Skip to content

[Anomali] agentless deployment support #14547

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 10 commits into
base: main
Choose a base branch
from
Open

[Anomali] agentless deployment support #14547

wants to merge 10 commits into from
+44 −2

Conversation

sholzhauer-es
Copy link

@sholzhauer-es sholzhauer-es commented Jul 15, 2025
edited
Loading

Proposed commit message

Adding agentless support for Anomali integration

Checklist

Author's Checklist

  • ensure kibana ui behaves properly

How to test this PR locally

Need credentials for anomali to test.

Related issues

Screenshots

image

@sholzhauer-es sholzhauer-es added the enhancement New feature or request label Jul 15, 2025
@sholzhauer-es sholzhauer-es requested a review from a team as a code owner July 15, 2025 08:24
@narph
Copy link
Contributor

narph commented Jul 15, 2025

@sholzhauer-es , thanks for contributing to the integrations repo, we are slowly introducing integrations to agentless with phase 2 coming up next #14186. ti_anomali is not yet on the list as we need to do further testing and validate agentless is supported. cc @cpascale43

@andrewkroh andrewkroh added documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] labels Jul 15, 2025
@elasticmachine
Copy link

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@botelastic
Copy link

botelastic bot commented Aug 14, 2025

Hi! We just realized that we haven't looked into this PR in a while. We're sorry! We're labeling this issue as Stale to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1. Thank you for your contribution!

@botelastic botelastic bot added the Stalled label Aug 14, 2025
@mohitjha-elastic
Copy link
Collaborator

@sholzhauer-es From the Security Service team’s side, I have tested the ti_anomali agentless deployment support on ECH 8.18.0 and later versions, and it appears to be working as expected.
Testing on the Serverless environment and ECH 9.1.* has not yet been completed due to some issue.

Meanwhile, could you please look into resolving the build issue?

@botelastic botelastic bot removed the Stalled label Aug 19, 2025
@sholzhauer-es
Copy link
Author

@mohitjha-elastic perfect. I'll dive into the build failure and try and resolve it.

@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Aug 19, 2025
edited
Loading

🚀 Benchmarks report

Package ti_anomali 👍(1) 💚(0) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
intelligence 7936.51 5464.48 -2472.03 (-31.15%) 💔

To see the full report comment with /test benchmark fullreport

@sholzhauer-es
Copy link
Author

@mohitjha-elastic the build and merge conflicts have been resolved.

@mohitjha-elastic
Copy link
Collaborator

@elastic/security-service-integrations Could someone from the team please review the PR?

efd6
efd6 reviewed Aug 20, 2025
View reviewed changes
@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@elasticmachine
Copy link

💚 Build Succeeded

History

efd6
efd6 reviewed Aug 21, 2025
View reviewed changes
Copy link
Contributor

@efd6 efd6 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, but please wait for @alaudazzi for review of the doc change.

@sholzhauer-es sholzhauer-es self-assigned this Aug 21, 2025
@sholzhauer-es sholzhauer-es removed their assignment Aug 21, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@efd6 efd6 efd6 left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. enhancement New feature or request Integration:ti_anomali Anomali Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@sholzhauer-es @narph @elasticmachine @mohitjha-elastic @efd6 @andrewkroh