diff --git a/packages/auditd_manager/changelog.yml b/packages/auditd_manager/changelog.yml index b12529ecd58..09a882f76b4 100644 --- a/packages/auditd_manager/changelog.yml +++ b/packages/auditd_manager/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.19.1" + changes: + - description: Fix hbs format in the ingest pipeline for auditd data stream. + type: bugfix + link: https://github.com/elastic/integrations/pull/16230 - version: "1.19.0" changes: - description: Update Kibana constraint to 9.0 diff --git a/packages/auditd_manager/data_stream/auditd/agent/stream/auditd.yml.hbs b/packages/auditd_manager/data_stream/auditd/agent/stream/auditd.yml.hbs index 62d690ae37e..22255852845 100644 --- a/packages/auditd_manager/data_stream/auditd/agent/stream/auditd.yml.hbs +++ b/packages/auditd_manager/data_stream/auditd/agent/stream/auditd.yml.hbs @@ -8,11 +8,7 @@ immutable: {{immutable}} resolve_ids: {{resolve_ids}} failure_mode: {{failure_mode}} {{#if session_data}} -audit_rules: "{{escape_multiline_string "# Session data audit rules --a always,exit -F arch=b64 -S execve,execveat -k exec --a always,exit -F arch=b64 -S exit_group --a always,exit -F arch=b64 -S setsid -"}}{{escape_multiline_string audit_rules}}" +audit_rules: "# Session data audit rules\n-a always,exit -F arch=b64 -S execve,execveat -k exec\n-a always,exit -F arch=b64 -S exit_group\n-a always,exit -F arch=b64 -S setsid\n{{escape_multiline_string audit_rules}}" {{else}} {{#if audit_rules}} audit_rules: {{escape_string audit_rules}} diff --git a/packages/auditd_manager/manifest.yml b/packages/auditd_manager/manifest.yml index c576d9812fc..11791525a02 100644 --- a/packages/auditd_manager/manifest.yml +++ b/packages/auditd_manager/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.0" name: auditd_manager title: "Auditd Manager" -version: "1.19.0" +version: "1.19.1" description: "The Auditd Manager Integration receives audit events from the Linux Audit Framework that is a part of the Linux kernel." type: integration categories: diff --git a/packages/netskope/changelog.yml b/packages/netskope/changelog.yml index 3fedc099c01..f2606dcaa23 100644 --- a/packages/netskope/changelog.yml +++ b/packages/netskope/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "3.1.2" + changes: + - description: Fix typo in the ingest pipeline for alerts_events_v2 data stream. + type: bugfix + link: https://github.com/elastic/integrations/pull/16230 - version: "3.1.1" changes: - description: Added advanced configuration options for setting and overriding content-type of log files. @@ -12,8 +17,7 @@ - version: "3.0.0" changes: - description: >- - Add alerts_events_v2 data stream to support fetching alert v2 and event v2 data from a single queue. - Users using SQS input should consider disabling alerts_v2 and events_v2 to avoid conflicts, and use the combined data stream instead. + Add alerts_events_v2 data stream to support fetching alert v2 and event v2 data from a single queue. Users using SQS input should consider disabling alerts_v2 and events_v2 to avoid conflicts, and use the combined data stream instead. type: breaking-change link: https://github.com/elastic/integrations/pull/15697 - version: "2.3.0" diff --git a/packages/netskope/data_stream/alerts_events_v2/_dev/test/policy/test-gcs-default.expected b/packages/netskope/data_stream/alerts_events_v2/_dev/test/policy/test-gcs-default.expected new file mode 100644 index 00000000000..df1920f42d4 --- /dev/null +++ b/packages/netskope/data_stream/alerts_events_v2/_dev/test/policy/test-gcs-default.expected @@ -0,0 +1,42 @@ +inputs: + - data_stream: + namespace: ep + meta: + package: + name: netskope + name: test-gcs-default-netskope + streams: + - bucket_timeout: 120s + buckets: + - name: siem_gcs_bucket_1 + - name: siem_gcs_bucket_2 + data_stream: + dataset: netskope.alerts_events_v2 + decoding.codec.csv: + comma: ' ' + enabled: true + max_workers: 3 + poll: true + poll_interval: 15s + project_id: my-project-id + publisher_pipeline.disable_host: true + tags: + - forwarded + - netskope-alerts + type: gcs + use_output: default +output_permissions: + default: + _elastic_agent_checks: + cluster: + - monitor + _elastic_agent_monitoring: + indices: [] + uuid-for-permissions-on-related-indices: + indices: + - names: + - logs-*-* + privileges: + - auto_configure + - create_doc +secret_references: [] diff --git a/packages/netskope/data_stream/alerts_events_v2/_dev/test/policy/test-gcs-default.yml b/packages/netskope/data_stream/alerts_events_v2/_dev/test/policy/test-gcs-default.yml new file mode 100644 index 00000000000..b8cd0b1abb8 --- /dev/null +++ b/packages/netskope/data_stream/alerts_events_v2/_dev/test/policy/test-gcs-default.yml @@ -0,0 +1,2 @@ +input: gcs +vars: \ No newline at end of file diff --git a/packages/netskope/data_stream/alerts_events_v2/_dev/test/policy/test-gcs-with-tags.expected b/packages/netskope/data_stream/alerts_events_v2/_dev/test/policy/test-gcs-with-tags.expected new file mode 100644 index 00000000000..3bc3ccb4f08 --- /dev/null +++ b/packages/netskope/data_stream/alerts_events_v2/_dev/test/policy/test-gcs-with-tags.expected @@ -0,0 +1,45 @@ +inputs: + - data_stream: + namespace: ep + meta: + package: + name: netskope + name: test-gcs-with-tags-netskope + streams: + - bucket_timeout: 120s + buckets: + - name: siem_gcs_bucket_1 + - name: siem_gcs_bucket_2 + data_stream: + dataset: netskope.alerts_events_v2 + decoding.codec.csv: + comma: ' ' + enabled: true + max_workers: 3 + poll: true + poll_interval: 15s + project_id: my-project-id + publisher_pipeline.disable_host: true + tags: + - preserve_original_event + - preserve_duplicate_custom_fields + - forwarded + - custom_tag_1 + - custom_tag_2 + type: gcs + use_output: default +output_permissions: + default: + _elastic_agent_checks: + cluster: + - monitor + _elastic_agent_monitoring: + indices: [] + uuid-for-permissions-on-related-indices: + indices: + - names: + - logs-*-* + privileges: + - auto_configure + - create_doc +secret_references: [] diff --git a/packages/netskope/data_stream/alerts_events_v2/_dev/test/policy/test-gcs-with-tags.yml b/packages/netskope/data_stream/alerts_events_v2/_dev/test/policy/test-gcs-with-tags.yml new file mode 100644 index 00000000000..bfaa14321d2 --- /dev/null +++ b/packages/netskope/data_stream/alerts_events_v2/_dev/test/policy/test-gcs-with-tags.yml @@ -0,0 +1,9 @@ +input: gcs +data_stream: + vars: + preserve_original_event: true + preserve_duplicate_custom_fields: true + tags: + - forwarded + - custom_tag_1 + - custom_tag_2 \ No newline at end of file diff --git a/packages/netskope/data_stream/alerts_events_v2/agent/stream/gcs.yml.hbs b/packages/netskope/data_stream/alerts_events_v2/agent/stream/gcs.yml.hbs index 3ed73663957..7b3f0cbf453 100644 --- a/packages/netskope/data_stream/alerts_events_v2/agent/stream/gcs.yml.hbs +++ b/packages/netskope/data_stream/alerts_events_v2/agent/stream/gcs.yml.hbs @@ -39,6 +39,7 @@ tags: {{#each tags as |tag|}} - {{tag}} {{/each}} +{{/if}} {{#contains "forwarded" tags}} publisher_pipeline.disable_host: true {{/contains}} diff --git a/packages/netskope/manifest.yml b/packages/netskope/manifest.yml index 7722aecb64d..27cee5cc6ac 100644 --- a/packages/netskope/manifest.yml +++ b/packages/netskope/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.3" name: netskope title: "Netskope" -version: "3.1.1" +version: "3.1.2" description: Collect logs from Netskope with Elastic Agent. type: integration categories: