diff --git a/packages/ti_google_threat_intelligence/_dev/build/docs/README.md b/packages/ti_google_threat_intelligence/_dev/build/docs/README.md index b2a9e560ce9..d5aea331f74 100644 --- a/packages/ti_google_threat_intelligence/_dev/build/docs/README.md +++ b/packages/ti_google_threat_intelligence/_dev/build/docs/README.md @@ -34,6 +34,12 @@ Data collection is available for all nine feed types: `cryptominer`, `first_stag ## Requirements +### Agentless-enabled integration +Agentless integrations allow you to collect data without having to manage Elastic Agent in your cloud. They make manual agent deployment unnecessary, so you can focus on your data instead of the agent that collects it. For more information, refer to [Agentless integrations](https://www.elastic.co/guide/en/serverless/current/security-agentless-integrations.html) and the [Agentless integrations FAQ](https://www.elastic.co/guide/en/serverless/current/agentless-integration-troubleshooting.html). + +Agentless deployments are only supported in Elastic Serverless and Elastic Cloud environments. This functionality is in beta and is subject to change. Beta features are not subject to the support SLA of official GA features. + +### Agent-based installation Elastic Agent must be installed. For more details, check the Elastic Agent [installation instructions](docs-content://reference/fleet/install-elastic-agents.md). ## Setup @@ -145,7 +151,7 @@ The following transform and its associated pipelines are used to filter relevant - Prefix the pipeline name with the integration version. For example: ``` - 0.2.0-ti_google_threat_intelligence-latest_ip_ioc-transform-pipeline + {package_version}-ti_google_threat_intelligence-latest_ip_ioc-transform-pipeline ``` - Click **Update** to save the changes. 5. Click the **three dots** again next to the transform and select **Start** to activate it. diff --git a/packages/ti_google_threat_intelligence/changelog.yml b/packages/ti_google_threat_intelligence/changelog.yml index 858a0f88137..37a139b8af6 100644 --- a/packages/ti_google_threat_intelligence/changelog.yml +++ b/packages/ti_google_threat_intelligence/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: 0.4.0 + changes: + - description: Enable Agentless deployment. + type: enhancement + link: https://github.com/elastic/integrations/pull/14511 - version: 0.3.0 changes: - description: Add data streams - linux, malicious_network_infrastructure, malware, mobile, osx. diff --git a/packages/ti_google_threat_intelligence/data_stream/cryptominer/agent/stream/cel.yml.hbs b/packages/ti_google_threat_intelligence/data_stream/cryptominer/agent/stream/cel.yml.hbs index 9d96b0070e9..ecb9a2534ac 100644 --- a/packages/ti_google_threat_intelligence/data_stream/cryptominer/agent/stream/cel.yml.hbs +++ b/packages/ti_google_threat_intelligence/data_stream/cryptominer/agent/stream/cel.yml.hbs @@ -33,7 +33,7 @@ program: | ?"query": has(state.query) ? optional.of([state.query]) : optional.none(), "limit": ["4000"], "x-tool": ["Elastic"], - "User-Agent": ["v0.3.0"], // Keep this in sync with 'version' in package level manifest.yml. + "User-Agent": ["v0.4.0"], // Keep this in sync with 'version' in package level manifest.yml. }.format_query() ).with({ "Header": { diff --git a/packages/ti_google_threat_intelligence/data_stream/cryptominer/elasticsearch/ingest_pipeline/default.yml b/packages/ti_google_threat_intelligence/data_stream/cryptominer/elasticsearch/ingest_pipeline/default.yml index 74a8c76ee71..1246d5a8607 100644 --- a/packages/ti_google_threat_intelligence/data_stream/cryptominer/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_google_threat_intelligence/data_stream/cryptominer/elasticsearch/ingest_pipeline/default.yml @@ -12,6 +12,17 @@ processors: - drop: if: ctx.message == 'retry' tag: drop_retry_events + - remove: + field: + - organization + - division + - team + ignore_missing: true + if: ctx.organization instanceof String && ctx.division instanceof String && ctx.team instanceof String + tag: remove_agentless_tags + description: >- + Removes the fields added by Agentless as metadata, + as they can collide with ECS fields. - rename: field: message tag: rename_message_to_event_original diff --git a/packages/ti_google_threat_intelligence/data_stream/first_stage_delivery_vectors/agent/stream/cel.yml.hbs b/packages/ti_google_threat_intelligence/data_stream/first_stage_delivery_vectors/agent/stream/cel.yml.hbs index b62464f0391..2863184bada 100644 --- a/packages/ti_google_threat_intelligence/data_stream/first_stage_delivery_vectors/agent/stream/cel.yml.hbs +++ b/packages/ti_google_threat_intelligence/data_stream/first_stage_delivery_vectors/agent/stream/cel.yml.hbs @@ -33,7 +33,7 @@ program: | ?"query": has(state.query) ? optional.of([state.query]) : optional.none(), "limit": ["4000"], "x-tool": ["Elastic"], - "User-Agent": ["v0.3.0"], // Keep this in sync with 'version' in package level manifest.yml. + "User-Agent": ["v0.4.0"], // Keep this in sync with 'version' in package level manifest.yml. }.format_query() ).with({ "Header": { diff --git a/packages/ti_google_threat_intelligence/data_stream/first_stage_delivery_vectors/elasticsearch/ingest_pipeline/default.yml b/packages/ti_google_threat_intelligence/data_stream/first_stage_delivery_vectors/elasticsearch/ingest_pipeline/default.yml index 9722be6874b..a8493d51079 100644 --- a/packages/ti_google_threat_intelligence/data_stream/first_stage_delivery_vectors/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_google_threat_intelligence/data_stream/first_stage_delivery_vectors/elasticsearch/ingest_pipeline/default.yml @@ -12,6 +12,17 @@ processors: - drop: if: ctx.message == 'retry' tag: drop_retry_events + - remove: + field: + - organization + - division + - team + ignore_missing: true + if: ctx.organization instanceof String && ctx.division instanceof String && ctx.team instanceof String + tag: remove_agentless_tags + description: >- + Removes the fields added by Agentless as metadata, + as they can collide with ECS fields. - rename: field: message tag: rename_message_to_event_original diff --git a/packages/ti_google_threat_intelligence/data_stream/infostealer/agent/stream/cel.yml.hbs b/packages/ti_google_threat_intelligence/data_stream/infostealer/agent/stream/cel.yml.hbs index bfc00699223..64d6dbd848e 100644 --- a/packages/ti_google_threat_intelligence/data_stream/infostealer/agent/stream/cel.yml.hbs +++ b/packages/ti_google_threat_intelligence/data_stream/infostealer/agent/stream/cel.yml.hbs @@ -33,7 +33,7 @@ program: | ?"query": has(state.query) ? optional.of([state.query]) : optional.none(), "limit": ["4000"], "x-tool": ["Elastic"], - "User-Agent": ["v0.3.0"], // Keep this in sync with 'version' in package level manifest.yml. + "User-Agent": ["v0.4.0"], // Keep this in sync with 'version' in package level manifest.yml. }.format_query() ).with({ "Header": { diff --git a/packages/ti_google_threat_intelligence/data_stream/infostealer/elasticsearch/ingest_pipeline/default.yml b/packages/ti_google_threat_intelligence/data_stream/infostealer/elasticsearch/ingest_pipeline/default.yml index 15870f5a5c8..0fc98c921c9 100644 --- a/packages/ti_google_threat_intelligence/data_stream/infostealer/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_google_threat_intelligence/data_stream/infostealer/elasticsearch/ingest_pipeline/default.yml @@ -12,6 +12,17 @@ processors: - drop: if: ctx.message == 'retry' tag: drop_retry_events + - remove: + field: + - organization + - division + - team + ignore_missing: true + if: ctx.organization instanceof String && ctx.division instanceof String && ctx.team instanceof String + tag: remove_agentless_tags + description: >- + Removes the fields added by Agentless as metadata, + as they can collide with ECS fields. - rename: field: message tag: rename_message_to_event_original diff --git a/packages/ti_google_threat_intelligence/data_stream/iot/agent/stream/cel.yml.hbs b/packages/ti_google_threat_intelligence/data_stream/iot/agent/stream/cel.yml.hbs index bd234b81fc8..35259ebe5ec 100644 --- a/packages/ti_google_threat_intelligence/data_stream/iot/agent/stream/cel.yml.hbs +++ b/packages/ti_google_threat_intelligence/data_stream/iot/agent/stream/cel.yml.hbs @@ -33,7 +33,7 @@ program: | ?"query": has(state.query) ? optional.of([state.query]) : optional.none(), "limit": ["4000"], "x-tool": ["Elastic"], - "User-Agent": ["v0.3.0"], // Keep this in sync with 'version' in package level manifest.yml. + "User-Agent": ["v0.4.0"], // Keep this in sync with 'version' in package level manifest.yml. }.format_query() ).with({ "Header": { diff --git a/packages/ti_google_threat_intelligence/data_stream/iot/elasticsearch/ingest_pipeline/default.yml b/packages/ti_google_threat_intelligence/data_stream/iot/elasticsearch/ingest_pipeline/default.yml index 0bba06edb37..a6f76760095 100644 --- a/packages/ti_google_threat_intelligence/data_stream/iot/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_google_threat_intelligence/data_stream/iot/elasticsearch/ingest_pipeline/default.yml @@ -12,6 +12,17 @@ processors: - drop: if: ctx.message == 'retry' tag: drop_retry_events + - remove: + field: + - organization + - division + - team + ignore_missing: true + if: ctx.organization instanceof String && ctx.division instanceof String && ctx.team instanceof String + tag: remove_agentless_tags + description: >- + Removes the fields added by Agentless as metadata, + as they can collide with ECS fields. - rename: field: message tag: rename_message_to_event_original diff --git a/packages/ti_google_threat_intelligence/data_stream/linux/agent/stream/cel.yml.hbs b/packages/ti_google_threat_intelligence/data_stream/linux/agent/stream/cel.yml.hbs index c6bfc958ba2..036528a272b 100644 --- a/packages/ti_google_threat_intelligence/data_stream/linux/agent/stream/cel.yml.hbs +++ b/packages/ti_google_threat_intelligence/data_stream/linux/agent/stream/cel.yml.hbs @@ -33,7 +33,7 @@ program: | ?"query": has(state.query) ? optional.of([state.query]) : optional.none(), "limit": ["4000"], "x-tool": ["Elastic"], - "User-Agent": ["v0.3.0"], // Keep this in sync with 'version' in package level manifest.yml. + "User-Agent": ["v0.4.0"], // Keep this in sync with 'version' in package level manifest.yml. }.format_query() ).with({ "Header": { diff --git a/packages/ti_google_threat_intelligence/data_stream/linux/elasticsearch/ingest_pipeline/default.yml b/packages/ti_google_threat_intelligence/data_stream/linux/elasticsearch/ingest_pipeline/default.yml index 35891bd37f6..c83a31ec0d5 100644 --- a/packages/ti_google_threat_intelligence/data_stream/linux/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_google_threat_intelligence/data_stream/linux/elasticsearch/ingest_pipeline/default.yml @@ -12,6 +12,17 @@ processors: - drop: if: ctx.message == 'retry' tag: drop_retry_events + - remove: + field: + - organization + - division + - team + ignore_missing: true + if: ctx.organization instanceof String && ctx.division instanceof String && ctx.team instanceof String + tag: remove_agentless_tags + description: >- + Removes the fields added by Agentless as metadata, + as they can collide with ECS fields. - rename: field: message tag: rename_message_to_event_original diff --git a/packages/ti_google_threat_intelligence/data_stream/malicious_network_infrastructure/agent/stream/cel.yml.hbs b/packages/ti_google_threat_intelligence/data_stream/malicious_network_infrastructure/agent/stream/cel.yml.hbs index 69e3c322f77..cff8e5ea305 100644 --- a/packages/ti_google_threat_intelligence/data_stream/malicious_network_infrastructure/agent/stream/cel.yml.hbs +++ b/packages/ti_google_threat_intelligence/data_stream/malicious_network_infrastructure/agent/stream/cel.yml.hbs @@ -33,7 +33,7 @@ program: | ?"query": has(state.query) ? optional.of([state.query]) : optional.none(), "limit": ["4000"], "x-tool": ["Elastic"], - "User-Agent": ["v0.3.0"], // Keep this in sync with 'version' in package level manifest.yml. + "User-Agent": ["v0.4.0"], // Keep this in sync with 'version' in package level manifest.yml. }.format_query() ).with({ "Header": { diff --git a/packages/ti_google_threat_intelligence/data_stream/malicious_network_infrastructure/elasticsearch/ingest_pipeline/default.yml b/packages/ti_google_threat_intelligence/data_stream/malicious_network_infrastructure/elasticsearch/ingest_pipeline/default.yml index 8fa8ca762ab..66d49f6fe01 100644 --- a/packages/ti_google_threat_intelligence/data_stream/malicious_network_infrastructure/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_google_threat_intelligence/data_stream/malicious_network_infrastructure/elasticsearch/ingest_pipeline/default.yml @@ -12,6 +12,17 @@ processors: - drop: if: ctx.message == 'retry' tag: drop_retry_events + - remove: + field: + - organization + - division + - team + ignore_missing: true + if: ctx.organization instanceof String && ctx.division instanceof String && ctx.team instanceof String + tag: remove_agentless_tags + description: >- + Removes the fields added by Agentless as metadata, + as they can collide with ECS fields. - rename: field: message tag: rename_message_to_event_original diff --git a/packages/ti_google_threat_intelligence/data_stream/malware/agent/stream/cel.yml.hbs b/packages/ti_google_threat_intelligence/data_stream/malware/agent/stream/cel.yml.hbs index a74400d1e15..b0bb444b0bd 100644 --- a/packages/ti_google_threat_intelligence/data_stream/malware/agent/stream/cel.yml.hbs +++ b/packages/ti_google_threat_intelligence/data_stream/malware/agent/stream/cel.yml.hbs @@ -33,7 +33,7 @@ program: | ?"query": has(state.query) ? optional.of([state.query]) : optional.none(), "limit": ["4000"], "x-tool": ["Elastic"], - "User-Agent": ["v0.3.0"], // Keep this in sync with 'version' in package level manifest.yml. + "User-Agent": ["v0.4.0"], // Keep this in sync with 'version' in package level manifest.yml. }.format_query() ).with({ "Header": { diff --git a/packages/ti_google_threat_intelligence/data_stream/malware/elasticsearch/ingest_pipeline/default.yml b/packages/ti_google_threat_intelligence/data_stream/malware/elasticsearch/ingest_pipeline/default.yml index 13c3b660ff4..1c0d347d722 100644 --- a/packages/ti_google_threat_intelligence/data_stream/malware/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_google_threat_intelligence/data_stream/malware/elasticsearch/ingest_pipeline/default.yml @@ -12,6 +12,17 @@ processors: - drop: if: ctx.message == 'retry' tag: drop_retry_events + - remove: + field: + - organization + - division + - team + ignore_missing: true + if: ctx.organization instanceof String && ctx.division instanceof String && ctx.team instanceof String + tag: remove_agentless_tags + description: >- + Removes the fields added by Agentless as metadata, + as they can collide with ECS fields. - rename: field: message tag: rename_message_to_event_original diff --git a/packages/ti_google_threat_intelligence/data_stream/mobile/agent/stream/cel.yml.hbs b/packages/ti_google_threat_intelligence/data_stream/mobile/agent/stream/cel.yml.hbs index a5330a81674..a900a6dd15c 100644 --- a/packages/ti_google_threat_intelligence/data_stream/mobile/agent/stream/cel.yml.hbs +++ b/packages/ti_google_threat_intelligence/data_stream/mobile/agent/stream/cel.yml.hbs @@ -33,7 +33,7 @@ program: | ?"query": has(state.query) ? optional.of([state.query]) : optional.none(), "limit": ["4000"], "x-tool": ["Elastic"], - "User-Agent": ["v0.3.0"], // Keep this in sync with 'version' in package level manifest.yml. + "User-Agent": ["v0.4.0"], // Keep this in sync with 'version' in package level manifest.yml. }.format_query() ).with({ "Header": { diff --git a/packages/ti_google_threat_intelligence/data_stream/mobile/elasticsearch/ingest_pipeline/default.yml b/packages/ti_google_threat_intelligence/data_stream/mobile/elasticsearch/ingest_pipeline/default.yml index 4ddb91d3071..3c8dcd9ea73 100644 --- a/packages/ti_google_threat_intelligence/data_stream/mobile/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_google_threat_intelligence/data_stream/mobile/elasticsearch/ingest_pipeline/default.yml @@ -12,6 +12,17 @@ processors: - drop: if: ctx.message == 'retry' tag: drop_retry_events + - remove: + field: + - organization + - division + - team + ignore_missing: true + if: ctx.organization instanceof String && ctx.division instanceof String && ctx.team instanceof String + tag: remove_agentless_tags + description: >- + Removes the fields added by Agentless as metadata, + as they can collide with ECS fields. - rename: field: message tag: rename_message_to_event_original diff --git a/packages/ti_google_threat_intelligence/data_stream/osx/agent/stream/cel.yml.hbs b/packages/ti_google_threat_intelligence/data_stream/osx/agent/stream/cel.yml.hbs index 1a09b25bd68..8492bd4e6aa 100644 --- a/packages/ti_google_threat_intelligence/data_stream/osx/agent/stream/cel.yml.hbs +++ b/packages/ti_google_threat_intelligence/data_stream/osx/agent/stream/cel.yml.hbs @@ -33,7 +33,7 @@ program: | ?"query": has(state.query) ? optional.of([state.query]) : optional.none(), "limit": ["4000"], "x-tool": ["Elastic"], - "User-Agent": ["v0.3.0"], // Keep this in sync with 'version' in package level manifest.yml. + "User-Agent": ["v0.4.0"], // Keep this in sync with 'version' in package level manifest.yml. }.format_query() ).with({ "Header": { diff --git a/packages/ti_google_threat_intelligence/data_stream/osx/elasticsearch/ingest_pipeline/default.yml b/packages/ti_google_threat_intelligence/data_stream/osx/elasticsearch/ingest_pipeline/default.yml index 8da2c8c09ef..c349e81f19b 100644 --- a/packages/ti_google_threat_intelligence/data_stream/osx/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_google_threat_intelligence/data_stream/osx/elasticsearch/ingest_pipeline/default.yml @@ -12,6 +12,17 @@ processors: - drop: if: ctx.message == 'retry' tag: drop_retry_events + - remove: + field: + - organization + - division + - team + ignore_missing: true + if: ctx.organization instanceof String && ctx.division instanceof String && ctx.team instanceof String + tag: remove_agentless_tags + description: >- + Removes the fields added by Agentless as metadata, + as they can collide with ECS fields. - rename: field: message tag: rename_message_to_event_original diff --git a/packages/ti_google_threat_intelligence/docs/README.md b/packages/ti_google_threat_intelligence/docs/README.md index 0e3d1da6c8b..4b3de510509 100644 --- a/packages/ti_google_threat_intelligence/docs/README.md +++ b/packages/ti_google_threat_intelligence/docs/README.md @@ -34,6 +34,12 @@ Data collection is available for all nine feed types: `cryptominer`, `first_stag ## Requirements +### Agentless-enabled integration +Agentless integrations allow you to collect data without having to manage Elastic Agent in your cloud. They make manual agent deployment unnecessary, so you can focus on your data instead of the agent that collects it. For more information, refer to [Agentless integrations](https://www.elastic.co/guide/en/serverless/current/security-agentless-integrations.html) and the [Agentless integrations FAQ](https://www.elastic.co/guide/en/serverless/current/agentless-integration-troubleshooting.html). + +Agentless deployments are only supported in Elastic Serverless and Elastic Cloud environments. This functionality is in beta and is subject to change. Beta features are not subject to the support SLA of official GA features. + +### Agent-based installation Elastic Agent must be installed. For more details, check the Elastic Agent [installation instructions](docs-content://reference/fleet/install-elastic-agents.md). ## Setup @@ -145,7 +151,7 @@ The following transform and its associated pipelines are used to filter relevant - Prefix the pipeline name with the integration version. For example: ``` - 0.2.0-ti_google_threat_intelligence-latest_ip_ioc-transform-pipeline + {package_version}-ti_google_threat_intelligence-latest_ip_ioc-transform-pipeline ``` - Click **Update** to save the changes. 5. Click the **three dots** again next to the transform and select **Start** to activate it. diff --git a/packages/ti_google_threat_intelligence/elasticsearch/transform/domain_ioc/transform.yml b/packages/ti_google_threat_intelligence/elasticsearch/transform/domain_ioc/transform.yml index 58fbbc9d067..e218247fc8d 100644 --- a/packages/ti_google_threat_intelligence/elasticsearch/transform/domain_ioc/transform.yml +++ b/packages/ti_google_threat_intelligence/elasticsearch/transform/domain_ioc/transform.yml @@ -54,7 +54,7 @@ _meta: managed: false # Bump this version to delete, reinstall, and restart the transform during # package installation. - fleet_transform_version: 0.3.0 + fleet_transform_version: 0.4.0 # We are currently using multiple source indices in this transform because system tests do not support # executing queries defined within the transform. This causes test failures, so we've raised the issue here: # https://github.com/elastic/elastic-package/issues/2676 diff --git a/packages/ti_google_threat_intelligence/elasticsearch/transform/file_ioc/transform.yml b/packages/ti_google_threat_intelligence/elasticsearch/transform/file_ioc/transform.yml index 9f6ae0c388c..1487251e29c 100644 --- a/packages/ti_google_threat_intelligence/elasticsearch/transform/file_ioc/transform.yml +++ b/packages/ti_google_threat_intelligence/elasticsearch/transform/file_ioc/transform.yml @@ -54,7 +54,7 @@ _meta: managed: false # Bump this version to delete, reinstall, and restart the transform during # package installation. - fleet_transform_version: 0.3.0 + fleet_transform_version: 0.4.0 # We are currently using multiple source indices in this transform because system tests do not support # executing queries defined within the transform. This causes test failures, so we've raised the issue here: # https://github.com/elastic/elastic-package/issues/2676 diff --git a/packages/ti_google_threat_intelligence/elasticsearch/transform/ip_ioc/transform.yml b/packages/ti_google_threat_intelligence/elasticsearch/transform/ip_ioc/transform.yml index 92d5caec8ac..58a65c1ef2d 100644 --- a/packages/ti_google_threat_intelligence/elasticsearch/transform/ip_ioc/transform.yml +++ b/packages/ti_google_threat_intelligence/elasticsearch/transform/ip_ioc/transform.yml @@ -54,7 +54,7 @@ _meta: managed: false # Bump this version to delete, reinstall, and restart the transform during # package installation. - fleet_transform_version: 0.3.0 + fleet_transform_version: 0.4.0 # We are currently using multiple source indices in this transform because system tests do not support # executing queries defined within the transform. This causes test failures, so we've raised the issue here: # https://github.com/elastic/elastic-package/issues/2676 diff --git a/packages/ti_google_threat_intelligence/elasticsearch/transform/rule/transform.yml b/packages/ti_google_threat_intelligence/elasticsearch/transform/rule/transform.yml index 73ec077dda0..bb204c17709 100644 --- a/packages/ti_google_threat_intelligence/elasticsearch/transform/rule/transform.yml +++ b/packages/ti_google_threat_intelligence/elasticsearch/transform/rule/transform.yml @@ -42,5 +42,5 @@ _meta: managed: false # Bump this version to delete, reinstall, and restart the transform during # package installation. - fleet_transform_version: 0.3.0 + fleet_transform_version: 0.4.0 run_as_kibana_system: false diff --git a/packages/ti_google_threat_intelligence/elasticsearch/transform/url_ioc/transform.yml b/packages/ti_google_threat_intelligence/elasticsearch/transform/url_ioc/transform.yml index 504e691f040..75a9378be54 100644 --- a/packages/ti_google_threat_intelligence/elasticsearch/transform/url_ioc/transform.yml +++ b/packages/ti_google_threat_intelligence/elasticsearch/transform/url_ioc/transform.yml @@ -54,7 +54,7 @@ _meta: managed: false # Bump this version to delete, reinstall, and restart the transform during # package installation. - fleet_transform_version: 0.3.0 + fleet_transform_version: 0.4.0 # We are currently using multiple source indices in this transform because system tests do not support # executing queries defined within the transform. This causes test failures, so we've raised the issue here: # https://github.com/elastic/elastic-package/issues/2676 diff --git a/packages/ti_google_threat_intelligence/img/threat_feed_overview_dashboard.png b/packages/ti_google_threat_intelligence/img/threat_feed_overview_dashboard.png index 43d119822b1..a876b9eef1f 100644 Binary files a/packages/ti_google_threat_intelligence/img/threat_feed_overview_dashboard.png and b/packages/ti_google_threat_intelligence/img/threat_feed_overview_dashboard.png differ diff --git a/packages/ti_google_threat_intelligence/img/threat_intelligence_dashboard.png b/packages/ti_google_threat_intelligence/img/threat_intelligence_dashboard.png index d80300524ac..9887bc39980 100644 Binary files a/packages/ti_google_threat_intelligence/img/threat_intelligence_dashboard.png and b/packages/ti_google_threat_intelligence/img/threat_intelligence_dashboard.png differ diff --git a/packages/ti_google_threat_intelligence/kibana/dashboard/ti_google_threat_intelligence-0b0fb6b4-d250-4e31-a56a-bb872e4c7c4a.json b/packages/ti_google_threat_intelligence/kibana/dashboard/ti_google_threat_intelligence-0b0fb6b4-d250-4e31-a56a-bb872e4c7c4a.json index ca205652ae7..8662dd71951 100644 --- a/packages/ti_google_threat_intelligence/kibana/dashboard/ti_google_threat_intelligence-0b0fb6b4-d250-4e31-a56a-bb872e4c7c4a.json +++ b/packages/ti_google_threat_intelligence/kibana/dashboard/ti_google_threat_intelligence-0b0fb6b4-d250-4e31-a56a-bb872e4c7c4a.json @@ -826,9 +826,8 @@ "version": 2 }, "coreMigrationVersion": "8.8.0", - "created_at": "2025-06-03T08:45:20.592Z", + "created_at": "2025-07-11T07:54:47.115Z", "id": "ti_google_threat_intelligence-0b0fb6b4-d250-4e31-a56a-bb872e4c7c4a", - "managed": false, "references": [ { "id": "logs-*", @@ -922,6 +921,5 @@ } ], "type": "dashboard", - "typeMigrationVersion": "10.2.0", - "updated_by": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0" + "typeMigrationVersion": "10.2.0" } \ No newline at end of file diff --git a/packages/ti_google_threat_intelligence/kibana/dashboard/ti_google_threat_intelligence-95187e5c-b4a2-45ad-b6a4-d6ce68e1f43e.json b/packages/ti_google_threat_intelligence/kibana/dashboard/ti_google_threat_intelligence-95187e5c-b4a2-45ad-b6a4-d6ce68e1f43e.json index 1889e64e701..f3138259648 100644 --- a/packages/ti_google_threat_intelligence/kibana/dashboard/ti_google_threat_intelligence-95187e5c-b4a2-45ad-b6a4-d6ce68e1f43e.json +++ b/packages/ti_google_threat_intelligence/kibana/dashboard/ti_google_threat_intelligence-95187e5c-b4a2-45ad-b6a4-d6ce68e1f43e.json @@ -306,7 +306,7 @@ "gridData": { "h": 9, "i": "f6821609-9316-41e9-bf73-0bb8a6c945ae", - "w": 9.6, + "w": 11, "x": 0, "y": 11 }, @@ -413,8 +413,8 @@ "gridData": { "h": 9, "i": "f145a391-9afd-4126-a361-0ce363ddf721", - "w": 9.6, - "x": 9.6, + "w": 9, + "x": 11, "y": 11 }, "panelIndex": "f145a391-9afd-4126-a361-0ce363ddf721", @@ -520,8 +520,8 @@ "gridData": { "h": 9, "i": "91347221-c568-473a-a235-0465158bd25a", - "w": 9.6, - "x": 19.2, + "w": 10, + "x": 20, "y": 11 }, "panelIndex": "91347221-c568-473a-a235-0465158bd25a", @@ -625,8 +625,8 @@ "gridData": { "h": 9, "i": "e288367b-ea0b-442f-942c-9d0631d1fcae", - "w": 9.6, - "x": 28.8, + "w": 9, + "x": 30, "y": 11 }, "panelIndex": "e288367b-ea0b-442f-942c-9d0631d1fcae", @@ -732,8 +732,8 @@ "gridData": { "h": 9, "i": "ad580c83-17cc-4ab2-b4c9-5783045fb257", - "w": 9.6, - "x": 38.4, + "w": 9, + "x": 39, "y": 11 }, "panelIndex": "ad580c83-17cc-4ab2-b4c9-5783045fb257", @@ -2751,9 +2751,8 @@ "version": 2 }, "coreMigrationVersion": "8.8.0", - "created_at": "2025-06-03T08:45:23.329Z", + "created_at": "2025-07-11T07:54:50.167Z", "id": "ti_google_threat_intelligence-95187e5c-b4a2-45ad-b6a4-d6ce68e1f43e", - "managed": false, "references": [ { "id": "logs-*", diff --git a/packages/ti_google_threat_intelligence/kibana/dashboard/ti_google_threat_intelligence-9e8de699-a623-4a1b-9f63-7d641116f531.json b/packages/ti_google_threat_intelligence/kibana/dashboard/ti_google_threat_intelligence-9e8de699-a623-4a1b-9f63-7d641116f531.json index 4bfd211caf0..9e0d25dcf18 100644 --- a/packages/ti_google_threat_intelligence/kibana/dashboard/ti_google_threat_intelligence-9e8de699-a623-4a1b-9f63-7d641116f531.json +++ b/packages/ti_google_threat_intelligence/kibana/dashboard/ti_google_threat_intelligence-9e8de699-a623-4a1b-9f63-7d641116f531.json @@ -318,7 +318,7 @@ "gridData": { "h": 8, "i": "1ad07fb6-9574-4a97-9210-fa5d9ff61d9c", - "w": 9.6, + "w": 11, "x": 0, "y": 12 }, @@ -425,8 +425,8 @@ "gridData": { "h": 8, "i": "c7dba0be-b531-4434-bbd1-22f7aa7fd01c", - "w": 9.6, - "x": 9.6, + "w": 9, + "x": 11, "y": 12 }, "panelIndex": "c7dba0be-b531-4434-bbd1-22f7aa7fd01c", @@ -458,7 +458,7 @@ "customLabel": true, "dataType": "number", "isBucketed": false, - "label": "Detected Unique Files", + "label": "Detected Unique URLs", "operationType": "unique_count", "params": { "emptyAsNull": false, @@ -471,7 +471,7 @@ } }, "scale": "ratio", - "sourceField": "threat.indicator.file.hash.sha256" + "sourceField": "threat.indicator.id" } }, "incompleteColumns": {}, @@ -495,17 +495,17 @@ "alias": null, "disabled": false, "field": "threat.indicator.type", - "index": "5fed6bb4-eeff-4b18-9b90-846b9fb6d3f5", + "index": "b9af836c-9fb9-492c-9961-906d95b1fcf7", "key": "threat.indicator.type", "negate": false, "params": { - "query": "file" + "query": "url" }, "type": "phrase" }, "query": { "match_phrase": { - "threat.indicator.type": "file" + "threat.indicator.type": "url" } } } @@ -531,12 +531,12 @@ }, "gridData": { "h": 8, - "i": "bb4776d8-7a93-4e4c-b097-d9ed454c3206", - "w": 9.6, - "x": 19.2, + "i": "6a66f6c1-12a4-41df-8bdd-75a214e3eb2f", + "w": 9, + "x": 20, "y": 12 }, - "panelIndex": "bb4776d8-7a93-4e4c-b097-d9ed454c3206", + "panelIndex": "6a66f6c1-12a4-41df-8bdd-75a214e3eb2f", "title": "", "type": "lens" }, @@ -565,7 +565,7 @@ "customLabel": true, "dataType": "number", "isBucketed": false, - "label": "Detected Unique URLs", + "label": "Detected Unique Files", "operationType": "unique_count", "params": { "emptyAsNull": false, @@ -578,7 +578,7 @@ } }, "scale": "ratio", - "sourceField": "threat.indicator.id" + "sourceField": "threat.indicator.file.hash.sha256" } }, "incompleteColumns": {}, @@ -602,17 +602,17 @@ "alias": null, "disabled": false, "field": "threat.indicator.type", - "index": "b9af836c-9fb9-492c-9961-906d95b1fcf7", + "index": "5fed6bb4-eeff-4b18-9b90-846b9fb6d3f5", "key": "threat.indicator.type", "negate": false, "params": { - "query": "url" + "query": "file" }, "type": "phrase" }, "query": { "match_phrase": { - "threat.indicator.type": "url" + "threat.indicator.type": "file" } } } @@ -638,12 +638,12 @@ }, "gridData": { "h": 8, - "i": "6a66f6c1-12a4-41df-8bdd-75a214e3eb2f", - "w": 9.6, - "x": 28.8, + "i": "bb4776d8-7a93-4e4c-b097-d9ed454c3206", + "w": 10, + "x": 29, "y": 12 }, - "panelIndex": "6a66f6c1-12a4-41df-8bdd-75a214e3eb2f", + "panelIndex": "bb4776d8-7a93-4e4c-b097-d9ed454c3206", "title": "", "type": "lens" }, @@ -746,8 +746,8 @@ "gridData": { "h": 8, "i": "1f3f7ab5-7c36-490f-8372-fed0634db3c9", - "w": 9.6, - "x": 38.4, + "w": 9, + "x": 39, "y": 12 }, "panelIndex": "1f3f7ab5-7c36-490f-8372-fed0634db3c9", @@ -3248,9 +3248,8 @@ "version": 2 }, "coreMigrationVersion": "8.8.0", - "created_at": "2025-06-03T08:45:24.360Z", + "created_at": "2025-07-11T07:54:51.196Z", "id": "ti_google_threat_intelligence-9e8de699-a623-4a1b-9f63-7d641116f531", - "managed": false, "references": [ { "id": "logs-*", @@ -3274,12 +3273,12 @@ }, { "id": "logs-*", - "name": "bb4776d8-7a93-4e4c-b097-d9ed454c3206:indexpattern-datasource-layer-84a7b6d9-1d42-45b8-8c88-745f243ef3c4", + "name": "6a66f6c1-12a4-41df-8bdd-75a214e3eb2f:indexpattern-datasource-layer-84a7b6d9-1d42-45b8-8c88-745f243ef3c4", "type": "index-pattern" }, { "id": "logs-*", - "name": "6a66f6c1-12a4-41df-8bdd-75a214e3eb2f:indexpattern-datasource-layer-84a7b6d9-1d42-45b8-8c88-745f243ef3c4", + "name": "bb4776d8-7a93-4e4c-b097-d9ed454c3206:indexpattern-datasource-layer-84a7b6d9-1d42-45b8-8c88-745f243ef3c4", "type": "index-pattern" }, { diff --git a/packages/ti_google_threat_intelligence/kibana/search/ti_google_threat_intelligence-1539bed1-9500-4751-b492-07bff04c887b.json b/packages/ti_google_threat_intelligence/kibana/search/ti_google_threat_intelligence-1539bed1-9500-4751-b492-07bff04c887b.json index ab13686d71a..b7c549c1ce0 100644 --- a/packages/ti_google_threat_intelligence/kibana/search/ti_google_threat_intelligence-1539bed1-9500-4751-b492-07bff04c887b.json +++ b/packages/ti_google_threat_intelligence/kibana/search/ti_google_threat_intelligence-1539bed1-9500-4751-b492-07bff04c887b.json @@ -77,9 +77,8 @@ "title": "Detected Campaigns Collection Essential Details [Logs Google Threat Intelligence]" }, "coreMigrationVersion": "8.8.0", - "created_at": "2025-06-03T08:43:20.892Z", + "created_at": "2025-07-11T07:54:27.703Z", "id": "ti_google_threat_intelligence-1539bed1-9500-4751-b492-07bff04c887b", - "managed": true, "references": [ { "id": "logs-*", diff --git a/packages/ti_google_threat_intelligence/kibana/search/ti_google_threat_intelligence-38af8948-a1f0-450e-9ebc-8e35544e8c16.json b/packages/ti_google_threat_intelligence/kibana/search/ti_google_threat_intelligence-38af8948-a1f0-450e-9ebc-8e35544e8c16.json index 9fc78cc6bc7..bca4f9c6e41 100644 --- a/packages/ti_google_threat_intelligence/kibana/search/ti_google_threat_intelligence-38af8948-a1f0-450e-9ebc-8e35544e8c16.json +++ b/packages/ti_google_threat_intelligence/kibana/search/ti_google_threat_intelligence-38af8948-a1f0-450e-9ebc-8e35544e8c16.json @@ -77,9 +77,8 @@ "title": "Detected Vulnerabilities Collection Essential Details [Logs Google Threat Intelligence]" }, "coreMigrationVersion": "8.8.0", - "created_at": "2025-06-03T08:43:20.892Z", + "created_at": "2025-07-11T07:54:27.703Z", "id": "ti_google_threat_intelligence-38af8948-a1f0-450e-9ebc-8e35544e8c16", - "managed": true, "references": [ { "id": "logs-*", diff --git a/packages/ti_google_threat_intelligence/kibana/search/ti_google_threat_intelligence-64fb5964-6114-490d-9f0b-2d3684f8cc8d.json b/packages/ti_google_threat_intelligence/kibana/search/ti_google_threat_intelligence-64fb5964-6114-490d-9f0b-2d3684f8cc8d.json index 271e4045bfe..8cd35b931dc 100644 --- a/packages/ti_google_threat_intelligence/kibana/search/ti_google_threat_intelligence-64fb5964-6114-490d-9f0b-2d3684f8cc8d.json +++ b/packages/ti_google_threat_intelligence/kibana/search/ti_google_threat_intelligence-64fb5964-6114-490d-9f0b-2d3684f8cc8d.json @@ -78,9 +78,8 @@ "title": "Detected Domain Events Summary [Logs Google Threat Intelligence]" }, "coreMigrationVersion": "8.8.0", - "created_at": "2025-06-03T08:43:20.892Z", + "created_at": "2025-07-11T07:54:27.703Z", "id": "ti_google_threat_intelligence-64fb5964-6114-490d-9f0b-2d3684f8cc8d", - "managed": true, "references": [ { "id": "logs-*", diff --git a/packages/ti_google_threat_intelligence/kibana/search/ti_google_threat_intelligence-70860d2b-3f3b-4185-b524-f0afdb0d2cf6.json b/packages/ti_google_threat_intelligence/kibana/search/ti_google_threat_intelligence-70860d2b-3f3b-4185-b524-f0afdb0d2cf6.json index b6bdf38fdcd..4c7b042af50 100644 --- a/packages/ti_google_threat_intelligence/kibana/search/ti_google_threat_intelligence-70860d2b-3f3b-4185-b524-f0afdb0d2cf6.json +++ b/packages/ti_google_threat_intelligence/kibana/search/ti_google_threat_intelligence-70860d2b-3f3b-4185-b524-f0afdb0d2cf6.json @@ -77,9 +77,8 @@ "title": "Detected Reports Collection Essential Details [Logs Google Threat Intelligence]" }, "coreMigrationVersion": "8.8.0", - "created_at": "2025-06-03T08:43:20.892Z", + "created_at": "2025-07-11T07:54:27.703Z", "id": "ti_google_threat_intelligence-70860d2b-3f3b-4185-b524-f0afdb0d2cf6", - "managed": true, "references": [ { "id": "logs-*", diff --git a/packages/ti_google_threat_intelligence/kibana/search/ti_google_threat_intelligence-7a6faa45-29fd-449f-a05d-7d00858f614c.json b/packages/ti_google_threat_intelligence/kibana/search/ti_google_threat_intelligence-7a6faa45-29fd-449f-a05d-7d00858f614c.json index 3231122f2cd..426cc824c20 100644 --- a/packages/ti_google_threat_intelligence/kibana/search/ti_google_threat_intelligence-7a6faa45-29fd-449f-a05d-7d00858f614c.json +++ b/packages/ti_google_threat_intelligence/kibana/search/ti_google_threat_intelligence-7a6faa45-29fd-449f-a05d-7d00858f614c.json @@ -78,9 +78,8 @@ "title": "Detected URL Events Summary [Logs Google Threat Intelligence]" }, "coreMigrationVersion": "8.8.0", - "created_at": "2025-06-03T08:43:20.892Z", + "created_at": "2025-07-11T07:54:27.703Z", "id": "ti_google_threat_intelligence-7a6faa45-29fd-449f-a05d-7d00858f614c", - "managed": true, "references": [ { "id": "logs-*", diff --git a/packages/ti_google_threat_intelligence/kibana/search/ti_google_threat_intelligence-7b0a91d7-7d7b-4e23-aff7-dd97e820dae2.json b/packages/ti_google_threat_intelligence/kibana/search/ti_google_threat_intelligence-7b0a91d7-7d7b-4e23-aff7-dd97e820dae2.json index 61c0b4d5b85..bca8171ea84 100644 --- a/packages/ti_google_threat_intelligence/kibana/search/ti_google_threat_intelligence-7b0a91d7-7d7b-4e23-aff7-dd97e820dae2.json +++ b/packages/ti_google_threat_intelligence/kibana/search/ti_google_threat_intelligence-7b0a91d7-7d7b-4e23-aff7-dd97e820dae2.json @@ -77,9 +77,8 @@ "title": "Detected Software Toolkits Collection Essential Details [Logs Google Threat Intelligence]" }, "coreMigrationVersion": "8.8.0", - "created_at": "2025-06-03T08:43:20.892Z", + "created_at": "2025-07-11T07:54:27.703Z", "id": "ti_google_threat_intelligence-7b0a91d7-7d7b-4e23-aff7-dd97e820dae2", - "managed": true, "references": [ { "id": "logs-*", diff --git a/packages/ti_google_threat_intelligence/kibana/search/ti_google_threat_intelligence-7f91c071-f4d8-47af-bad9-e07e9ad4892c.json b/packages/ti_google_threat_intelligence/kibana/search/ti_google_threat_intelligence-7f91c071-f4d8-47af-bad9-e07e9ad4892c.json index 8406c788f7b..4b5dee9cfbc 100644 --- a/packages/ti_google_threat_intelligence/kibana/search/ti_google_threat_intelligence-7f91c071-f4d8-47af-bad9-e07e9ad4892c.json +++ b/packages/ti_google_threat_intelligence/kibana/search/ti_google_threat_intelligence-7f91c071-f4d8-47af-bad9-e07e9ad4892c.json @@ -77,9 +77,8 @@ "title": "Detected Threat Actors Collection Essential Details [Logs Google Threat Intelligence]" }, "coreMigrationVersion": "8.8.0", - "created_at": "2025-06-03T08:43:20.892Z", + "created_at": "2025-07-11T07:54:27.703Z", "id": "ti_google_threat_intelligence-7f91c071-f4d8-47af-bad9-e07e9ad4892c", - "managed": true, "references": [ { "id": "logs-*", diff --git a/packages/ti_google_threat_intelligence/kibana/search/ti_google_threat_intelligence-8470cc18-e5e2-4a93-ae98-8ef0f93fcc07.json b/packages/ti_google_threat_intelligence/kibana/search/ti_google_threat_intelligence-8470cc18-e5e2-4a93-ae98-8ef0f93fcc07.json index 366c7aac746..ccc1e9e6405 100644 --- a/packages/ti_google_threat_intelligence/kibana/search/ti_google_threat_intelligence-8470cc18-e5e2-4a93-ae98-8ef0f93fcc07.json +++ b/packages/ti_google_threat_intelligence/kibana/search/ti_google_threat_intelligence-8470cc18-e5e2-4a93-ae98-8ef0f93fcc07.json @@ -85,9 +85,8 @@ "title": "Detected Collections Collection Essential Details [Logs Google Threat Intelligence]" }, "coreMigrationVersion": "8.8.0", - "created_at": "2025-06-03T08:43:20.892Z", + "created_at": "2025-07-11T07:54:27.703Z", "id": "ti_google_threat_intelligence-8470cc18-e5e2-4a93-ae98-8ef0f93fcc07", - "managed": true, "references": [ { "id": "logs-*", diff --git a/packages/ti_google_threat_intelligence/kibana/search/ti_google_threat_intelligence-a051cab4-06f3-4b8c-b7c3-9bb1fbc90cab.json b/packages/ti_google_threat_intelligence/kibana/search/ti_google_threat_intelligence-a051cab4-06f3-4b8c-b7c3-9bb1fbc90cab.json index 20a4403b130..ba3d42859dc 100644 --- a/packages/ti_google_threat_intelligence/kibana/search/ti_google_threat_intelligence-a051cab4-06f3-4b8c-b7c3-9bb1fbc90cab.json +++ b/packages/ti_google_threat_intelligence/kibana/search/ti_google_threat_intelligence-a051cab4-06f3-4b8c-b7c3-9bb1fbc90cab.json @@ -78,9 +78,8 @@ "title": "Detected File Events Summary [Logs Google Threat Intelligence]" }, "coreMigrationVersion": "8.8.0", - "created_at": "2025-06-03T08:43:20.892Z", + "created_at": "2025-07-11T07:54:27.703Z", "id": "ti_google_threat_intelligence-a051cab4-06f3-4b8c-b7c3-9bb1fbc90cab", - "managed": true, "references": [ { "id": "logs-*", diff --git a/packages/ti_google_threat_intelligence/kibana/search/ti_google_threat_intelligence-aeff19b8-15d8-49eb-aae1-0439e0f014cd.json b/packages/ti_google_threat_intelligence/kibana/search/ti_google_threat_intelligence-aeff19b8-15d8-49eb-aae1-0439e0f014cd.json index e786b1c4ea9..35a9046e903 100644 --- a/packages/ti_google_threat_intelligence/kibana/search/ti_google_threat_intelligence-aeff19b8-15d8-49eb-aae1-0439e0f014cd.json +++ b/packages/ti_google_threat_intelligence/kibana/search/ti_google_threat_intelligence-aeff19b8-15d8-49eb-aae1-0439e0f014cd.json @@ -78,9 +78,8 @@ "title": "Detected IP Events Summary [Logs Google Threat Intelligence]" }, "coreMigrationVersion": "8.8.0", - "created_at": "2025-06-03T08:43:20.892Z", + "created_at": "2025-07-11T07:54:27.703Z", "id": "ti_google_threat_intelligence-aeff19b8-15d8-49eb-aae1-0439e0f014cd", - "managed": true, "references": [ { "id": "logs-*", diff --git a/packages/ti_google_threat_intelligence/kibana/search/ti_google_threat_intelligence-e813ee30-c48e-4607-be05-8f2abe2f8bd1.json b/packages/ti_google_threat_intelligence/kibana/search/ti_google_threat_intelligence-e813ee30-c48e-4607-be05-8f2abe2f8bd1.json index 91318e0892f..8d44034352d 100644 --- a/packages/ti_google_threat_intelligence/kibana/search/ti_google_threat_intelligence-e813ee30-c48e-4607-be05-8f2abe2f8bd1.json +++ b/packages/ti_google_threat_intelligence/kibana/search/ti_google_threat_intelligence-e813ee30-c48e-4607-be05-8f2abe2f8bd1.json @@ -77,9 +77,8 @@ "title": "Detected Malware Families Collection Essential Details [Logs Google Threat Intelligence]" }, "coreMigrationVersion": "8.8.0", - "created_at": "2025-06-03T08:43:20.892Z", + "created_at": "2025-07-11T07:54:27.703Z", "id": "ti_google_threat_intelligence-e813ee30-c48e-4607-be05-8f2abe2f8bd1", - "managed": true, "references": [ { "id": "logs-*", diff --git a/packages/ti_google_threat_intelligence/kibana/security_rule/05b83871-a7af-494f-b1cf-be4b20ac4a86.json b/packages/ti_google_threat_intelligence/kibana/security_rule/05b83871-a7af-494f-b1cf-be4b20ac4a86.json index 740b848c32d..ecf877e80fc 100644 --- a/packages/ti_google_threat_intelligence/kibana/security_rule/05b83871-a7af-494f-b1cf-be4b20ac4a86.json +++ b/packages/ti_google_threat_intelligence/kibana/security_rule/05b83871-a7af-494f-b1cf-be4b20ac4a86.json @@ -29,7 +29,7 @@ "immutable": false, "rule_source": { "type": "internal" }, "related_integrations": [ - { "package": "ti_google_threat_intelligence", "version": "^0.3.0" } + { "package": "ti_google_threat_intelligence", "version": "^0.4.0" } ], "required_fields": [ { "name": "threat.indicator.url.original", "type": "keyword", "ecs": false } diff --git a/packages/ti_google_threat_intelligence/kibana/security_rule/1e6b8753-550a-401e-bffd-06f085f3e658.json b/packages/ti_google_threat_intelligence/kibana/security_rule/1e6b8753-550a-401e-bffd-06f085f3e658.json index 22c81cb6bfc..3cb9c378d56 100644 --- a/packages/ti_google_threat_intelligence/kibana/security_rule/1e6b8753-550a-401e-bffd-06f085f3e658.json +++ b/packages/ti_google_threat_intelligence/kibana/security_rule/1e6b8753-550a-401e-bffd-06f085f3e658.json @@ -29,7 +29,7 @@ "immutable": false, "rule_source": { "type": "internal" }, "related_integrations": [ - { "package": "ti_google_threat_intelligence", "version": "^0.3.0" } + { "package": "ti_google_threat_intelligence", "version": "^0.4.0" } ], "required_fields": [ { "name": "threat.indicator.id", "type": "keyword", "ecs": false } diff --git a/packages/ti_google_threat_intelligence/kibana/security_rule/36b2cd30-34ae-46c4-993e-a370ea059692.json b/packages/ti_google_threat_intelligence/kibana/security_rule/36b2cd30-34ae-46c4-993e-a370ea059692.json index 2b458c604c9..5303adf8f92 100644 --- a/packages/ti_google_threat_intelligence/kibana/security_rule/36b2cd30-34ae-46c4-993e-a370ea059692.json +++ b/packages/ti_google_threat_intelligence/kibana/security_rule/36b2cd30-34ae-46c4-993e-a370ea059692.json @@ -29,7 +29,7 @@ "immutable": false, "rule_source": { "type": "internal" }, "related_integrations": [ - { "package": "ti_google_threat_intelligence", "version": "^0.3.0" } + { "package": "ti_google_threat_intelligence", "version": "^0.4.0" } ], "required_fields": [ { diff --git a/packages/ti_google_threat_intelligence/kibana/security_rule/677c4a0c-d433-48c4-b465-4bab3d0b1755.json b/packages/ti_google_threat_intelligence/kibana/security_rule/677c4a0c-d433-48c4-b465-4bab3d0b1755.json index 3b3e3b02bb5..fd3a9855c99 100644 --- a/packages/ti_google_threat_intelligence/kibana/security_rule/677c4a0c-d433-48c4-b465-4bab3d0b1755.json +++ b/packages/ti_google_threat_intelligence/kibana/security_rule/677c4a0c-d433-48c4-b465-4bab3d0b1755.json @@ -29,7 +29,7 @@ "immutable": false, "rule_source": { "type": "internal" }, "related_integrations": [ - { "package": "ti_google_threat_intelligence", "version": "^0.3.0" } + { "package": "ti_google_threat_intelligence", "version": "^0.4.0" } ], "required_fields": [ { "name": "threat.indicator.ip", "type": "ip", "ecs": false } diff --git a/packages/ti_google_threat_intelligence/kibana/tag/ti_google_threat_intelligence-security-solution-default.json b/packages/ti_google_threat_intelligence/kibana/tag/ti_google_threat_intelligence-security-solution-default.json index fd9d8e207bb..b62f734423a 100644 --- a/packages/ti_google_threat_intelligence/kibana/tag/ti_google_threat_intelligence-security-solution-default.json +++ b/packages/ti_google_threat_intelligence/kibana/tag/ti_google_threat_intelligence-security-solution-default.json @@ -1,13 +1,12 @@ { "attributes": { - "color": "#D36086", - "description": "", + "color": "#FEC514", + "description": "Tag defined in package-spec", "name": "Security Solution" }, "coreMigrationVersion": "8.8.0", - "created_at": "2025-06-02T16:42:43.842Z", + "created_at": "2025-07-11T07:54:29.140Z", "id": "ti_google_threat_intelligence-security-solution-default", - "managed": true, "references": [], "type": "tag", "typeMigrationVersion": "8.0.0" diff --git a/packages/ti_google_threat_intelligence/manifest.yml b/packages/ti_google_threat_intelligence/manifest.yml index cecf6f0723d..1317e41af5b 100644 --- a/packages/ti_google_threat_intelligence/manifest.yml +++ b/packages/ti_google_threat_intelligence/manifest.yml @@ -3,7 +3,7 @@ name: ti_google_threat_intelligence title: Google Threat Intelligence # This version must match the User-Agent version used in CEL code. # Remember to update the User-Agent in CEL code when changing this version. -version: 0.3.0 +version: 0.4.0 description: Collect Threat Intelligence Events from Google Threat Intelligence using Elastic Agent, and perform enrichment on Elasticsearch by correlating Indicators of Compromise (IOCs). type: integration categories: @@ -11,7 +11,7 @@ categories: - threat_intel conditions: kibana: - version: "^8.16.0" + version: ^8.16.0 || ^9.0.0 elastic: subscription: "basic" capabilities: @@ -38,6 +38,14 @@ policy_templates: - name: ti_google_threat_intelligence title: Google Threat Intelligence events description: Collect Google Threat Intelligence events. + deployment_modes: + default: + enabled: true + agentless: + enabled: true + organization: security + division: engineering + team: security-service-integrations inputs: - type: cel title: Collect Google Threat Intelligence events via API