elastic
diff --git a/‎.github/CODEOWNERS‎
Lines changed: 3 additions & 1 deletion b/‎.github/CODEOWNERS‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎docs/dashboard_guidelines.md‎
Lines changed: 43 additions & 0 deletions b/‎docs/dashboard_guidelines.md‎
Lines changed: 43 additions & 0 deletions
diff --git a/‎docs/generic_guidelines.md‎
Lines changed: 21 additions & 4 deletions b/‎docs/generic_guidelines.md‎
Lines changed: 21 additions & 4 deletions
diff --git a/‎docs/tips_for_building_integrations.md‎
Lines changed: 9 additions & 0 deletions b/‎docs/tips_for_building_integrations.md‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎packages/1password/_dev/build/build.yml‎
Lines changed: 1 addition & 1 deletion b/‎packages/1password/_dev/build/build.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/1password/changelog.yml‎
Lines changed: 5 additions & 0 deletions b/‎packages/1password/changelog.yml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎packages/1password/data_stream/item_usages/_dev/test/pipeline/test-itemusages.json-expected.json‎
Lines changed: 2 additions & 2 deletions b/‎packages/1password/data_stream/item_usages/_dev/test/pipeline/test-itemusages.json-expected.json‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎packages/1password/data_stream/item_usages/elasticsearch/ingest_pipeline/default.yml‎
Lines changed: 1 addition & 1 deletion b/‎packages/1password/data_stream/item_usages/elasticsearch/ingest_pipeline/default.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/1password/data_stream/item_usages/sample_event.json‎
Lines changed: 1 addition & 1 deletion b/‎packages/1password/data_stream/item_usages/sample_event.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/1password/data_stream/signin_attempts/_dev/test/pipeline/test-signinattempts.json-expected.json‎
Lines changed: 2 additions & 2 deletions b/‎packages/1password/data_stream/signin_attempts/_dev/test/pipeline/test-signinattempts.json-expected.json‎
Lines changed: 2 additions & 2 deletions
@@ -74,6 +74,7 @@
 /packages/fim @elastic/security-external-integrations
 /packages/fireeye @elastic/security-external-integrations
 /packages/fleet_server @elastic/elastic-agent-control-plane
+/packages/forgerock @elastic/security-external-integrations
 /packages/fortinet @elastic/security-external-integrations
 /packages/fortinet_forticlient @elastic/security-external-integrations
 /packages/fortinet_fortiedr @elastic/security-external-integrations
@@ -188,7 +189,7 @@
 /packages/ti_recordedfuture @elastic/security-external-integrations
 /packages/ti_threatq @elastic/security-external-integrations
 /packages/ti_util @elastic/security-external-integrations
-/packages/tomcat @elastic/security-external-integrations
+/packages/tomcat @elastic/obs-service-integrations
 /packages/traefik @elastic/obs-service-integrations
 /packages/trend_micro_vision_one @elastic/security-external-integrations
 /packages/udp @elastic/security-external-integrations
@@ -211,3 +212,4 @@
 /packages/lmd @elastic/ml-ui
 /packages/gcp_metrics @elastic/obs-cloud-monitoring
 /packages/airflow @elastic/obs-service-integrations
+/packages/statsd_input @elastic/obs-service-integrations
@@ -0,0 +1,43 @@
+# Dashboard guidelines
+
+A [Kibana dashboard][1] is a set of one or more panels, also referred as visualizations. Panels display data in charts, tables, maps, and more. Dashboards support several types of panels to display your data, and several options to create panels.
+
+The goal of each integration dashboard is to:
+
+* Provide a way to explore ingested data out of the box.
+* Provide an overview of the monitored resources through installing the integration.
+
+Each integration package should contain one or more dashboards.
+
+## Out of date fields in dashboards
+
+The dashboards must be updated to reflect any changes to field names or types. If a PR updates a field name or type, make sure it is correctly updated in any dashboard the field is being used into.
+
+## TSDB visualizations
+
+Migrate the dashboards from TSVB to Lens where possible. If it's not possible, please engage with the Kibana team to identify any gaps that prevent from full TSVB to Lens dashboard migration.
+
+## Visualizations by value, not by reference
+
+Kibana visualizations can be added in a dashboard by value or by reference. Historically by value did not exist. Switching to value has the advantage that the dashboards are fully self contained and only need a single request to be installed.
+
+To achieve this:
+- Migrate existing dashboards from by reference to by value.
+- Create new dashboards adding visualizations by value.
+
+A migration script has been created to help with the migration: [flash1293/legacy_vis_analyzer][2]
+
+## Visualizations should contain a filter
+
+Kibana visualizations can define a filter to avoid performance issues querying all `metrics-*` or `logs-*` indices.
+
+It is recommended to set a filter in each visualization at least by the required `data_stream.dataset`. More details about the Elastic data stream naming scheme [here][4].
+
+Example of this filter: 
+- [System visualization - User Logon Dashboard][3]
+
+
+[1]: https://www.elastic.co/guide/en/kibana/current/dashboard.html
+[2]: https://github.com/flash1293/legacy_vis_analyzer
+[3]: https://github.com/elastic/integrations/blob/5176089e30cf2932d6e5ca7c90caa2ab9a237bee/packages/system/kibana/visualization/system-18348f30-a24d-11e9-a422-d144027429da.json#L9
+[4]: https://www.elastic.co/blog/an-introduction-to-the-elastic-data-stream-naming-scheme
@@ -99,10 +99,7 @@ For more details, see the [Documentation guidelines](./documentation_guidelines.
 #### Updated integration content
 
 Integration packages should provide out-of-the-box dashboards.
-
-- The dashboards should be updated to reflect any changes to metric names or types. (A typical issue with our dashboards is that they show raw monotonically increasing counters instead of gauges).
-- Some packages may require new dashboards.
-- Migrate the dashboards from TSVB to Lens where possible. (Kibana also requested to identify any gaps that prevent from full TSVB to Lens dashboard migration for their prioritization).
+For more details, see the [Dashboard guidelines](./dashboard_guidelines.md).
 
 #### Content for elastic.co/integrations
 
@@ -116,3 +113,23 @@ Each integration will be listed on the public website elastic.co/integrations an
 It's advised to set integration policies in the Fleet. Every integration and agent should be visible in Fleet and users should be able to add the integration directly from the integration list. This will lead to better cohesion since it will provide a consistent experience across integrations, allow users to add several integrations at once, and avoid sending them back and forth between multiple apps. It will also allow users to discover new integrations in the list.
 
 Elastic products will also have the option to provide a curated UI for settings that are difficult to put in Fleet. It's up to the product to decide how much flexibility they want to provide in changing the configuration directly from Fleet. This will depend on the use case and if it makes sense. Some level of configuration is recommended though.
+
+#### Asset tagging and metadata
+
+When assets are installed through Fleet, some metadata will be added by default. 
+
+For Elasticsearch assets like Index Templates and Ingest Pipelines, a `_meta` property will be added to the asset as follows
+
+```json
+{
+  "managed_by": "fleet",
+  "managed": true,
+  "package": {
+    "name": "<package name>"
+  }
+}
+```
+
+For Kibana assets, [tags](https://www.elastic.co/guide/en/kibana/current/managing-tags.html) will be generated in addition to the `_meta` property:
+- One tag with a `name` matching the package's `title` property
+- The `Managed` tag, which Kibana uses to recognize "system" assets, or those that are installed by Kibana itself instead of generated by an end user
@@ -102,6 +102,15 @@ $ ./elastic-package help
 
    Good candidates: *Filebeat running on AWS EC2 machine*
 
+5. If package relies on some feature or a field, available only in a specific stack or beats version, `kibana.version` condition should be adjusted accordingly in the package's `manifest.yml`:
+   ```yaml
+   conditions:
+      kibana.version: '^8.7.0'
+   ```
+   > Note: The package version with such condition as above will be only available in Kibana version >=8.7.0
+
+   > Note: Changing dashboards and visualizations using an unreleased version of Kibana might be unsafe since the Kibana Team might make changes to the Kibana code and potentially the data models. There is no guarantee that your changes won't be broken by the time new Kibana version is released.
+
 #### CI
 
 1. Run `elastic-package check` and `elastic-package test` locally.
 
@@ -1,3 +1,3 @@
 dependencies:
   ecs:
-    reference: git@v8.5.1
+    reference: git@8.6
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.8.0"
+  changes:
+    - description: Update package to ECS 8.6.0.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/4576
 - version: "1.7.1"
   changes:
     - description: Migrate the visualizations to by value in dashboards to minimize the saved object clutter and reduce time to load
 
@@ -3,7 +3,7 @@
         {
             "@timestamp": "2021-08-30T18:57:42.484Z",
             "ecs": {
-                "version": "8.5.0"
+                "version": "8.6.0"
             },
             "event": {
                 "action": "reveal",
@@ -76,7 +76,7 @@
         {
             "@timestamp": "2021-08-30T19:10:00.123Z",
             "ecs": {
-                "version": "8.5.0"
+                "version": "8.6.0"
             },
             "event": {
                 "category": [
 
@@ -16,7 +16,7 @@ processors:
   #######################
   - set:
       field: ecs.version
-      value: '8.5.0'
+      value: '8.6.0'
   # Sets event.created from the @timestamp field generated by filebeat before being overwritten further down
   - set:
       field: event.created
 
@@ -13,7 +13,7 @@
         "type": "logs"
     },
     "ecs": {
-        "version": "8.5.0"
+        "version": "8.6.0"
     },
     "elastic_agent": {
         "id": "8652330e-4de6-4596-a16f-4463a6c56e9e",
 
@@ -3,7 +3,7 @@
         {
             "@timestamp": "2021-08-11T14:28:03.000Z",
             "ecs": {
-                "version": "8.5.0"
+                "version": "8.6.0"
             },
             "event": {
                 "action": "success",
@@ -78,7 +78,7 @@
         {
             "@timestamp": "2021-08-11T15:04:22.000Z",
             "ecs": {
-                "version": "8.5.0"
+                "version": "8.6.0"
             },
             "event": {
                 "action": "credentials_failed",