elastic
diff --git a/‎.github/CODEOWNERS‎
Lines changed: 1 addition & 0 deletions b/‎.github/CODEOWNERS‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎.github/ISSUE_TEMPLATE/integration_bug.yml‎
Lines changed: 2 additions & 1 deletion b/‎.github/ISSUE_TEMPLATE/integration_bug.yml‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎.github/ISSUE_TEMPLATE/integration_feature_request.yml‎
Lines changed: 2 additions & 1 deletion b/‎.github/ISSUE_TEMPLATE/integration_feature_request.yml‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎.github/workflows/bump-elastic-stack-version.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/bump-elastic-stack-version.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/akamai/changelog.yml‎
Lines changed: 8 additions & 0 deletions b/‎packages/akamai/changelog.yml‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎packages/akamai/data_stream/siem/agent/stream/cel.yml.hbs‎
Lines changed: 3 additions & 2 deletions b/‎packages/akamai/data_stream/siem/agent/stream/cel.yml.hbs‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎packages/akamai/data_stream/siem/manifest.yml‎
Lines changed: 8 additions & 0 deletions b/‎packages/akamai/data_stream/siem/manifest.yml‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎packages/akamai/manifest.yml‎
Lines changed: 1 addition & 1 deletion b/‎packages/akamai/manifest.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/atlassian_confluence/changelog.yml‎
Lines changed: 5 additions & 0 deletions b/‎packages/atlassian_confluence/changelog.yml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎packages/atlassian_confluence/data_stream/audit/agent/stream/httpjson.yml.hbs‎
Lines changed: 3 additions & 1 deletion b/‎packages/atlassian_confluence/data_stream/audit/agent/stream/httpjson.yml.hbs‎
Lines changed: 3 additions & 1 deletion
@@ -89,6 +89,7 @@
 /packages/aws_cloudtrail_otel @elastic/obs-infraobs-integrations
 /packages/aws_logs @elastic/obs-ds-hosted-services
 /packages/aws_mq @elastic/obs-infraobs-integrations
+/packages/aws_securityhub @elastic/security-service-integrations
 /packages/aws_bedrock_agentcore @elastic/obs-infraobs-integrations
 /packages/aws_vpcflow_otel @elastic/obs-infraobs-integrations
 /packages/awsfargate @elastic/obs-infraobs-integrations
 
@@ -48,6 +48,7 @@ body:
         - AWS Cost and Usage Report (CUR 2.0) [aws_billing]
         - AWS ELB OpenTelemetry Assets [aws_elb_otel]
         - AWS Fargate (for ECS clusters) [awsfargate]
+        - AWS Security Hub [aws_securityhub]
         - AWS VPC Flow Logs OpenTelemetry Assets [aws_vpcflow_otel]
         - AWS [aws]
         - Azure AI Foundry [azure_ai_foundry]
@@ -143,7 +144,7 @@ body:
         - Cyware Intel Exchange [ti_cyware_intel_exchange]
         - Darktrace [darktrace]
         - Data Exfiltration Detection [ded]
-        - Defend for Containers (Deprecated) [cloud_defend]
+        - Defend for Containers (BETA) [cloud_defend]
         - Digital Guardian [digital_guardian]
         - Docker OpenTelemetry Assets [docker_otel]
         - Docker [docker]
 
@@ -48,6 +48,7 @@ body:
         - AWS Cost and Usage Report (CUR 2.0) [aws_billing]
         - AWS ELB OpenTelemetry Assets [aws_elb_otel]
         - AWS Fargate (for ECS clusters) [awsfargate]
+        - AWS Security Hub [aws_securityhub]
         - AWS VPC Flow Logs OpenTelemetry Assets [aws_vpcflow_otel]
         - AWS [aws]
         - Azure AI Foundry [azure_ai_foundry]
@@ -143,7 +144,7 @@ body:
         - Cyware Intel Exchange [ti_cyware_intel_exchange]
         - Darktrace [darktrace]
         - Data Exfiltration Detection [ded]
-        - Defend for Containers (Deprecated) [cloud_defend]
+        - Defend for Containers (BETA) [cloud_defend]
         - Digital Guardian [digital_guardian]
         - Docker OpenTelemetry Assets [docker_otel]
         - Docker [docker]
 
@@ -25,7 +25,7 @@ jobs:
       - uses: actions/checkout@v6
 
       - name: Install Updatecli in the runner
-        uses: updatecli/updatecli-action@9a21b6911fe58865c8346d4fde3470010f49bf31 #v2.97.0
+        uses: updatecli/updatecli-action@b846825b298f5351abd80f94c4f9eab63a38a804 #v2.98.0
 
       - name: Select diff action
         if: ${{ github.event_name == 'pull_request' }}
 
@@ -1,4 +1,12 @@
 # newer versions go on top
+- version: "3.1.0"
+  changes:
+    - description: Add recovery_interval parameter to control lookback period during recovery mode.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/16568
+    - description: Handle 400 status code with invalid timestamp error switching to recovery mode.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/16568
 - version: "3.0.2"
   changes:
     - description: Fix the issue of populating tags and terminate the pipeline on agent failures.
 
@@ -24,6 +24,7 @@ state:
   access_token: {{access_token}}
   client_secret: {{client_secret}}
   initial_interval: {{initial_interval}}
+  recovery_interval: {{recovery_interval}}
   event_limit: {{event_limit}}
 
 redact:
@@ -37,7 +38,7 @@ program: |-
     (
       state.?cursor.recovery_mode.orValue(false) ?
         {
-          "from": int(now - duration("12h")),
+          "from": int(now - duration(state.recovery_interval)),
           "to": int(now - duration("1m")),
         }
       : state.?cursor.last_offset.hasValue() ?
@@ -112,7 +113,7 @@ program: |-
                       "want_more": lines.size() >= int(state.event_limit),
                     }
                   )
-                : (resp.StatusCode == 416) ?
+                : (resp.StatusCode == 416 || (resp.StatusCode == 400 && size(resp.Body) != 0 && bytes(resp.Body).decode_json().as(errorBody, has(errorBody.detail) && errorBody.detail.to_lower().contains("invalid timestamp")))) ?
                   {
                     "events": [
                       {
 
@@ -69,6 +69,14 @@ streams:
         show_user: true
         default: 12h
         description: Initial interval to poll for events. Default is the maximum allowed value of 12 hours. Supported units for this parameter are h/m/s.
+      - name: recovery_interval
+        type: text
+        title: Recovery Interval
+        multi: false
+        required: true
+        show_user: false
+        default: 12h
+        description: Lookback period for data retrieval when the integration enters recovery mode. Default and maximum allowed value is 12 hours. Supported units for this parameter are h/m/s.
       - name: event_limit
         type: integer
         multi: false
 
@@ -1,6 +1,6 @@
 name: akamai
 title: Akamai
-version: "3.0.2"
+version: "3.1.0"
 description: Collect logs from Akamai with Elastic Agent.
 type: integration
 format_version: "3.3.2"
 
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.30.0"
+  changes:
+    - description: Prevent updating fleet health status to degraded when pagination completes.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/16598
 - version: "1.29.2"
   changes:
     - description: Expected timestamp layout added in cursor logic.
 
@@ -60,6 +60,7 @@ response.pagination:
       target: url.params.start
       value: '[[if (ne (len .last_response.body.results) 0)]][[add (toInt .last_response.body.start) (toInt .last_response.body.limit)]][[end]]'
       fail_on_template_error: true
+      do_not_log_failure: true
   - set:
       target: url.params.limit
       value: '{{limit}}'
@@ -105,8 +106,9 @@ response.split:
 response.pagination:
   - set:
       target: url.value
-      value: '[[ .last_response.body.pagingInfo.nextPageLink ]]'
+      value: '[[ if index .last_response.body.pagingInfo "nextPageLink" ]][[ .last_response.body.pagingInfo.nextPageLink ]][[ end ]]'
       fail_on_template_error: true
+      do_not_log_failure: true
 
 cursor:
   last_timestamp:
Original file line number	Diff line number	Diff line change
`@@ -24,6 +24,7 @@ state:`
`24`	`24`	`access_token: {{access_token}}`
`25`	`25`	`client_secret: {{client_secret}}`
`26`	`26`	`initial_interval: {{initial_interval}}`
	`27`	`+ recovery_interval: {{recovery_interval}}`
`27`	`28`	`event_limit: {{event_limit}}`
`28`	`29`
`29`	`30`	`redact:`
`@@ -37,7 +38,7 @@ program: \|-`
`37`	`38`	`(`
`38`	`39`	`state.?cursor.recovery_mode.orValue(false) ?`
`39`	`40`	`{`
`40`		`- "from": int(now - duration("12h")),`
	`41`	`+ "from": int(now - duration(state.recovery_interval)),`
`41`	`42`	`"to": int(now - duration("1m")),`
`42`	`43`	`}`
`43`	`44`	`: state.?cursor.last_offset.hasValue() ?`
`@@ -112,7 +113,7 @@ program: \|-`
`112`	`113`	`"want_more": lines.size() >= int(state.event_limit),`
`113`	`114`	`}`
`114`	`115`	`)`
`115`		`- : (resp.StatusCode == 416) ?`
	`116`	`+ : (resp.StatusCode == 416 \|\| (resp.StatusCode == 400 && size(resp.Body) != 0 && bytes(resp.Body).decode_json().as(errorBody, has(errorBody.detail) && errorBody.detail.to_lower().contains("invalid timestamp")))) ?`
`116`	`117`	`{`
`117`	`118`	`"events": [`
`118`	`119`	`{`