From 43ea5ae71a333fe21ba858cb0279c775ba773aa3 Mon Sep 17 00:00:00 2001 From: Stijn Holzhauer Date: Tue, 15 Jul 2025 09:06:27 +0200 Subject: [PATCH 1/2] agentless for ti_anomali --- packages/ti_anomali/_dev/build/docs/README.md | 2 ++ packages/ti_anomali/changelog.yml | 5 +++++ packages/ti_anomali/docs/README.md | 2 ++ packages/ti_anomali/manifest.yml | 11 ++++++++++- 4 files changed, 19 insertions(+), 1 deletion(-) diff --git a/packages/ti_anomali/_dev/build/docs/README.md b/packages/ti_anomali/_dev/build/docs/README.md index 64a890a44b7..18ab4fdc5c0 100644 --- a/packages/ti_anomali/_dev/build/docs/README.md +++ b/packages/ti_anomali/_dev/build/docs/README.md @@ -7,6 +7,8 @@ It has the following data streams: - **`intelligence`** Indicators retrieved from the Anomali ThreatStream API's intelligence endpoint. - **`threatstream`** Indicators received from the Anomali ThreatStream Elastic Extension, which is additional software. This is deprecated. +If you run in the cloud (Cloud Hosted of Serverless), this integration is available [agentless](https://www.elastic.co/guide/en/serverless/current/security-agentless-integrations.html) from cluster version 8.17 onward - if this criteria is met, you don't need to install an Elastic Agent to gather these metrics. + ## Logs ### Expiration of Indicators of Compromise (IOCs) diff --git a/packages/ti_anomali/changelog.yml b/packages/ti_anomali/changelog.yml index c972210c254..80a74c20779 100644 --- a/packages/ti_anomali/changelog.yml +++ b/packages/ti_anomali/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.1.0" + changes: + - description: Added Agentless deployment mode + type: enhancement + link: https://github.com/elastic/integrations/pull/ - version: "2.0.0" changes: - description: Modify field type to eliminate field conflicts within the data streams. diff --git a/packages/ti_anomali/docs/README.md b/packages/ti_anomali/docs/README.md index 4a145656eb9..e828b655834 100644 --- a/packages/ti_anomali/docs/README.md +++ b/packages/ti_anomali/docs/README.md @@ -7,6 +7,8 @@ It has the following data streams: - **`intelligence`** Indicators retrieved from the Anomali ThreatStream API's intelligence endpoint. - **`threatstream`** Indicators received from the Anomali ThreatStream Elastic Extension, which is additional software. This is deprecated. +If you run in the cloud (Cloud Hosted of Serverless), this integration is available [agentless](https://www.elastic.co/guide/en/serverless/current/security-agentless-integrations.html) from cluster version 8.17 onward - if this criteria is met, you don't need to install an Elastic Agent to gather these metrics. + ## Logs ### Expiration of Indicators of Compromise (IOCs) diff --git a/packages/ti_anomali/manifest.yml b/packages/ti_anomali/manifest.yml index 2fc18d10570..7da83692524 100644 --- a/packages/ti_anomali/manifest.yml +++ b/packages/ti_anomali/manifest.yml @@ -1,6 +1,6 @@ name: ti_anomali title: Anomali -version: "2.0.0" +version: "2.1.0" description: Ingest threat intelligence indicators from Anomali with Elastic Agent. type: integration format_version: 3.0.2 @@ -38,6 +38,15 @@ policy_templates: - name: ti_anomali title: Anomali description: Ingest threat intelligence indicators from Anomali with Elastic Agent. + deployment_modes: + default: + enabled: true + agentless: + enabled: true + is_default: true + organization: elastic + division: field + team: csg inputs: - type: cel title: "Anomali ThreatStream API" From 16f5389c61209e7b8931fde3bcd52385e177ea20 Mon Sep 17 00:00:00 2001 From: Stijn Holzhauer Date: Tue, 15 Jul 2025 10:26:46 +0200 Subject: [PATCH 2/2] adding PR to changelog --- packages/ti_anomali/changelog.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/ti_anomali/changelog.yml b/packages/ti_anomali/changelog.yml index 80a74c20779..3f56349ea93 100644 --- a/packages/ti_anomali/changelog.yml +++ b/packages/ti_anomali/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Added Agentless deployment mode type: enhancement - link: https://github.com/elastic/integrations/pull/ + link: https://github.com/elastic/integrations/pull/14547 - version: "2.0.0" changes: - description: Modify field type to eliminate field conflicts within the data streams.