breach_catalog/elasticsearch/ingest_pipeline/default.yml +++ b/packages/spycloud/data_stream/breach_catalog/elasticsearch/ingest_pipeline/default.yml @@ -2407,6 +2407,11 @@ processors: value: pipeline_error allow_duplicates: false if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/spycloud/data_stream/breach_record/elasticsearch/ingest_pipeline/default.yml b/packages/spycloud/data_stream/breach_record/elasticsearch/ingest_pipeline/default.yml index b487699dc04..5758a4a4353 100644 --- a/packages/spycloud/data_stream/breach_record/elasticsearch/ingest_pipeline/default.yml +++ b/packages/spycloud/data_stream/breach_record/elasticsearch/ingest_pipeline/default.yml @@ -622,6 +622,11 @@ processors: value: pipeline_error allow_duplicates: false if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/spycloud/data_stream/compass/elasticsearch/ingest_pipeline/default.yml b/packages/spycloud/data_stream/compass/elasticsearch/ingest_pipeline/default.yml index caad720d5d7..3ad2ff8bfb6 100644 --- a/packages/spycloud/data_stream/compass/elasticsearch/ingest_pipeline/default.yml +++ b/packages/spycloud/data_stream/compass/elasticsearch/ingest_pipeline/default.yml @@ -606,6 +606,11 @@ processors: value: pipeline_error allow_duplicates: false if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/spycloud/manifest.yml b/packages/spycloud/manifest.yml index ca49153a2d6..a71d230cc16 100644 --- a/packages/spycloud/manifest.yml +++ b/packages/spycloud/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.2.1 name: spycloud title: SpyCloud Enterprise Protection -version: 1.1.0 +version: 1.2.0 description: Collect data from SpyCloud Enterprise Protection with Elastic Agent. type: integration categories: diff --git a/packages/sublime_security/changelog.yml b/packages/sublime_security/changelog.yml index ff85c2566f4..3d9b51c4a32 100644 --- a/packages/sublime_security/changelog.yml +++ b/packages/sublime_security/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` manually set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12109 - version: "1.2.0" changes: - description: Add "preserve_original_event" tag to documents with `event.kind` set to "pipeline_error". diff --git a/packages/sublime_security/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/sublime_security/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index b3042cd1d69..26c9ffb9ed2 100644 --- a/packages/sublime_security/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/sublime_security/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -404,6 +404,11 @@ processors: value: pipeline_error tag: set_pipeline_error_into_event_kind if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/sublime_security/data_stream/email_message/elasticsearch/ingest_pipeline/default.yml b/packages/sublime_security/data_stream/email_message/elasticsearch/ingest_pipeline/default.yml index 1c98227119c..2617507f729 100644 --- a/packages/sublime_security/data_stream/email_message/elasticsearch/ingest_pipeline/default.yml +++ b/packages/sublime_security/data_stream/email_message/elasticsearch/ingest_pipeline/default.yml @@ -2155,6 +2155,11 @@ processors: value: pipeline_error tag: set_pipeline_error_into_event_kind if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/sublime_security/data_stream/message_event/elasticsearch/ingest_pipeline/default.yml b/packages/sublime_security/data_stream/message_event/elasticsearch/ingest_pipeline/default.yml index 44065e93427..ba214aad6e7 100644 --- a/packages/sublime_security/data_stream/message_event/elasticsearch/ingest_pipeline/default.yml +++ b/packages/sublime_security/data_stream/message_event/elasticsearch/ingest_pipeline/default.yml @@ -352,6 +352,11 @@ processors: value: pipeline_error tag: set_pipeline_error_into_event_kind if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/sublime_security/manifest.yml b/packages/sublime_security/manifest.yml index cac26fbd2c3..06b2dbdf867 100644 --- a/packages/sublime_security/manifest.yml +++ b/packages/sublime_security/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.2.1 name: sublime_security title: Sublime Security -version: 1.2.0 +version: 1.3.0 description: Collect logs from Sublime Security with Elastic Agent. type: integration categories: diff --git a/packages/symantec_edr_cloud/changelog.yml b/packages/symantec_edr_cloud/changelog.yml index 5534412117b..828d3e3545b 100644 --- a/packages/symantec_edr_cloud/changelog.yml +++ b/packages/symantec_edr_cloud/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.8.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` manually set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12109 - version: "1.7.0" changes: - description: Do not remove `event.original` in main ingest pipeline. diff --git a/packages/symantec_edr_cloud/data_stream/incident/elasticsearch/ingest_pipeline/default.yml b/packages/symantec_edr_cloud/data_stream/incident/elasticsearch/ingest_pipeline/default.yml index 3d34afd1d2b..9bc17c5d243 100644 --- a/packages/symantec_edr_cloud/data_stream/incident/elasticsearch/ingest_pipeline/default.yml +++ b/packages/symantec_edr_cloud/data_stream/incident/elasticsearch/ingest_pipeline/default.yml @@ -456,6 +456,11 @@ processors: value: pipeline_error tag: set_pipeline_error_into_event_kind if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/symantec_edr_cloud/manifest.yml b/packages/symantec_edr_cloud/manifest.yml index bd71868df60..f509f7e9e71 100644 --- a/packages/symantec_edr_cloud/manifest.yml +++ b/packages/symantec_edr_cloud/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.0.2 name: symantec_edr_cloud title: Symantec EDR Cloud (Deprecated) -version: "1.7.0" +version: "1.8.0" source: license: Elastic-2.0 description: Deprecated. Use the Symantec Endpoint Security package instead. diff --git a/packages/symantec_endpoint_security/changelog.yml b/packages/symantec_endpoint_security/changelog.yml index a08b252534f..2479fbcb117 100644 --- a/packages/symantec_endpoint_security/changelog.yml +++ b/packages/symantec_endpoint_security/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` manually set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12109 - version: "1.4.0" changes: - description: Do not remove `event.original` in main ingest pipeline. diff --git a/packages/symantec_endpoint_security/data_stream/event/elasticsearch/ingest_pipeline/default.yml b/packages/symantec_endpoint_security/data_stream/event/elasticsearch/ingest_pipeline/default.yml index 8e046892262..06f5a4b387a 100644 --- a/packages/symantec_endpoint_security/data_stream/event/elasticsearch/ingest_pipeline/default.yml +++ b/packages/symantec_endpoint_security/data_stream/event/elasticsearch/ingest_pipeline/default.yml @@ -1220,6 +1220,11 @@ processors: value: pipeline_error allow_duplicates: false if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/symantec_endpoint_security/data_stream/incident/elasticsearch/ingest_pipeline/default.yml b/packages/symantec_endpoint_security/data_stream/incident/elasticsearch/ingest_pipeline/default.yml index 8000ee186bc..bebbc5e42e8 100644 --- a/packages/symantec_endpoint_security/data_stream/incident/elasticsearch/ingest_pipeline/default.yml +++ b/packages/symantec_endpoint_security/data_stream/incident/elasticsearch/ingest_pipeline/default.yml @@ -450,6 +450,11 @@ processors: value: pipeline_error tag: set_pipeline_error_into_event_kind if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/symantec_endpoint_security/manifest.yml b/packages/symantec_endpoint_security/manifest.yml index 9c9149e591f..f20c981ef15 100644 --- a/packages/symantec_endpoint_security/manifest.yml +++ b/packages/symantec_endpoint_security/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.0.3 name: symantec_endpoint_security title: Symantec Endpoint Security -version: "1.4.0" +version: "1.5.0" description: Collect logs from Symantec Endpoint Security with Elastic Agent. type: integration categories: diff --git a/packages/tenable_io/changelog.yml b/packages/tenable_io/changelog.yml index 240211076a8..a89b609cec0 100644 --- a/packages/tenable_io/changelog.yml +++ b/packages/tenable_io/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "3.5.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` manually set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12109 - version: "3.4.0" changes: - description: Do not remove `event.original` in main ingest pipeline. diff --git a/packages/tenable_io/data_stream/asset/elasticsearch/ingest_pipeline/default.yml b/packages/tenable_io/data_stream/asset/elasticsearch/ingest_pipeline/default.yml index b6700f6fbd5..ae9e30db1e5 100644 --- a/packages/tenable_io/data_stream/asset/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tenable_io/data_stream/asset/elasticsearch/ingest_pipeline/default.yml @@ -727,6 +727,11 @@ processors: field: event.kind value: pipeline_error if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/tenable_io/data_stream/plugin/elasticsearch/ingest_pipeline/default.yml b/packages/tenable_io/data_stream/plugin/elasticsearch/ingest_pipeline/default.yml index 61248aa20e0..7c4adfbfc27 100644 --- a/packages/tenable_io/data_stream/plugin/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tenable_io/data_stream/plugin/elasticsearch/ingest_pipeline/default.yml @@ -580,6 +580,11 @@ processors: field: event.kind value: pipeline_error if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/tenable_io/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml b/packages/tenable_io/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml index 22adfb372dd..391b1aaa13a 100644 --- a/packages/tenable_io/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tenable_io/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml @@ -1024,6 +1024,11 @@ processors: field: event.kind value: pipeline_error if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/tenable_io/manifest.yml b/packages/tenable_io/manifest.yml index 6d4a662e56d..8381858ddfb 100644 --- a/packages/tenable_io/manifest.yml +++ b/packages/tenable_io/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: tenable_io title: Tenable Vulnerability Management -version: "3.4.0" +version: "3.5.0" description: Collect logs from Tenable Vulnerability Management with Elastic Agent. type: integration categories: diff --git a/packages/ti_crowdstrike/changelog.yml b/packages/ti_crowdstrike/changelog.yml index 5d7a860ab3a..7b5c8ec178e 100644 --- a/packages/ti_crowdstrike/changelog.yml +++ b/packages/ti_crowdstrike/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.3.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` manually set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12109 - version: "2.2.0" changes: - description: Do not remove `event.original` in main ingest pipeline. diff --git a/packages/ti_crowdstrike/data_stream/intel/elasticsearch/ingest_pipeline/default.yml b/packages/ti_crowdstrike/data_stream/intel/elasticsearch/ingest_pipeline/default.yml index 335d08bdfac..f8e91c1b99d 100644 --- a/packages/ti_crowdstrike/data_stream/intel/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_crowdstrike/data_stream/intel/elasticsearch/ingest_pipeline/default.yml @@ -443,6 +443,11 @@ processors: value: pipeline_error allow_duplicates: false if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/ti_crowdstrike/data_stream/ioc/elasticsearch/ingest_pipeline/default.yml b/packages/ti_crowdstrike/data_stream/ioc/elasticsearch/ingest_pipeline/default.yml index afcc17ecada..bcd024ad06a 100644 --- a/packages/ti_crowdstrike/data_stream/ioc/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_crowdstrike/data_stream/ioc/elasticsearch/ingest_pipeline/default.yml @@ -365,6 +365,11 @@ processors: value: pipeline_error allow_duplicates: false if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/ti_crowdstrike/manifest.yml b/packages/ti_crowdstrike/manifest.yml index 6bca827bb9d..dbf99899303 100644 --- a/packages/ti_crowdstrike/manifest.yml +++ b/packages/ti_crowdstrike/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.0.3 name: ti_crowdstrike title: CrowdStrike Falcon Intelligence -version: "2.2.0" +version: "2.3.0" description: Collect logs from CrowdStrike Falcon Intelligence with Elastic Agent. type: integration categories: diff --git a/packages/ti_eset/changelog.yml b/packages/ti_eset/changelog.yml index c2bf7417d94..d548b7833c2 100644 --- a/packages/ti_eset/changelog.yml +++ b/packages/ti_eset/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` manually set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12109 - version: "1.4.0" changes: - description: Do not remove `event.original` in main ingest pipeline. diff --git a/packages/ti_eset/data_stream/apt/elasticsearch/ingest_pipeline/default.yml b/packages/ti_eset/data_stream/apt/elasticsearch/ingest_pipeline/default.yml index c12af671235..e926209d3f9 100644 --- a/packages/ti_eset/data_stream/apt/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_eset/data_stream/apt/elasticsearch/ingest_pipeline/default.yml @@ -151,6 +151,11 @@ processors: value: pipeline_error allow_duplicates: false if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - set: field: error.message diff --git a/packages/ti_eset/data_stream/botnet/elasticsearch/ingest_pipeline/default.yml b/packages/ti_eset/data_stream/botnet/elasticsearch/ingest_pipeline/default.yml index 97d2346f3f2..5e3a86118c6 100644 --- a/packages/ti_eset/data_stream/botnet/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_eset/data_stream/botnet/elasticsearch/ingest_pipeline/default.yml @@ -141,6 +141,11 @@ processors: value: pipeline_error allow_duplicates: false if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - set: field: error.message diff --git a/packages/ti_eset/data_stream/cc/elasticsearch/ingest_pipeline/default.yml b/packages/ti_eset/data_stream/cc/elasticsearch/ingest_pipeline/default.yml index 3e87331d946..d90d6f25cce 100644 --- a/packages/ti_eset/data_stream/cc/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_eset/data_stream/cc/elasticsearch/ingest_pipeline/default.yml @@ -133,6 +133,11 @@ processors: value: pipeline_error allow_duplicates: false if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - set: field: error.message diff --git a/packages/ti_eset/data_stream/domains/elasticsearch/ingest_pipeline/default.yml b/packages/ti_eset/data_stream/domains/elasticsearch/ingest_pipeline/default.yml index ff6fc67ea80..82575630cf2 100644 --- a/packages/ti_eset/data_stream/domains/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_eset/data_stream/domains/elasticsearch/ingest_pipeline/default.yml @@ -137,6 +137,11 @@ processors: value: pipeline_error allow_duplicates: false if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - set: field: error.message diff --git a/packages/ti_eset/data_stream/files/elasticsearch/ingest_pipeline/default.yml b/packages/ti_eset/data_stream/files/elasticsearch/ingest_pipeline/default.yml index 50b65063ba3..43e2dc1753e 100644 --- a/packages/ti_eset/data_stream/files/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_eset/data_stream/files/elasticsearch/ingest_pipeline/default.yml @@ -134,6 +134,11 @@ processors: value: pipeline_error allow_duplicates: false if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - set: field: error.message diff --git a/packages/ti_eset/data_stream/ip/elasticsearch/ingest_pipeline/default.yml b/packages/ti_eset/data_stream/ip/elasticsearch/ingest_pipeline/default.yml index 87f8e1de767..bd4ba733cfa 100644 --- a/packages/ti_eset/data_stream/ip/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_eset/data_stream/ip/elasticsearch/ingest_pipeline/default.yml @@ -134,6 +134,11 @@ processors: value: pipeline_error allow_duplicates: false if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - set: field: error.message diff --git a/packages/ti_eset/data_stream/url/elasticsearch/ingest_pipeline/default.yml b/packages/ti_eset/data_stream/url/elasticsearch/ingest_pipeline/default.yml index 316d0ea8860..888bc3a4a4e 100644 --- a/packages/ti_eset/data_stream/url/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_eset/data_stream/url/elasticsearch/ingest_pipeline/default.yml @@ -132,6 +132,11 @@ processors: value: pipeline_error allow_duplicates: false if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - set: field: error.message diff --git a/packages/ti_eset/manifest.yml b/packages/ti_eset/manifest.yml index 632062f835c..a636b4707ed 100644 --- a/packages/ti_eset/manifest.yml +++ b/packages/ti_eset/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.0.3 name: ti_eset title: "ESET Threat Intelligence" -version: "1.4.0" +version: "1.5.0" description: "Ingest threat intelligence indicators from ESET Threat Intelligence with Elastic Agent." type: integration categories: diff --git a/packages/ti_mandiant_advantage/changelog.yml b/packages/ti_mandiant_advantage/changelog.yml index fdca51f9810..a7406cbbdfb 100644 --- a/packages/ti_mandiant_advantage/changelog.yml +++ b/packages/ti_mandiant_advantage/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.7.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` manually set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12109 - version: "1.6.0" changes: - description: Add support for proxy configuration. diff --git a/packages/ti_mandiant_advantage/data_stream/threat_intelligence/elasticsearch/ingest_pipeline/default.yml b/packages/ti_mandiant_advantage/data_stream/threat_intelligence/elasticsearch/ingest_pipeline/default.yml index b5994b671cc..ceae78750ae 100644 --- a/packages/ti_mandiant_advantage/data_stream/threat_intelligence/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_mandiant_advantage/data_stream/threat_intelligence/elasticsearch/ingest_pipeline/default.yml @@ -404,6 +404,11 @@ processors: value: pipeline_error allow_duplicates: false if: ctx.error?.message != null +- append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/ti_mandiant_advantage/manifest.yml b/packages/ti_mandiant_advantage/manifest.yml index d542ffd4595..8dfd9488fdd 100644 --- a/packages/ti_mandiant_advantage/manifest.yml +++ b/packages/ti_mandiant_advantage/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.0.2 name: ti_mandiant_advantage title: "Mandiant Advantage" -version: "1.6.0" +version: "1.7.0" source: license: "Elastic-2.0" description: "Collect Threat Intelligence from products within the Mandiant Advantage platform." diff --git a/packages/ti_rapid7_threat_command/changelog.yml b/packages/ti_rapid7_threat_command/changelog.yml index f3ccd8bed17..7e99efa2e0b 100644 --- a/packages/ti_rapid7_threat_command/changelog.yml +++ b/packages/ti_rapid7_threat_command/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.3.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` manually set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12109 - version: "2.2.0" changes: - description: Do not remove `event.original` in main ingest pipeline. diff --git a/packages/ti_rapid7_threat_command/data_stream/alert/elasticsearch/ingest_pipeline/default.yml b/packages/ti_rapid7_threat_command/data_stream/alert/elasticsearch/ingest_pipeline/default.yml index 3c9a9b19264..b63e82bac9a 100644 --- a/packages/ti_rapid7_threat_command/data_stream/alert/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_rapid7_threat_command/data_stream/alert/elasticsearch/ingest_pipeline/default.yml @@ -236,6 +236,11 @@ processors: value: pipeline_error allow_duplicates: false if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - set: field: event.kind diff --git a/packages/ti_rapid7_threat_command/data_stream/ioc/elasticsearch/ingest_pipeline/default.yml b/packages/ti_rapid7_threat_command/data_stream/ioc/elasticsearch/ingest_pipeline/default.yml index 76e893a7161..2382ac489ba 100644 --- a/packages/ti_rapid7_threat_command/data_stream/ioc/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_rapid7_threat_command/data_stream/ioc/elasticsearch/ingest_pipeline/default.yml @@ -437,6 +437,11 @@ processors: value: pipeline_error allow_duplicates: false if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - set: field: event.kind diff --git a/packages/ti_rapid7_threat_command/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml b/packages/ti_rapid7_threat_command/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml index 93f31249c72..0208eb54f89 100644 --- a/packages/ti_rapid7_threat_command/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_rapid7_threat_command/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml @@ -333,6 +333,11 @@ processors: value: pipeline_error allow_duplicates: false if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - set: field: event.kind diff --git a/packages/ti_rapid7_threat_command/manifest.yml b/packages/ti_rapid7_threat_command/manifest.yml index 7985afed025..60cb02b20bf 100644 --- a/packages/ti_rapid7_threat_command/manifest.yml +++ b/packages/ti_rapid7_threat_command/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.0.2 name: ti_rapid7_threat_command title: Rapid7 Threat Command -version: "2.2.0" +version: "2.3.0" description: Collect threat intelligence from Threat Command API with Elastic Agent. type: integration categories: ["security", "threat_intel"] diff --git a/packages/ti_threatconnect/changelog.yml b/packages/ti_threatconnect/changelog.yml index c8ba6b46f77..3ab3a223fb0 100644 --- a/packages/ti_threatconnect/changelog.yml +++ b/packages/ti_threatconnect/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.6.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` manually set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12109 - version: "1.5.0" changes: - description: Do not remove `event.original` in main ingest pipeline. diff --git a/packages/ti_threatconnect/data_stream/indicator/elasticsearch/ingest_pipeline/default.yml b/packages/ti_threatconnect/data_stream/indicator/elasticsearch/ingest_pipeline/default.yml index 4b9b2c53943..c6968d11542 100644 --- a/packages/ti_threatconnect/data_stream/indicator/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_threatconnect/data_stream/indicator/elasticsearch/ingest_pipeline/default.yml @@ -2221,6 +2221,11 @@ processors: value: pipeline_error allow_duplicates: false if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/ti_threatconnect/manifest.yml b/packages/ti_threatconnect/manifest.yml index f9e358c84a6..b65d47baf54 100644 --- a/packages/ti_threatconnect/manifest.yml +++ b/packages/ti_threatconnect/manifest.yml @@ -2,7 +2,7 @@ format_version: 3.0.3 name: ti_threatconnect title: ThreatConnect -version: "1.5.0" +version: "1.6.0" description: Collects Indicators from ThreatConnect using the Elastic Agent and saves them as logs inside Elastic type: integration categories: diff --git a/packages/trellix_edr_cloud/changelog.yml b/packages/trellix_edr_cloud/changelog.yml index 23f6bf5eddc..0e1fd72d651 100644 --- a/packages/trellix_edr_cloud/changelog.yml +++ b/packages/trellix_edr_cloud/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` manually set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12109 - version: "1.4.0" changes: - description: Do not remove `event.original` in main ingest pipeline. diff --git a/packages/trellix_edr_cloud/data_stream/event/elasticsearch/ingest_pipeline/default.yml b/packages/trellix_edr_cloud/data_stream/event/elasticsearch/ingest_pipeline/default.yml index 6f9aff932d4..26993951391 100644 --- a/packages/trellix_edr_cloud/data_stream/event/elasticsearch/ingest_pipeline/default.yml +++ b/packages/trellix_edr_cloud/data_stream/event/elasticsearch/ingest_pipeline/default.yml @@ -928,6 +928,11 @@ processors: tag: set_event_kind value: pipeline_error if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/trellix_edr_cloud/manifest.yml b/packages/trellix_edr_cloud/manifest.yml index d52cef04897..cb2b22d8ce5 100644 --- a/packages/trellix_edr_cloud/manifest.yml +++ b/packages/trellix_edr_cloud/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: trellix_edr_cloud title: Trellix EDR Cloud -version: "1.4.0" +version: "1.5.0" description: Collect logs from Trellix EDR Cloud with Elastic Agent. type: integration categories: diff --git a/packages/trellix_epo_cloud/changelog.yml b/packages/trellix_epo_cloud/changelog.yml index 10df6bdd705..12c885deaa5 100644 --- a/packages/trellix_epo_cloud/changelog.yml +++ b/packages/trellix_epo_cloud/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.14.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` manually set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12109 - version: "1.13.0" changes: - description: Do not remove `event.original` in main ingest pipeline. diff --git a/packages/trellix_epo_cloud/data_stream/device/elasticsearch/ingest_pipeline/default.yml b/packages/trellix_epo_cloud/data_stream/device/elasticsearch/ingest_pipeline/default.yml index 3e560997b88..0a01f7f9931 100644 --- a/packages/trellix_epo_cloud/data_stream/device/elasticsearch/ingest_pipeline/default.yml +++ b/packages/trellix_epo_cloud/data_stream/device/elasticsearch/ingest_pipeline/default.yml @@ -475,6 +475,11 @@ processors: field: event.kind value: pipeline_error if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/trellix_epo_cloud/data_stream/event/elasticsearch/ingest_pipeline/default.yml b/packages/trellix_epo_cloud/data_stream/event/elasticsearch/ingest_pipeline/default.yml index d6577862916..dfa5efc50fd 100644 --- a/packages/trellix_epo_cloud/data_stream/event/elasticsearch/ingest_pipeline/default.yml +++ b/packages/trellix_epo_cloud/data_stream/event/elasticsearch/ingest_pipeline/default.yml @@ -652,6 +652,11 @@ processors: field: event.kind value: pipeline_error if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/trellix_epo_cloud/data_stream/group/elasticsearch/ingest_pipeline/default.yml b/packages/trellix_epo_cloud/data_stream/group/elasticsearch/ingest_pipeline/default.yml index 819b42ddca3..a8f66884c91 100644 --- a/packages/trellix_epo_cloud/data_stream/group/elasticsearch/ingest_pipeline/default.yml +++ b/packages/trellix_epo_cloud/data_stream/group/elasticsearch/ingest_pipeline/default.yml @@ -172,6 +172,11 @@ processors: field: event.kind value: pipeline_error if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/trellix_epo_cloud/manifest.yml b/packages/trellix_epo_cloud/manifest.yml index 0c5457e82cf..f5743bb7a7d 100644 --- a/packages/trellix_epo_cloud/manifest.yml +++ b/packages/trellix_epo_cloud/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.2" name: trellix_epo_cloud title: Trellix ePO Cloud -version: "1.13.0" +version: "1.14.0" source: license: Elastic-2.0 description: Collect logs from Trellix ePO Cloud with Elastic Agent. diff --git a/packages/trendmicro/changelog.yml b/packages/trendmicro/changelog.yml index 904e9a409cf..69f9cb4a8cb 100644 --- a/packages/trendmicro/changelog.yml +++ b/packages/trendmicro/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.6.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` manually set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12109 - version: "2.5.0" changes: - description: Do not remove `event.original` in main ingest pipeline. diff --git a/packages/trendmicro/data_stream/deep_security/elasticsearch/ingest_pipeline/default.yml b/packages/trendmicro/data_stream/deep_security/elasticsearch/ingest_pipeline/default.yml index 530775ee5de..48eb956ae0a 100644 --- a/packages/trendmicro/data_stream/deep_security/elasticsearch/ingest_pipeline/default.yml +++ b/packages/trendmicro/data_stream/deep_security/elasticsearch/ingest_pipeline/default.yml @@ -982,6 +982,11 @@ processors: value: pipeline_error allow_duplicates: false if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/trendmicro/manifest.yml b/packages/trendmicro/manifest.yml index 77ddd337da7..68329755a49 100644 --- a/packages/trendmicro/manifest.yml +++ b/packages/trendmicro/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.0" name: trendmicro title: Trend Micro Deep Security -version: "2.5.0" +version: "2.6.0" description: Collect logs from Trend Micro Deep Security with Elastic Agent. type: integration categories: diff --git a/packages/vectra_detect/changelog.yml b/packages/vectra_detect/changelog.yml index a6b238f6fad..dd7688295cd 100644 --- a/packages/vectra_detect/changelog.yml +++ b/packages/vectra_detect/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.12.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` manually set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12109 - version: "1.11.0" changes: - description: Do not remove `event.original` in main ingest pipeline. diff --git a/packages/vectra_detect/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/vectra_detect/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 0b1cbf65a47..eb3b3640bfa 100644 --- a/packages/vectra_detect/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/vectra_detect/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -219,6 +219,11 @@ processors: field: event.kind value: pipeline_error if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/vectra_detect/manifest.yml b/packages/vectra_detect/manifest.yml index f0ae25b81a2..97ced4a09a3 100644 --- a/packages/vectra_detect/manifest.yml +++ b/packages/vectra_detect/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.3" name: vectra_detect title: Vectra Detect -version: "1.11.0" +version: "1.12.0" source: license: Elastic-2.0 description: Collect logs from Vectra Detect with Elastic Agent. diff --git a/packages/wiz/changelog.yml b/packages/wiz/changelog.yml index 5b488d0486c..4219e5238c2 100644 --- a/packages/wiz/changelog.yml +++ b/packages/wiz/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.7.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` manually set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12109 - version: "2.6.0" changes: - description: Do not remove `event.original` in main ingest pipeline. diff --git a/packages/wiz/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/wiz/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 7ba50c49bf0..a33e2b57555 100644 --- a/packages/wiz/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/wiz/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -305,6 +305,11 @@ processors: tag: set_pipeline_error_to_event_kind value: pipeline_error if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/wiz/data_stream/cloud_configuration_finding/elasticsearch/ingest_pipeline/default.yml b/packages/wiz/data_stream/cloud_configuration_finding/elasticsearch/ingest_pipeline/default.yml index 09451a2d74c..f54101734db 100644 --- a/packages/wiz/data_stream/cloud_configuration_finding/elasticsearch/ingest_pipeline/default.yml +++ b/packages/wiz/data_stream/cloud_configuration_finding/elasticsearch/ingest_pipeline/default.yml @@ -389,6 +389,11 @@ processors: tag: set_pipeline_error_to_event_kind value: pipeline_error if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - set: field: error.message diff --git a/packages/wiz/data_stream/issue/elasticsearch/ingest_pipeline/default.yml b/packages/wiz/data_stream/issue/elasticsearch/ingest_pipeline/default.yml index f5a1aefefbf..424e813df10 100644 --- a/packages/wiz/data_stream/issue/elasticsearch/ingest_pipeline/default.yml +++ b/packages/wiz/data_stream/issue/elasticsearch/ingest_pipeline/default.yml @@ -417,6 +417,11 @@ processors: tag: set_pipeline_error_to_event_kind value: pipeline_error if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/wiz/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml b/packages/wiz/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml index 52ae2930f45..1e8424a50cc 100644 --- a/packages/wiz/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml +++ b/packages/wiz/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml @@ -644,6 +644,11 @@ processors: tag: set_pipeline_error_to_event_kind value: pipeline_error if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/wiz/manifest.yml b/packages/wiz/manifest.yml index 4b5a2a60e1c..49cc058e8a8 100644 --- a/packages/wiz/manifest.yml +++ b/packages/wiz/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.0.2 name: wiz title: Wiz -version: "2.6.0" +version: "2.7.0" description: Collect logs from Wiz with Elastic Agent. type: integration categories: diff --git a/packages/zscaler_zia/changelog.yml b/packages/zscaler_zia/changelog.yml index 50d5af5d010..234786a2668 100644 --- a/packages/zscaler_zia/changelog.yml +++ b/packages/zscaler_zia/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "3.6.0" + changes: + - description: Add "preserve_original_event" tag to documents with `event.kind` manually set to "pipeline_error". + type: enhancement + link: https://github.com/elastic/integrations/pull/12109 - version: "3.5.0" changes: - description: Add "preserve_original_event" tag to documents with `event.kind` set to "pipeline_error". diff --git a/packages/zscaler_zia/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zia/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml index 4a22037a31a..d24cd8fc8b7 100644 --- a/packages/zscaler_zia/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zia/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml @@ -136,6 +136,11 @@ processors: value: pipeline_error tag: set_pipeline_error_into_event_kind if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/zscaler_zia/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zia/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index b21463084ba..4d54924b80c 100644 --- a/packages/zscaler_zia/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zia/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -541,6 +541,11 @@ processors: value: pipeline_error tag: set_pipeline_error_into_event_kind if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/zscaler_zia/data_stream/dns/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zia/data_stream/dns/elasticsearch/ingest_pipeline/default.yml index 781b7295e5f..665ea7a49d7 100644 --- a/packages/zscaler_zia/data_stream/dns/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zia/data_stream/dns/elasticsearch/ingest_pipeline/default.yml @@ -801,6 +801,11 @@ processors: value: pipeline_error tag: set_pipeline_error_into_event_kind if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/zscaler_zia/data_stream/endpoint_dlp/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zia/data_stream/endpoint_dlp/elasticsearch/ingest_pipeline/default.yml index f66ff786cf8..0fd7c0e10dd 100644 --- a/packages/zscaler_zia/data_stream/endpoint_dlp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zia/data_stream/endpoint_dlp/elasticsearch/ingest_pipeline/default.yml @@ -816,6 +816,11 @@ processors: value: pipeline_error tag: set_pipeline_error_into_event_kind if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/zscaler_zia/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zia/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml index b8bcb43ce01..4547454467f 100644 --- a/packages/zscaler_zia/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zia/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml @@ -1104,6 +1104,11 @@ processors: value: pipeline_error tag: set_pipeline_error_into_event_kind if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/zscaler_zia/data_stream/sandbox_report/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zia/data_stream/sandbox_report/elasticsearch/ingest_pipeline/default.yml index 41c2ccb65b9..c07a4794981 100644 --- a/packages/zscaler_zia/data_stream/sandbox_report/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zia/data_stream/sandbox_report/elasticsearch/ingest_pipeline/default.yml @@ -481,6 +481,11 @@ processors: value: pipeline_error tag: set_pipeline_error_into_event_kind if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/zscaler_zia/data_stream/tunnel/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zia/data_stream/tunnel/elasticsearch/ingest_pipeline/default.yml index 463731d4725..e66590df0bb 100644 --- a/packages/zscaler_zia/data_stream/tunnel/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zia/data_stream/tunnel/elasticsearch/ingest_pipeline/default.yml @@ -713,6 +713,11 @@ processors: value: pipeline_error tag: set_pipeline_error_into_event_kind if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/zscaler_zia/data_stream/web/elasticsearch/ingest_pipeline/default.yml b/packages/zscaler_zia/data_stream/web/elasticsearch/ingest_pipeline/default.yml index 2708e497b8b..9884d00fe66 100644 --- a/packages/zscaler_zia/data_stream/web/elasticsearch/ingest_pipeline/default.yml +++ b/packages/zscaler_zia/data_stream/web/elasticsearch/ingest_pipeline/default.yml @@ -1574,6 +1574,11 @@ processors: value: pipeline_error tag: set_pipeline_error_into_event_kind if: ctx.error?.message != null + - append: + field: tags + value: preserve_original_event + allow_duplicates: false + if: ctx.error?.message != null on_failure: - append: field: error.message diff --git a/packages/zscaler_zia/manifest.yml b/packages/zscaler_zia/manifest.yml index 4883d3630ef..1eb781de9a4 100644 --- a/packages/zscaler_zia/manifest.yml +++ b/packages/zscaler_zia/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.3" name: zscaler_zia title: Zscaler Internet Access -version: "3.5.0" +version: "3.6.0" description: Collect logs from Zscaler Internet Access (ZIA) with Elastic Agent. type: integration categories: