elastic
diff --git a/‎packages/bluecoat/changelog.yml‎
Lines changed: 5 additions & 0 deletions b/‎packages/bluecoat/changelog.yml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎packages/bluecoat/data_stream/director/elasticsearch/ingest_pipeline/default.yml‎
Lines changed: 1 addition & 1 deletion b/‎packages/bluecoat/data_stream/director/elasticsearch/ingest_pipeline/default.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/bluecoat/manifest.yml‎
Lines changed: 1 addition & 1 deletion b/‎packages/bluecoat/manifest.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/cef/changelog.yml‎
Lines changed: 5 additions & 0 deletions b/‎packages/cef/changelog.yml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎packages/cef/data_stream/log/elasticsearch/ingest_pipeline/cp-pipeline.yml‎
Lines changed: 2 additions & 2 deletions b/‎packages/cef/data_stream/log/elasticsearch/ingest_pipeline/cp-pipeline.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎packages/cef/data_stream/log/elasticsearch/ingest_pipeline/default.yml‎
Lines changed: 10 additions & 10 deletions b/‎packages/cef/data_stream/log/elasticsearch/ingest_pipeline/default.yml‎
Lines changed: 10 additions & 10 deletions
diff --git a/‎packages/cef/data_stream/log/elasticsearch/ingest_pipeline/fp-pipeline.yml‎
Lines changed: 4 additions & 4 deletions b/‎packages/cef/data_stream/log/elasticsearch/ingest_pipeline/fp-pipeline.yml‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎packages/cef/manifest.yml‎
Lines changed: 1 addition & 1 deletion b/‎packages/cef/manifest.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/checkpoint/changelog.yml‎
Lines changed: 5 additions & 0 deletions b/‎packages/checkpoint/changelog.yml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-checkpoint-with-time.log-expected.json‎
Lines changed: 2 additions & 2 deletions b/‎packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-checkpoint-with-time.log-expected.json‎
Lines changed: 2 additions & 2 deletions
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "0.17.3"
+  changes:
+    - description: Use triple-brace Mustache templating when referencing variables in ingest pipelines.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/11286
 - version: "0.17.2"
   changes:
     - description: Changed owners
 
@@ -53,7 +53,7 @@ processors:
       ignore_missing: true
   - append:
       field: related.hosts
-      value: '{{host.name}}'
+      value: '{{{host.name}}}'
       allow_duplicates: false
       if: ctx.host?.name != null && ctx.host?.name != ''
   - remove:
 
@@ -1,7 +1,7 @@
 format_version: 2.7.0
 name: bluecoat
 title: Blue Coat Director Logs (Deprecated)
-version: "0.17.2"
+version: "0.17.3"
 description: Deprecated. Director is no longer supported.
 categories: ["network", "security", "proxy_security"]
 type: integration
 
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.17.3"
+  changes:
+    - description: Use triple-brace Mustache templating when referencing variables in ingest pipelines.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/11286
 - version: "2.17.2"
   changes:
     - description: Make dataset name configurable
 
@@ -279,8 +279,8 @@ processors:
       field: _tmp_copy
       processor:
         set:
-          field: '{{_ingest._value.to}}'
-          value: '{{_ingest._value.value}}'
+          field: '{{{_ingest._value.to}}}'
+          value: '{{{_ingest._value.value}}}'
   - remove:
       field: _tmp_copy
   - set:
 
@@ -57,46 +57,46 @@ processors:
       if: ctx?.cef?.extensions?.fileHash != null && ctx?.cef?.extensions?.fileHash != ''
       field: related.hash
       allow_duplicates: false
-      value: '{{cef.extensions.fileHash}}'
+      value: '{{{cef.extensions.fileHash}}}'
   - append:
       if: ctx?.cef?.extensions?.oldFileHash != null && ctx?.cef?.extensions?.oldFileHash != ''
       field: related.hash
       allow_duplicates: false
-      value: '{{cef.extensions.oldFileHash}}'
+      value: '{{{cef.extensions.oldFileHash}}}'
   - append:
       if: ctx?.destination?.ip != null && ctx?.destination?.ip != ''
       field: related.ip
       allow_duplicates: false
-      value: '{{destination.ip}}'
+      value: '{{{destination.ip}}}'
   - append:
       if: ctx?.destination?.nat?.ip != null && ctx?.destination?.nat?.ip != ''
       field: related.ip
       allow_duplicates: false
-      value: '{{destination.nat.ip}}'
+      value: '{{{destination.nat.ip}}}'
   - append:
       if: ctx?.source?.ip != null && ctx?.source?.ip != ''
       field: related.ip
       allow_duplicates: false
-      value: '{{source.ip}}'
+      value: '{{{source.ip}}}'
   - append:
       if: ctx?.source?.nat?.ip != null && ctx?.source?.nat?.ip != ''
       field: related.ip
       allow_duplicates: false
-      value: '{{source.nat.ip}}'
+      value: '{{{source.nat.ip}}}'
   - append:
       if: ctx?.destination?.user?.name != null
       field: related.user
-      value: '{{destination.user.name}}'
+      value: '{{{destination.user.name}}}'
   - append:
       if: ctx?.source?.user?.name != null && ctx?.source?.user?.name != ''
       field: related.user
       allow_duplicates: false
-      value: '{{source.user.name}}'
+      value: '{{{source.user.name}}}'
   - append:
       if: ctx?.observer?.hostname != null && ctx?.observer?.hostname != ''
       field: related.hosts
       allow_duplicates: false
-      value: '{{observer.hostname}}'
+      value: '{{{observer.hostname}}}'
   - pipeline:
       if: ctx.cef?.device?.vendor == 'FORCEPOINT'
       name: '{{ IngestPipeline "fp-pipeline" }}'
@@ -173,7 +173,7 @@ processors:
       if: ctx._tmp?.observer != null && ctx.observer?.ip == null
       field: observer.ip
       tag: observer append
-      value: '{{_tmp.observer}}'
+      value: '{{{_tmp.observer}}}'
   # Set ECS event outcome from ArcSight outcomes
   - set:
       if: ctx.cef?.extensions?.categoryOutcome == "/Success"
 
@@ -5,22 +5,22 @@ processors:
   - set:
       field: rule.id
       ignore_empty_value: true
-      value: '{{cef.extensions.deviceCustomString1}}'
+      value: '{{{cef.extensions.deviceCustomString1}}}'
   # cs2 is natRuleID
   - set:
       field: rule.id
       ignore_empty_value: true
-      value: '{{cef.extensions.deviceCustomString2}}'
+      value: '{{{cef.extensions.deviceCustomString2}}}'
   # cs3 is VulnerabilityReference
   - set:
       field: vulnerability.reference
       ignore_empty_value: true
-      value: '{{cef.extensions.deviceCustomString3}}'
+      value: '{{{cef.extensions.deviceCustomString3}}}'
   # cs4 is virusID
   - set:
       field: cef.forcepoint.virus_id
       ignore_empty_value: true
-      value: '{{cef.extensions.deviceCustomString4}}'
+      value: '{{{cef.extensions.deviceCustomString4}}}'
 on_failure:
   - append:
       field: error.message
 
@@ -1,6 +1,6 @@
 name: cef
 title: Common Event Format (CEF)
-version: "2.17.2"
+version: "2.17.3"
 description: Collect logs from CEF Logs with Elastic Agent.
 categories:
   - security
 
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.34.1"
+  changes:
+    - description: Use triple-brace Mustache templating when referencing variables in ingest pipelines.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/11286
 - version: "1.34.0"
   changes:
     - description: Drop support for EOL OS version R80.X
 
@@ -208,7 +208,7 @@
                     "zone": "External"
                 },
                 "name": "172.16.2.9",
-                "product": "VPN-1 \\\\u0026 FireWall-1",
+                "product": "VPN-1 \\u0026 FireWall-1",
                 "type": "firewall",
                 "vendor": "Checkpoint"
             },
@@ -298,7 +298,7 @@
                     "zone": "External"
                 },
                 "name": "172.16.2.9",
-                "product": "VPN-1 \\\\u0026 FireWall-1",
+                "product": "VPN-1 \\u0026 FireWall-1",
                 "type": "firewall",
                 "vendor": "Checkpoint"
             },