diff --git a/packages/amazon_security_lake/changelog.yml b/packages/amazon_security_lake/changelog.yml index d2e65dd1560..5091c45e5f9 100644 --- a/packages/amazon_security_lake/changelog.yml +++ b/packages/amazon_security_lake/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.0.0" + changes: + - description: Release package as GA. + type: enhancement + link: https://github.com/elastic/integrations/pull/8833 - version: "0.9.0" changes: - description: Add support for all the OCSF classes. diff --git a/packages/amazon_security_lake/manifest.yml b/packages/amazon_security_lake/manifest.yml index 54e41545651..5d5e79ccff2 100644 --- a/packages/amazon_security_lake/manifest.yml +++ b/packages/amazon_security_lake/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.0" name: amazon_security_lake title: Amazon Security Lake -version: "0.9.0" +version: "1.0.0" description: Collect logs from Amazon Security Lake with Elastic Agent. type: integration categories: ["aws", "security"] diff --git a/packages/arista_ngfw/changelog.yml b/packages/arista_ngfw/changelog.yml index 0387506dd0b..95fa71000f7 100755 --- a/packages/arista_ngfw/changelog.yml +++ b/packages/arista_ngfw/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.0.0" + changes: + - description: Release package as GA. + type: enhancement + link: https://github.com/elastic/integrations/pull/8833 - version: "0.10.0" changes: - description: Add dashboards to integration diff --git a/packages/arista_ngfw/manifest.yml b/packages/arista_ngfw/manifest.yml index a59be201ff3..573fe8a8399 100755 --- a/packages/arista_ngfw/manifest.yml +++ b/packages/arista_ngfw/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.0" name: arista_ngfw title: "Arista NG Firewall" -version: "0.10.0" +version: "1.0.0" source: license: "Elastic-2.0" description: "Collect logs and metrics from Arista NG Firewall." diff --git a/packages/cisco_nexus/changelog.yml b/packages/cisco_nexus/changelog.yml index fa86810cce7..987e514c2e2 100644 --- a/packages/cisco_nexus/changelog.yml +++ b/packages/cisco_nexus/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.0.0" + changes: + - description: Release package as GA. + type: enhancement + link: https://github.com/elastic/integrations/pull/8833 - version: "0.21.1" changes: - description: Fix exclude_files pattern. diff --git a/packages/cisco_nexus/data_stream/log/_dev/test/pipeline/test-common-config.yml b/packages/cisco_nexus/data_stream/log/_dev/test/pipeline/test-common-config.yml index be41bb0d476..5d93a7daaba 100644 --- a/packages/cisco_nexus/data_stream/log/_dev/test/pipeline/test-common-config.yml +++ b/packages/cisco_nexus/data_stream/log/_dev/test/pipeline/test-common-config.yml @@ -1,3 +1,7 @@ +dynamic_fields: + "@timestamp": "^[0-9]{4}(-[0-9]{2}){2}T[0-9]{2}(:[0-9]{2}){2}\\.[0-9]{3}" + cisco_nexus.log.time: "^[0-9]{4}(-[0-9]{2}){2}T[0-9]{2}(:[0-9]{2}){2}\\.[0-9]{3}" + cisco_nexus.log.syslog_time: "^[0-9]{4}(-[0-9]{2}){2}T[0-9]{2}(:[0-9]{2}){2}\\.[0-9]{3}" fields: tags: - preserve_original_event diff --git a/packages/cisco_nexus/manifest.yml b/packages/cisco_nexus/manifest.yml index d2d9cb3a756..8a785d765c5 100644 --- a/packages/cisco_nexus/manifest.yml +++ b/packages/cisco_nexus/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.0" name: cisco_nexus title: Cisco Nexus -version: "0.21.1" +version: "1.0.0" description: Collect logs from Cisco Nexus with Elastic Agent. type: integration categories: diff --git a/packages/entityanalytics_entra_id/changelog.yml b/packages/entityanalytics_entra_id/changelog.yml index 4389775df5d..fab9d0dff81 100644 --- a/packages/entityanalytics_entra_id/changelog.yml +++ b/packages/entityanalytics_entra_id/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.0.0" + changes: + - description: Release package as GA. + type: enhancement + link: https://github.com/elastic/integrations/pull/8833 - version: 0.6.1 changes: - description: Update Kibana version to 8.11.0. diff --git a/packages/entityanalytics_entra_id/manifest.yml b/packages/entityanalytics_entra_id/manifest.yml index c6f71573efe..d8432373c35 100644 --- a/packages/entityanalytics_entra_id/manifest.yml +++ b/packages/entityanalytics_entra_id/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.0" name: entityanalytics_entra_id title: "Microsoft Entra ID Entity Analytics" -version: "0.6.1" +version: "1.0.0" description: "Collect identities from Microsoft Entra ID (formerly Azure Active Directory) with Elastic Agent." type: integration categories: diff --git a/packages/entityanalytics_okta/_dev/deploy/docker/files/config.yml b/packages/entityanalytics_okta/_dev/deploy/docker/files/config.yml index 886a9a7f48a..904309400b5 100644 --- a/packages/entityanalytics_okta/_dev/deploy/docker/files/config.yml +++ b/packages/entityanalytics_okta/_dev/deploy/docker/files/config.yml @@ -5,7 +5,6 @@ rules: - status_code: 200 body: | [{"id":"00ub0oNGTSWTBKOLGLNR","status":"ACTIVE","created":"2013-06-24T16:39:18.000Z","activated":"2013-06-24T16:39:19.000Z","statusChanged":"2013-06-24T16:39:19.000Z","lastLogin":"2013-06-24T17:39:19.000Z","lastUpdated":"2013-07-02T21:36:25.344Z","passwordChanged":"2013-07-02T21:36:25.344Z","profile":{"firstName":"Isaac","lastName":"Brock","email":"isaac.brock@example.com","login":"isaac.brock@example.com","mobilePhone":"555-415-1337"},"credentials":{"password":{"value":"tlpWENT2m"},"recovery_question":{"question":"Who's a major player in the cowboy scene?","answer":"Annie Oakley"},"provider":{"type":"OKTA","name":"OKTA"}}}] - - path: /api/v1/devices methods: ["GET"] responses: @@ -16,5 +15,5 @@ rules: methods: ["GET"] responses: - status_code: 200 - body: | - [{"id":"00ub0oNGTSWTBKOLGLNR","status":"ACTIVE","created":"2013-06-24T16:39:18.000Z","activated":"2013-06-24T16:39:19.000Z","statusChanged":"2013-06-24T16:39:19.000Z","lastLogin":"2013-06-24T17:39:19.000Z","lastUpdated":"2013-07-02T21:36:25.344Z","passwordChanged":"2013-07-02T21:36:25.344Z","profile":{"firstName":"Isaac","lastName":"Brock","email":"isaac.brock@example.com","login":"isaac.brock@example.com","mobilePhone":"555-415-1337"},"credentials":{"password":{"value":"tlpWENT2m"},"recovery_question":{"question":"Who's a major player in the cowboy scene?","answer":"Annie Oakley"},"provider":{"type":"OKTA","name":"OKTA"}}}] \ No newline at end of file + body: |- + [{"id":"00ub0oNGTSWTBKOLGLNR","status":"ACTIVE","created":"2013-06-24T16:39:18.000Z","activated":"2013-06-24T16:39:19.000Z","statusChanged":"2013-06-24T16:39:19.000Z","lastLogin":"2013-06-24T17:39:19.000Z","lastUpdated":"2013-07-02T21:36:25.344Z","passwordChanged":"2013-07-02T21:36:25.344Z","profile":{"firstName":"Isaac","lastName":"Brock","email":"isaac.brock@example.com","login":"isaac.brock@example.com","mobilePhone":"555-415-1337"},"credentials":{"password":{"value":"tlpWENT2m"},"recovery_question":{"question":"Who's a major player in the cowboy scene?","answer":"Annie Oakley"},"provider":{"type":"OKTA","name":"OKTA"}}}] diff --git a/packages/entityanalytics_okta/changelog.yml b/packages/entityanalytics_okta/changelog.yml index 4a17816bee8..0583176a438 100644 --- a/packages/entityanalytics_okta/changelog.yml +++ b/packages/entityanalytics_okta/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.0.0" + changes: + - description: Release package as GA. + type: enhancement + link: https://github.com/elastic/integrations/pull/8833 - version: 0.8.0 changes: - description: Allow dataset selection. diff --git a/packages/entityanalytics_okta/manifest.yml b/packages/entityanalytics_okta/manifest.yml index 853b434df93..4ef86a98a73 100644 --- a/packages/entityanalytics_okta/manifest.yml +++ b/packages/entityanalytics_okta/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.0" name: entityanalytics_okta title: Okta Entity Analytics -version: "0.8.0" +version: "1.0.0" description: "Collect User Identities from Okta with Elastic Agent." type: integration categories: diff --git a/packages/google_scc/changelog.yml b/packages/google_scc/changelog.yml index d1d65925202..dad6d0e2bf1 100644 --- a/packages/google_scc/changelog.yml +++ b/packages/google_scc/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.0.0" + changes: + - description: Release package as GA. + type: enhancement + link: https://github.com/elastic/integrations/pull/8833 - version: "0.9.0" changes: - description: Limit request tracer log count to five. diff --git a/packages/google_scc/manifest.yml b/packages/google_scc/manifest.yml index 7db0c87fa67..7d194c63fd0 100644 --- a/packages/google_scc/manifest.yml +++ b/packages/google_scc/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.0" name: google_scc title: Google Security Command Center -version: "0.9.0" +version: "1.0.0" description: Collect logs from Google Security Command Center with Elastic Agent. type: integration categories: diff --git a/packages/imperva/changelog.yml b/packages/imperva/changelog.yml index 937d69615fd..75048445c4b 100644 --- a/packages/imperva/changelog.yml +++ b/packages/imperva/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.0.0" + changes: + - description: Release package as GA. + type: enhancement + link: https://github.com/elastic/integrations/pull/8833 - version: "0.20.2" changes: - description: Fix exclude_files pattern. diff --git a/packages/imperva/manifest.yml b/packages/imperva/manifest.yml index ad90aa2a529..615ae7e418c 100644 --- a/packages/imperva/manifest.yml +++ b/packages/imperva/manifest.yml @@ -1,13 +1,15 @@ -format_version: 2.9.0 +format_version: 3.0.0 name: imperva title: Imperva -version: "0.20.2" +version: "1.0.0" description: Collect logs from Imperva devices with Elastic Agent. categories: ["network", "security"] type: integration conditions: - kibana.version: ^8.10.1 - elastic.subscription: basic + kibana: + version: ^8.10.1 + elastic: + subscription: basic screenshots: - src: /img/imperva-securesphere-dashboard.png title: Imperva Securesphere Dashboard Screenshot @@ -34,3 +36,4 @@ policy_templates: description: Collecting logs from Imperva SecureSphere via File. owner: github: elastic/security-external-integrations + type: elastic diff --git a/packages/imperva/validation.yml b/packages/imperva/validation.yml new file mode 100644 index 00000000000..d291922c236 --- /dev/null +++ b/packages/imperva/validation.yml @@ -0,0 +1,3 @@ +errors: + exclude_checks: + - SVR00002 # Mandatory filters in dashboards diff --git a/packages/microsoft_defender_cloud/changelog.yml b/packages/microsoft_defender_cloud/changelog.yml index 53e5cec8e8c..6bff60efb2e 100644 --- a/packages/microsoft_defender_cloud/changelog.yml +++ b/packages/microsoft_defender_cloud/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.0.0" + changes: + - description: Release package as GA. + type: enhancement + link: https://github.com/elastic/integrations/pull/8833 - version: 0.7.0 changes: - description: ECS version updated to 8.11.0. diff --git a/packages/microsoft_defender_cloud/manifest.yml b/packages/microsoft_defender_cloud/manifest.yml index 5585cfbd682..91f73270f47 100644 --- a/packages/microsoft_defender_cloud/manifest.yml +++ b/packages/microsoft_defender_cloud/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.0" name: microsoft_defender_cloud title: Microsoft Defender for Cloud -version: "0.7.0" +version: "1.0.0" description: Collect logs from Microsoft Defender for Cloud with Elastic Agent. type: integration categories: diff --git a/packages/prisma_cloud/changelog.yml b/packages/prisma_cloud/changelog.yml index 7bcdac72b14..4b8da3e8260 100644 --- a/packages/prisma_cloud/changelog.yml +++ b/packages/prisma_cloud/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.0.0" + changes: + - description: Release package as GA. + type: enhancement + link: https://github.com/elastic/integrations/pull/8833 - version: "0.6.0" changes: - description: Update the cursor in data collection of the alert data stream and the default value of HTTP Client Timeout. diff --git a/packages/prisma_cloud/manifest.yml b/packages/prisma_cloud/manifest.yml index 55e5938416b..39766ef36b9 100644 --- a/packages/prisma_cloud/manifest.yml +++ b/packages/prisma_cloud/manifest.yml @@ -1,7 +1,7 @@ format_version: 2.8.0 name: prisma_cloud title: "Palo Alto Prisma Cloud" -version: "0.6.0" +version: "1.0.0" description: "Collect logs from Prisma Cloud with Elastic Agent." type: integration categories: diff --git a/packages/qualys_vmdr/changelog.yml b/packages/qualys_vmdr/changelog.yml index 1c1637a8e57..bff6be930b0 100644 --- a/packages/qualys_vmdr/changelog.yml +++ b/packages/qualys_vmdr/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.0.0" + changes: + - description: Release package as GA. + type: enhancement + link: https://github.com/elastic/integrations/pull/8833 - version: 0.8.1 changes: - description: Fix mapping of vulnerability type and severity. diff --git a/packages/qualys_vmdr/manifest.yml b/packages/qualys_vmdr/manifest.yml index 4bf93f830ab..e77328626ff 100644 --- a/packages/qualys_vmdr/manifest.yml +++ b/packages/qualys_vmdr/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.0" name: qualys_vmdr title: Qualys VMDR -version: "0.8.1" +version: "1.0.0" description: Collect data from Qualys VMDR platform with Elastic Agent. type: integration categories: diff --git a/packages/symantec_edr_cloud/changelog.yml b/packages/symantec_edr_cloud/changelog.yml index 2d7fa2eb17b..4cdf1e2eae1 100644 --- a/packages/symantec_edr_cloud/changelog.yml +++ b/packages/symantec_edr_cloud/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.0.0" + changes: + - description: Release package as GA. + type: enhancement + link: https://github.com/elastic/integrations/pull/8833 - version: "0.3.0" changes: - description: Limit request tracer log count to five. diff --git a/packages/symantec_edr_cloud/manifest.yml b/packages/symantec_edr_cloud/manifest.yml index 88b915161f0..4bef72b0ce1 100644 --- a/packages/symantec_edr_cloud/manifest.yml +++ b/packages/symantec_edr_cloud/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.0.0 name: symantec_edr_cloud title: Symantec EDR Cloud -version: "0.3.0" +version: "1.0.0" source: license: Elastic-2.0 description: Collect logs from Symantec EDR Cloud with Elastic Agent. diff --git a/packages/ti_maltiverse/changelog.yml b/packages/ti_maltiverse/changelog.yml index 8cbf298bc1f..f26610374c3 100644 --- a/packages/ti_maltiverse/changelog.yml +++ b/packages/ti_maltiverse/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.0.0" + changes: + - description: Release package as GA. + type: enhancement + link: https://github.com/elastic/integrations/pull/8833 - version: "0.8.0" changes: - description: Limit request tracer log count to five. diff --git a/packages/ti_maltiverse/manifest.yml b/packages/ti_maltiverse/manifest.yml index 186c7c9b45d..b26154ab5fe 100644 --- a/packages/ti_maltiverse/manifest.yml +++ b/packages/ti_maltiverse/manifest.yml @@ -1,6 +1,6 @@ name: ti_maltiverse title: Maltiverse -version: "0.8.0" +version: "1.0.0" description: Ingest threat intelligence indicators from Maltiverse feeds with Elastic Agent type: integration format_version: 3.0.0 diff --git a/packages/ti_mandiant_advantage/_dev/deploy/docker/docker-compose.yml b/packages/ti_mandiant_advantage/_dev/deploy/docker/docker-compose.yml index f18823d53f8..23825bae07e 100644 --- a/packages/ti_mandiant_advantage/_dev/deploy/docker/docker-compose.yml +++ b/packages/ti_mandiant_advantage/_dev/deploy/docker/docker-compose.yml @@ -3,12 +3,12 @@ services: ti_mandiant_advantage: image: docker.elastic.co/observability/stream:v0.6.1 ports: - - 8080 + - 8080 volumes: - - ./files:/files:ro + - ./files:/files:ro environment: PORT: 8080 command: - - http-server - - --addr=:8080 - - --config=/files/config.yml \ No newline at end of file + - http-server + - --addr=:8080 + - --config=/files/config.yml diff --git a/packages/ti_mandiant_advantage/_dev/deploy/docker/files/config.yml b/packages/ti_mandiant_advantage/_dev/deploy/docker/files/config.yml index 2570ebb92c4..484cb472b60 100644 --- a/packages/ti_mandiant_advantage/_dev/deploy/docker/files/config.yml +++ b/packages/ti_mandiant_advantage/_dev/deploy/docker/files/config.yml @@ -1,301 +1,182 @@ rules: -- path: /v4/indicator - methods: [ "GET" ] - request_headers: - authorization: [ "Basic .*" ] - query_params: - limit: 1000 - last_seen: asc - gte_mscore: 0 - next: next_page - start_epoch: "{start_epoch:.*}" - end_epoch: "{end_epoch:.*}" - responses: - - status_code: 200 - body: |- - { - "indicators": [ + - path: /v4/indicator + methods: ["GET"] + request_headers: + authorization: ["Basic .*"] + query_params: + limit: 1000 + last_seen: asc + gte_mscore: 0 + next: next_page + start_epoch: "{start_epoch:.*}" + end_epoch: "{end_epoch:.*}" + responses: + - status_code: 200 + body: |- { - "id": "fqdn--33bf4df5-3564-51e3-84f1-ca9d5bc2329e", - "mscore": 27, - "type": "fqdn", - "value": "ru.wikibooks.org", - "is_publishable": true, - "sources": [ + "indicators": [ { - "first_seen": "2022-09-06T00:46:38.722+0000", - "last_seen": "2023-03-23T21:42:34.707+0000", - "osint": true, - "category": ["test"], - "source_name": "dtm.blackbeard" + "id": "fqdn--33bf4df5-3564-51e3-84f1-ca9d5bc2329e", + "mscore": 27, + "type": "fqdn", + "value": "ru.wikibooks.org", + "is_publishable": true, + "sources": [ + { + "first_seen": "2022-09-06T00:46:38.722+0000", + "last_seen": "2023-03-23T21:42:34.707+0000", + "osint": true, + "category": ["test"], + "source_name": "dtm.blackbeard" + }, + { + "first_seen": "2022-11-29T16:24:52.984+0000", + "last_seen": "2022-11-29T16:24:52.984+0000", + "osint": true, + "category": [], + "source_name": "dtm.vanellope" + } + ], + "misp": { + "akamai": false, + "alexa": false, + "alexa_1M": true, + "amazon-aws": false, + "apple": false, + "automated-malware-analysis": false, + "bank-website": false, + "captive-portals": false, + "cisco_1M": true, + "cisco_top1000": false, + "cisco_top10k": false, + "cisco_top20k": false, + "cisco_top5k": false, + "cloudflare": false, + "common-contact-emails": false, + "common-ioc-false-positive": false, + "covid": false, + "covid-19-cyber-threat-coalition-whitelist": false, + "covid-19-krassi-whitelist": false, + "crl-hostname": false, + "crl-ip": false, + "dax30": false, + "disposable-email": false, + "dynamic-dns": false, + "eicar.com": false, + "empty-hashes": false, + "fastly": false, + "google": false, + "google-chrome-crux-1million": true, + "google-gcp": false, + "google-gmail-sending-ips": false, + "googlebot": false, + "ipv6-linklocal": false, + "majestic_million": true, + "majestic_million_1M": true, + "microsoft": false, + "microsoft-attack-simulator": false, + "microsoft-azure": false, + "microsoft-azure-appid": false, + "microsoft-azure-china": false, + "microsoft-azure-germany": false, + "microsoft-azure-us-gov": false, + "microsoft-office365": false, + "microsoft-office365-cn": false, + "microsoft-office365-ip": false, + "microsoft-win10-connection-endpoints": false, + "moz-top500": false, + "mozilla-CA": false, + "mozilla-IntermediateCA": false, + "multicast": false, + "nioc-filehash": false, + "ovh-cluster": false, + "parking-domain": false, + "parking-domain-ns": false, + "phone_numbers": false, + "public-dns-hostname": false, + "public-dns-v4": false, + "public-dns-v6": false, + "public-ipfs-gateways": false, + "rfc1918": false, + "rfc3849": false, + "rfc5735": false, + "rfc6598": false, + "rfc6761": false, + "second-level-tlds": true, + "security-provider-blogpost": false, + "sinkholes": false, + "smtp-receiving-ips": false, + "smtp-sending-ips": false, + "stackpath": false, + "tenable-cloud-ipv4": false, + "tenable-cloud-ipv6": false, + "ti-falsepositives": false, + "tlds": true, + "tranco": true, + "tranco10k": true, + "university_domains": false, + "url-shortener": false, + "vpn-ipv4": false, + "vpn-ipv6": false, + "whats-my-ip": false, + "wikimedia": false + }, + "last_updated": "2023-04-25T09:36:05.822Z", + "first_seen": "2022-09-06T00:46:38.000Z", + "last_seen": "2023-03-23T21:42:34.000Z" }, { - "first_seen": "2022-11-29T16:24:52.984+0000", - "last_seen": "2022-11-29T16:24:52.984+0000", - "osint": true, - "category": [], - "source_name": "dtm.vanellope" - } - ], - "misp": { - "akamai": false, - "alexa": false, - "alexa_1M": true, - "amazon-aws": false, - "apple": false, - "automated-malware-analysis": false, - "bank-website": false, - "captive-portals": false, - "cisco_1M": true, - "cisco_top1000": false, - "cisco_top10k": false, - "cisco_top20k": false, - "cisco_top5k": false, - "cloudflare": false, - "common-contact-emails": false, - "common-ioc-false-positive": false, - "covid": false, - "covid-19-cyber-threat-coalition-whitelist": false, - "covid-19-krassi-whitelist": false, - "crl-hostname": false, - "crl-ip": false, - "dax30": false, - "disposable-email": false, - "dynamic-dns": false, - "eicar.com": false, - "empty-hashes": false, - "fastly": false, - "google": false, - "google-chrome-crux-1million": true, - "google-gcp": false, - "google-gmail-sending-ips": false, - "googlebot": false, - "ipv6-linklocal": false, - "majestic_million": true, - "majestic_million_1M": true, - "microsoft": false, - "microsoft-attack-simulator": false, - "microsoft-azure": false, - "microsoft-azure-appid": false, - "microsoft-azure-china": false, - "microsoft-azure-germany": false, - "microsoft-azure-us-gov": false, - "microsoft-office365": false, - "microsoft-office365-cn": false, - "microsoft-office365-ip": false, - "microsoft-win10-connection-endpoints": false, - "moz-top500": false, - "mozilla-CA": false, - "mozilla-IntermediateCA": false, - "multicast": false, - "nioc-filehash": false, - "ovh-cluster": false, - "parking-domain": false, - "parking-domain-ns": false, - "phone_numbers": false, - "public-dns-hostname": false, - "public-dns-v4": false, - "public-dns-v6": false, - "public-ipfs-gateways": false, - "rfc1918": false, - "rfc3849": false, - "rfc5735": false, - "rfc6598": false, - "rfc6761": false, - "second-level-tlds": true, - "security-provider-blogpost": false, - "sinkholes": false, - "smtp-receiving-ips": false, - "smtp-sending-ips": false, - "stackpath": false, - "tenable-cloud-ipv4": false, - "tenable-cloud-ipv6": false, - "ti-falsepositives": false, - "tlds": true, - "tranco": true, - "tranco10k": true, - "university_domains": false, - "url-shortener": false, - "vpn-ipv4": false, - "vpn-ipv6": false, - "whats-my-ip": false, - "wikimedia": false - }, - "last_updated": "2023-04-25T09:36:05.822Z", - "first_seen": "2022-09-06T00:46:38.000Z", - "last_seen": "2023-03-23T21:42:34.000Z" - }, - { - "id": "md5--9206e4aa-ef81-5d32-9724-78d7268bab7d", - "mscore": 100, - "type": "md5", - "value": "75e8e2342634fd4435dd1bf222eb6e7c", - "is_publishable": true, - "sources": [ - { - "first_seen": "2023-06-06T20:31:40.000+0000", - "last_seen": "2023-06-06T20:31:40.000+0000", - "osint": false, - "category": [], - "source_name": "Mandiant" - }, - { - "first_seen": "2023-02-14T21:46:04.000+0000", - "last_seen": "2023-03-24T12:50:06.000+0000", - "osint": false, - "category": [], - "source_name": "Mandiant" - } - ], - "associated_hashes": [ - { "id": "md5--9206e4aa-ef81-5d32-9724-78d7268bab7d", + "mscore": 100, "type": "md5", - "value": "75e8e2342634fd4435dd1bf222eb6e7c" - }, - { - "id": "sha1--fcc24c83-b70c-57da-b1ac-d861b1abc905", - "type": "sha1", - "value": "1dec6c50f2733f04347eb40a76424767e6bd2f26" - }, - { - "id": "sha256--fc96c920-8a89-5ab6-adb5-fa5f1012a714", - "type": "sha256", - "value": "60358086ea6d76d2b36f09c2b749f647c04352c48d6a0a0e4cd47c94b4dfe701" - } - ], - "attributed_associations": [ - { - "id": "threat-actor--6ca32cd4-0c60-5f0b-91fb-e6e590f1f10b", - "name": "UNC961", - "type": "threat-actor" - }, - { - "id": "malware--6c9e3c50-490d-5a8f-8ed6-56510a62055b", - "name": "IHSBACKCONNECT", - "type": "malware" - } - ], - "misp": { - "akamai": false, - "alexa": false, - "amazon-aws": false, - "apple": false, - "automated-malware-analysis": false, - "bank-website": false, - "captive-portals": false, - "cisco_1M": false, - "cisco_top1000": false, - "cisco_top10k": false, - "cisco_top20k": false, - "cisco_top5k": false, - "cloudflare": false, - "common-contact-emails": false, - "common-ioc-false-positive": false, - "covid": false, - "covid-19-cyber-threat-coalition-whitelist": false, - "covid-19-krassi-whitelist": false, - "crl-hostname": false, - "crl-ip": false, - "dax30": false, - "disposable-email": false, - "dynamic-dns": false, - "eicar.com": false, - "empty-hashes": false, - "fastly": false, - "google": false, - "google-chrome-crux-1million": false, - "google-gcp": false, - "google-gmail-sending-ips": false, - "googlebot": false, - "ipv6-linklocal": false, - "majestic_million": false, - "majestic_million_1M": false, - "microsoft": false, - "microsoft-attack-simulator": false, - "microsoft-azure": false, - "microsoft-azure-appid": false, - "microsoft-azure-china": false, - "microsoft-azure-germany": false, - "microsoft-azure-us-gov": false, - "microsoft-office365": false, - "microsoft-office365-cn": false, - "microsoft-office365-ip": false, - "microsoft-win10-connection-endpoints": false, - "moz-top500": false, - "mozilla-CA": false, - "mozilla-IntermediateCA": false, - "multicast": false, - "nioc-filehash": false, - "ovh-cluster": false, - "parking-domain": false, - "parking-domain-ns": false, - "phone_numbers": false, - "public-dns-hostname": false, - "public-dns-v4": false, - "public-dns-v6": false, - "public-ipfs-gateways": false, - "rfc1918": false, - "rfc3849": false, - "rfc5735": false, - "rfc6598": false, - "rfc6761": false, - "second-level-tlds": false, - "security-provider-blogpost": false, - "sinkholes": false, - "smtp-receiving-ips": false, - "smtp-sending-ips": false, - "stackpath": false, - "tenable-cloud-ipv4": false, - "tenable-cloud-ipv6": false, - "ti-falsepositives": false, - "tlds": false, - "tranco": false, - "tranco10k": false, - "university_domains": false, - "url-shortener": false, - "vpn-ipv4": false, - "vpn-ipv6": false, - "whats-my-ip": false, - "wikimedia": false - }, - "last_updated": "2023-06-07T03:29:52.830Z", - "first_seen": "2023-02-14T21:46:04.000Z", - "last_seen": "2023-06-06T20:31:40.000Z" - } - ] - } -- path: /v4/indicator - methods: [ "GET" ] - request_headers: - Authorization: [ "Basic .*" ] - query_params: - limit: 1000 - last_seen: asc - gte_mscore: 0 - start_epoch: "{start_epoch:.*}" - end_epoch: "{end_epoch:.*}" - responses: - - status_code: 200 - body: |- - { - "indicators": [ - { - "id": "ipv4--23d463d2-b155-5e8b-89d8-ba782fc04df9", - "mscore": 99, - "type": "ipv4", - "value": "59.88.227.76", - "is_publishable": true, - "sources": [ + "value": "75e8e2342634fd4435dd1bf222eb6e7c", + "is_publishable": true, + "sources": [ + { + "first_seen": "2023-06-06T20:31:40.000+0000", + "last_seen": "2023-06-06T20:31:40.000+0000", + "osint": false, + "category": [], + "source_name": "Mandiant" + }, { - "first_seen": "2023-03-23T21:51:01.070+0000", - "last_seen": "2023-03-23T21:51:01.070+0000", - "osint": true, - "category": [], - "source_name": "urlhaus" + "first_seen": "2023-02-14T21:46:04.000+0000", + "last_seen": "2023-03-24T12:50:06.000+0000", + "osint": false, + "category": [], + "source_name": "Mandiant" } - ], - "misp": { + ], + "associated_hashes": [ + { + "id": "md5--9206e4aa-ef81-5d32-9724-78d7268bab7d", + "type": "md5", + "value": "75e8e2342634fd4435dd1bf222eb6e7c" + }, + { + "id": "sha1--fcc24c83-b70c-57da-b1ac-d861b1abc905", + "type": "sha1", + "value": "1dec6c50f2733f04347eb40a76424767e6bd2f26" + }, + { + "id": "sha256--fc96c920-8a89-5ab6-adb5-fa5f1012a714", + "type": "sha256", + "value": "60358086ea6d76d2b36f09c2b749f647c04352c48d6a0a0e4cd47c94b4dfe701" + } + ], + "attributed_associations": [ + { + "id": "threat-actor--6ca32cd4-0c60-5f0b-91fb-e6e590f1f10b", + "name": "UNC961", + "type": "threat-actor" + }, + { + "id": "malware--6c9e3c50-490d-5a8f-8ed6-56510a62055b", + "name": "IHSBACKCONNECT", + "type": "malware" + } + ], + "misp": { "akamai": false, "alexa": false, "amazon-aws": false, @@ -317,7 +198,6 @@ rules: "crl-hostname": false, "crl-ip": false, "dax30": false, - "digitalside": false, "disposable-email": false, "dynamic-dns": false, "eicar.com": false, @@ -378,12 +258,132 @@ rules: "vpn-ipv6": false, "whats-my-ip": false, "wikimedia": false - }, - "last_updated": "2023-06-30T03:59:36.027Z", - "first_seen": "2023-03-23T21:51:01.000Z", - "last_seen": "2023-03-23T21:51:01.000Z", - "campaigns": [] - } - ], - "next": "next_page" - } + }, + "last_updated": "2023-06-07T03:29:52.830Z", + "first_seen": "2023-02-14T21:46:04.000Z", + "last_seen": "2023-06-06T20:31:40.000Z" + } + ] + } + - path: /v4/indicator + methods: ["GET"] + request_headers: + Authorization: ["Basic .*"] + query_params: + limit: 1000 + last_seen: asc + gte_mscore: 0 + start_epoch: "{start_epoch:.*}" + end_epoch: "{end_epoch:.*}" + responses: + - status_code: 200 + body: |- + { + "indicators": [ + { + "id": "ipv4--23d463d2-b155-5e8b-89d8-ba782fc04df9", + "mscore": 99, + "type": "ipv4", + "value": "59.88.227.76", + "is_publishable": true, + "sources": [ + { + "first_seen": "2023-03-23T21:51:01.070+0000", + "last_seen": "2023-03-23T21:51:01.070+0000", + "osint": true, + "category": [], + "source_name": "urlhaus" + } + ], + "misp": { + "akamai": false, + "alexa": false, + "amazon-aws": false, + "apple": false, + "automated-malware-analysis": false, + "bank-website": false, + "captive-portals": false, + "cisco_1M": false, + "cisco_top1000": false, + "cisco_top10k": false, + "cisco_top20k": false, + "cisco_top5k": false, + "cloudflare": false, + "common-contact-emails": false, + "common-ioc-false-positive": false, + "covid": false, + "covid-19-cyber-threat-coalition-whitelist": false, + "covid-19-krassi-whitelist": false, + "crl-hostname": false, + "crl-ip": false, + "dax30": false, + "digitalside": false, + "disposable-email": false, + "dynamic-dns": false, + "eicar.com": false, + "empty-hashes": false, + "fastly": false, + "google": false, + "google-chrome-crux-1million": false, + "google-gcp": false, + "google-gmail-sending-ips": false, + "googlebot": false, + "ipv6-linklocal": false, + "majestic_million": false, + "majestic_million_1M": false, + "microsoft": false, + "microsoft-attack-simulator": false, + "microsoft-azure": false, + "microsoft-azure-appid": false, + "microsoft-azure-china": false, + "microsoft-azure-germany": false, + "microsoft-azure-us-gov": false, + "microsoft-office365": false, + "microsoft-office365-cn": false, + "microsoft-office365-ip": false, + "microsoft-win10-connection-endpoints": false, + "moz-top500": false, + "mozilla-CA": false, + "mozilla-IntermediateCA": false, + "multicast": false, + "nioc-filehash": false, + "ovh-cluster": false, + "parking-domain": false, + "parking-domain-ns": false, + "phone_numbers": false, + "public-dns-hostname": false, + "public-dns-v4": false, + "public-dns-v6": false, + "public-ipfs-gateways": false, + "rfc1918": false, + "rfc3849": false, + "rfc5735": false, + "rfc6598": false, + "rfc6761": false, + "second-level-tlds": false, + "security-provider-blogpost": false, + "sinkholes": false, + "smtp-receiving-ips": false, + "smtp-sending-ips": false, + "stackpath": false, + "tenable-cloud-ipv4": false, + "tenable-cloud-ipv6": false, + "ti-falsepositives": false, + "tlds": false, + "tranco": false, + "tranco10k": false, + "university_domains": false, + "url-shortener": false, + "vpn-ipv4": false, + "vpn-ipv6": false, + "whats-my-ip": false, + "wikimedia": false + }, + "last_updated": "2023-06-30T03:59:36.027Z", + "first_seen": "2023-03-23T21:51:01.000Z", + "last_seen": "2023-03-23T21:51:01.000Z", + "campaigns": [] + } + ], + "next": "next_page" + } diff --git a/packages/ti_mandiant_advantage/changelog.yml b/packages/ti_mandiant_advantage/changelog.yml index 2bc633f4a0b..8950113d2da 100644 --- a/packages/ti_mandiant_advantage/changelog.yml +++ b/packages/ti_mandiant_advantage/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.0.0" + changes: + - description: Release package as GA. + type: enhancement + link: https://github.com/elastic/integrations/pull/8833 - version: "0.1.0" changes: - description: Initial release of Mandiant Advantage Elastic Integration. diff --git a/packages/ti_mandiant_advantage/data_stream/threat_intelligence/_dev/test/pipeline/test-threat-intelligence-fqdn-event.json b/packages/ti_mandiant_advantage/data_stream/threat_intelligence/_dev/test/pipeline/test-threat-intelligence-fqdn-event.json index 0f7b10309a4..aed6f899e0e 100644 --- a/packages/ti_mandiant_advantage/data_stream/threat_intelligence/_dev/test/pipeline/test-threat-intelligence-fqdn-event.json +++ b/packages/ti_mandiant_advantage/data_stream/threat_intelligence/_dev/test/pipeline/test-threat-intelligence-fqdn-event.json @@ -1,8 +1,8 @@ { - "events": [ - { - "@timestamp": "2023-03-23T21:59:18.000Z", - "message": "{\n\"id\": \"fqdn--f209c6f2-fe91-517a-a089-c93845fdbe3f\",\n\"mscore\": 100,\n\"type\": \"fqdn\",\n\"value\": \"example.com\",\n\"is_publishable\": true,\n\"sources\": [\n {\n \"first_seen\": \"2023-02-27T23:15:01.045+0000\",\n \"last_seen\": \"2023-03-18T23:15:01.125+0000\",\n \"osint\": true,\n \"category\": [\n\"malware\"\n ],\n \"source_name\": \"ookangzheng\"\n },\n {\n \"first_seen\": \"2023-02-25T15:31:26.139+0000\",\n \"last_seen\": \"2023-03-23T21:59:18.605+0000\",\n \"osint\": false,\n \"category\": [],\n \"source_name\": \"Mandiant\"\n },\n {\n \"first_seen\": \"2023-02-26T23:57:25.905+0000\",\n \"last_seen\": \"2023-03-23T21:57:12.789+0000\",\n \"osint\": false,\n \"category\": [],\n \"source_name\": \"Mandiant\"\n },\n {\n \"first_seen\": \"2023-02-26T23:57:02.839+0000\",\n \"last_seen\": \"2023-02-28T00:57:04.607+0000\",\n \"osint\": true,\n \"category\": [\n\"phishing\"\n ],\n \"source_name\": \"phishtank\"\n }\n],\n\"misp\": {\n \"akamai\": false,\n \"alexa\": false,\n \"amazon-aws\": false,\n \"apple\": false,\n \"automated-malware-analysis\": false,\n \"bank-website\": false,\n \"captive-portals\": false,\n \"cisco_1M\": false,\n \"cisco_top1000\": false,\n \"cisco_top10k\": false,\n \"cisco_top20k\": false,\n \"cisco_top5k\": false,\n \"cloudflare\": false,\n \"common-contact-emails\": false,\n \"common-ioc-false-positive\": false,\n \"covid\": false,\n \"covid-19-cyber-threat-coalition-whitelist\": false,\n \"covid-19-krassi-whitelist\": false,\n \"crl-hostname\": false,\n \"crl-ip\": false,\n \"dax30\": false,\n \"disposable-email\": false,\n \"dynamic-dns\": false,\n \"eicar.com\": false,\n \"empty-hashes\": false,\n \"fastly\": false,\n \"google\": false,\n \"google-chrome-crux-1million\": false,\n \"google-gcp\": false,\n \"google-gmail-sending-ips\": false,\n \"googlebot\": false,\n \"ipv6-linklocal\": false,\n \"majestic_million\": true,\n \"majestic_million_1M\": true,\n \"microsoft\": false,\n \"microsoft-attack-simulator\": false,\n \"microsoft-azure\": false,\n \"microsoft-azure-appid\": false,\n \"microsoft-azure-china\": false,\n \"microsoft-azure-germany\": false,\n \"microsoft-azure-us-gov\": false,\n \"microsoft-office365\": false,\n \"microsoft-office365-cn\": false,\n \"microsoft-office365-ip\": false,\n \"microsoft-win10-connection-endpoints\": false,\n \"moz-top500\": false,\n \"mozilla-CA\": false,\n \"mozilla-IntermediateCA\": false,\n \"multicast\": false,\n \"nioc-filehash\": false,\n \"ovh-cluster\": false,\n \"parking-domain\": false,\n \"parking-domain-ns\": false,\n \"phone_numbers\": false,\n \"public-dns-hostname\": false,\n \"public-dns-v4\": false,\n \"public-dns-v6\": false,\n \"public-ipfs-gateways\": false,\n \"rfc1918\": false,\n \"rfc3849\": false,\n \"rfc5735\": false,\n \"rfc6598\": false,\n \"rfc6761\": false,\n \"second-level-tlds\": true,\n \"security-provider-blogpost\": false,\n \"sinkholes\": false,\n \"smtp-receiving-ips\": false,\n \"smtp-sending-ips\": false,\n \"stackpath\": false,\n \"tenable-cloud-ipv4\": false,\n \"tenable-cloud-ipv6\": false,\n \"ti-falsepositives\": false,\n \"tlds\": true,\n \"tranco\": true,\n \"tranco10k\": true,\n \"university_domains\": false,\n \"url-shortener\": false,\n \"vpn-ipv4\": false,\n \"vpn-ipv6\": false,\n \"whats-my-ip\": false,\n \"wikimedia\": false\n},\n\"last_updated\": \"2023-06-02T02:06:34.559Z\",\n\"first_seen\": \"2023-02-25T15:24:00.000Z\",\n\"last_seen\": \"2023-03-23T21:59:18.000Z\"\n }" - } - ] + "events": [ + { + "@timestamp": "2023-03-23T21:59:18.000Z", + "message": "{\n\"id\": \"fqdn--f209c6f2-fe91-517a-a089-c93845fdbe3f\",\n\"mscore\": 100,\n\"type\": \"fqdn\",\n\"value\": \"example.com\",\n\"is_publishable\": true,\n\"sources\": [\n {\n \"first_seen\": \"2023-02-27T23:15:01.045+0000\",\n \"last_seen\": \"2023-03-18T23:15:01.125+0000\",\n \"osint\": true,\n \"category\": [\n\"malware\"\n ],\n \"source_name\": \"ookangzheng\"\n },\n {\n \"first_seen\": \"2023-02-25T15:31:26.139+0000\",\n \"last_seen\": \"2023-03-23T21:59:18.605+0000\",\n \"osint\": false,\n \"category\": [],\n \"source_name\": \"Mandiant\"\n },\n {\n \"first_seen\": \"2023-02-26T23:57:25.905+0000\",\n \"last_seen\": \"2023-03-23T21:57:12.789+0000\",\n \"osint\": false,\n \"category\": [],\n \"source_name\": \"Mandiant\"\n },\n {\n \"first_seen\": \"2023-02-26T23:57:02.839+0000\",\n \"last_seen\": \"2023-02-28T00:57:04.607+0000\",\n \"osint\": true,\n \"category\": [\n\"phishing\"\n ],\n \"source_name\": \"phishtank\"\n }\n],\n\"misp\": {\n \"akamai\": false,\n \"alexa\": false,\n \"amazon-aws\": false,\n \"apple\": false,\n \"automated-malware-analysis\": false,\n \"bank-website\": false,\n \"captive-portals\": false,\n \"cisco_1M\": false,\n \"cisco_top1000\": false,\n \"cisco_top10k\": false,\n \"cisco_top20k\": false,\n \"cisco_top5k\": false,\n \"cloudflare\": false,\n \"common-contact-emails\": false,\n \"common-ioc-false-positive\": false,\n \"covid\": false,\n \"covid-19-cyber-threat-coalition-whitelist\": false,\n \"covid-19-krassi-whitelist\": false,\n \"crl-hostname\": false,\n \"crl-ip\": false,\n \"dax30\": false,\n \"disposable-email\": false,\n \"dynamic-dns\": false,\n \"eicar.com\": false,\n \"empty-hashes\": false,\n \"fastly\": false,\n \"google\": false,\n \"google-chrome-crux-1million\": false,\n \"google-gcp\": false,\n \"google-gmail-sending-ips\": false,\n \"googlebot\": false,\n \"ipv6-linklocal\": false,\n \"majestic_million\": true,\n \"majestic_million_1M\": true,\n \"microsoft\": false,\n \"microsoft-attack-simulator\": false,\n \"microsoft-azure\": false,\n \"microsoft-azure-appid\": false,\n \"microsoft-azure-china\": false,\n \"microsoft-azure-germany\": false,\n \"microsoft-azure-us-gov\": false,\n \"microsoft-office365\": false,\n \"microsoft-office365-cn\": false,\n \"microsoft-office365-ip\": false,\n \"microsoft-win10-connection-endpoints\": false,\n \"moz-top500\": false,\n \"mozilla-CA\": false,\n \"mozilla-IntermediateCA\": false,\n \"multicast\": false,\n \"nioc-filehash\": false,\n \"ovh-cluster\": false,\n \"parking-domain\": false,\n \"parking-domain-ns\": false,\n \"phone_numbers\": false,\n \"public-dns-hostname\": false,\n \"public-dns-v4\": false,\n \"public-dns-v6\": false,\n \"public-ipfs-gateways\": false,\n \"rfc1918\": false,\n \"rfc3849\": false,\n \"rfc5735\": false,\n \"rfc6598\": false,\n \"rfc6761\": false,\n \"second-level-tlds\": true,\n \"security-provider-blogpost\": false,\n \"sinkholes\": false,\n \"smtp-receiving-ips\": false,\n \"smtp-sending-ips\": false,\n \"stackpath\": false,\n \"tenable-cloud-ipv4\": false,\n \"tenable-cloud-ipv6\": false,\n \"ti-falsepositives\": false,\n \"tlds\": true,\n \"tranco\": true,\n \"tranco10k\": true,\n \"university_domains\": false,\n \"url-shortener\": false,\n \"vpn-ipv4\": false,\n \"vpn-ipv6\": false,\n \"whats-my-ip\": false,\n \"wikimedia\": false\n},\n\"last_updated\": \"2023-06-02T02:06:34.559Z\",\n\"first_seen\": \"2023-02-25T15:24:00.000Z\",\n\"last_seen\": \"2023-03-23T21:59:18.000Z\"\n }" + } + ] } \ No newline at end of file diff --git a/packages/ti_mandiant_advantage/data_stream/threat_intelligence/_dev/test/pipeline/test-threat-intelligence-ipv4-event.json b/packages/ti_mandiant_advantage/data_stream/threat_intelligence/_dev/test/pipeline/test-threat-intelligence-ipv4-event.json index 5047d519672..085c9754991 100644 --- a/packages/ti_mandiant_advantage/data_stream/threat_intelligence/_dev/test/pipeline/test-threat-intelligence-ipv4-event.json +++ b/packages/ti_mandiant_advantage/data_stream/threat_intelligence/_dev/test/pipeline/test-threat-intelligence-ipv4-event.json @@ -1,8 +1,8 @@ { - "events": [ - { - "@timestamp": "2023-05-05T15:45:59.710Z", - "message": "{\n\"id\": \"ipv4--af6febd0-3351-5b32-a66c-bbac306c7360\",\n\"mscore\": 50,\n\"type\": \"ipv4\",\n\"value\": \"1.128.3.4\",\n\"is_publishable\": true,\n\"sources\": [\n {\n\"first_seen\": \"2022-09-22T23:40:00.911+0000\",\n\"last_seen\": \"2022-09-23T00:33:09.000+0000\",\n\"osint\": true,\n\"category\": [],\n\"source_name\": \"voipbl\"\n },\n {\n\"first_seen\": \"2022-09-14T09:20:00.904+0000\",\n\"last_seen\": \"2023-02-24T18:20:00.857+0000\",\n\"osint\": true,\n\"category\": [\n \"exploit/vuln-scanning\",\n \"exploit\"\n],\n\"source_name\": \"greensnow\"\n },\n {\n\"first_seen\": \"2022-06-18T23:22:01.386+0000\",\n\"last_seen\": \"2023-03-23T23:22:01.308+0000\",\n\"osint\": true,\n\"category\": [\n \"spam/sender\",\n \"spam\"\n],\n\"source_name\": \"sblam_blacklist\"\n },\n {\n\"first_seen\": \"2022-09-14T23:34:04.312+0000\",\n\"last_seen\": \"2022-09-23T00:33:09.000+0000\",\n\"osint\": true,\n\"category\": [],\n\"source_name\": \"blocklist_net_ua\"\n }\n],\n\"misp\": {\n \"akamai\": false,\n \"alexa\": false,\n \"alexa_1M\": false,\n \"amazon-aws\": false,\n \"apple\": false,\n \"automated-malware-analysis\": false,\n \"bank-website\": false,\n \"captive-portals\": false,\n \"cisco_1M\": false,\n \"cisco_top1000\": false,\n \"cisco_top10k\": false,\n \"cisco_top20k\": false,\n \"cisco_top5k\": false,\n \"cloudflare\": false,\n \"common-contact-emails\": false,\n \"common-ioc-false-positive\": false,\n \"covid\": false,\n \"covid-19-cyber-threat-coalition-whitelist\": false,\n \"covid-19-krassi-whitelist\": false,\n \"crl-hostname\": false,\n \"crl-ip\": false,\n \"dax30\": false,\n \"disposable-email\": false,\n \"dynamic-dns\": false,\n \"eicar.com\": false,\n \"empty-hashes\": false,\n \"fastly\": false,\n \"google\": false,\n \"google-chrome-crux-1million\": false,\n \"google-gcp\": false,\n \"google-gmail-sending-ips\": false,\n \"googlebot\": false,\n \"ipv6-linklocal\": false,\n \"majestic_million\": false,\n \"majestic_million_1M\": false,\n \"microsoft\": false,\n \"microsoft-attack-simulator\": false,\n \"microsoft-azure\": false,\n \"microsoft-azure-appid\": false,\n \"microsoft-azure-china\": false,\n \"microsoft-azure-germany\": false,\n \"microsoft-azure-us-gov\": false,\n \"microsoft-office365\": false,\n \"microsoft-office365-cn\": false,\n \"microsoft-office365-ip\": false,\n \"microsoft-win10-connection-endpoints\": false,\n \"moz-top500\": false,\n \"mozilla-CA\": false,\n \"mozilla-IntermediateCA\": false,\n \"multicast\": false,\n \"nioc-filehash\": false,\n \"ovh-cluster\": false,\n \"parking-domain\": false,\n \"parking-domain-ns\": false,\n \"phone_numbers\": false,\n \"public-dns-hostname\": false,\n \"public-dns-v4\": false,\n \"public-dns-v6\": false,\n \"public-ipfs-gateways\": false,\n \"rfc1918\": false,\n \"rfc3849\": false,\n \"rfc5735\": false,\n \"rfc6598\": false,\n \"rfc6761\": false,\n \"second-level-tlds\": false,\n \"security-provider-blogpost\": false,\n \"sinkholes\": false,\n \"smtp-receiving-ips\": false,\n \"smtp-sending-ips\": false,\n \"stackpath\": false,\n \"tenable-cloud-ipv4\": false,\n \"tenable-cloud-ipv6\": false,\n \"ti-falsepositives\": false,\n \"tlds\": false,\n \"tranco\": false,\n \"tranco10k\": false,\n \"university_domains\": false,\n \"url-shortener\": false,\n \"vpn-ipv4\": true,\n \"vpn-ipv6\": false,\n \"whats-my-ip\": false,\n \"wikimedia\": false\n},\n\"last_updated\": \"2023-05-05T15:45:59.710Z\",\n\"first_seen\": \"2022-06-18T23:22:01.000Z\",\n\"last_seen\": \"2023-03-23T23:22:01.000Z\"\n }" - } - ] + "events": [ + { + "@timestamp": "2023-05-05T15:45:59.710Z", + "message": "{\n\"id\": \"ipv4--af6febd0-3351-5b32-a66c-bbac306c7360\",\n\"mscore\": 50,\n\"type\": \"ipv4\",\n\"value\": \"1.128.3.4\",\n\"is_publishable\": true,\n\"sources\": [\n {\n\"first_seen\": \"2022-09-22T23:40:00.911+0000\",\n\"last_seen\": \"2022-09-23T00:33:09.000+0000\",\n\"osint\": true,\n\"category\": [],\n\"source_name\": \"voipbl\"\n },\n {\n\"first_seen\": \"2022-09-14T09:20:00.904+0000\",\n\"last_seen\": \"2023-02-24T18:20:00.857+0000\",\n\"osint\": true,\n\"category\": [\n \"exploit/vuln-scanning\",\n \"exploit\"\n],\n\"source_name\": \"greensnow\"\n },\n {\n\"first_seen\": \"2022-06-18T23:22:01.386+0000\",\n\"last_seen\": \"2023-03-23T23:22:01.308+0000\",\n\"osint\": true,\n\"category\": [\n \"spam/sender\",\n \"spam\"\n],\n\"source_name\": \"sblam_blacklist\"\n },\n {\n\"first_seen\": \"2022-09-14T23:34:04.312+0000\",\n\"last_seen\": \"2022-09-23T00:33:09.000+0000\",\n\"osint\": true,\n\"category\": [],\n\"source_name\": \"blocklist_net_ua\"\n }\n],\n\"misp\": {\n \"akamai\": false,\n \"alexa\": false,\n \"alexa_1M\": false,\n \"amazon-aws\": false,\n \"apple\": false,\n \"automated-malware-analysis\": false,\n \"bank-website\": false,\n \"captive-portals\": false,\n \"cisco_1M\": false,\n \"cisco_top1000\": false,\n \"cisco_top10k\": false,\n \"cisco_top20k\": false,\n \"cisco_top5k\": false,\n \"cloudflare\": false,\n \"common-contact-emails\": false,\n \"common-ioc-false-positive\": false,\n \"covid\": false,\n \"covid-19-cyber-threat-coalition-whitelist\": false,\n \"covid-19-krassi-whitelist\": false,\n \"crl-hostname\": false,\n \"crl-ip\": false,\n \"dax30\": false,\n \"disposable-email\": false,\n \"dynamic-dns\": false,\n \"eicar.com\": false,\n \"empty-hashes\": false,\n \"fastly\": false,\n \"google\": false,\n \"google-chrome-crux-1million\": false,\n \"google-gcp\": false,\n \"google-gmail-sending-ips\": false,\n \"googlebot\": false,\n \"ipv6-linklocal\": false,\n \"majestic_million\": false,\n \"majestic_million_1M\": false,\n \"microsoft\": false,\n \"microsoft-attack-simulator\": false,\n \"microsoft-azure\": false,\n \"microsoft-azure-appid\": false,\n \"microsoft-azure-china\": false,\n \"microsoft-azure-germany\": false,\n \"microsoft-azure-us-gov\": false,\n \"microsoft-office365\": false,\n \"microsoft-office365-cn\": false,\n \"microsoft-office365-ip\": false,\n \"microsoft-win10-connection-endpoints\": false,\n \"moz-top500\": false,\n \"mozilla-CA\": false,\n \"mozilla-IntermediateCA\": false,\n \"multicast\": false,\n \"nioc-filehash\": false,\n \"ovh-cluster\": false,\n \"parking-domain\": false,\n \"parking-domain-ns\": false,\n \"phone_numbers\": false,\n \"public-dns-hostname\": false,\n \"public-dns-v4\": false,\n \"public-dns-v6\": false,\n \"public-ipfs-gateways\": false,\n \"rfc1918\": false,\n \"rfc3849\": false,\n \"rfc5735\": false,\n \"rfc6598\": false,\n \"rfc6761\": false,\n \"second-level-tlds\": false,\n \"security-provider-blogpost\": false,\n \"sinkholes\": false,\n \"smtp-receiving-ips\": false,\n \"smtp-sending-ips\": false,\n \"stackpath\": false,\n \"tenable-cloud-ipv4\": false,\n \"tenable-cloud-ipv6\": false,\n \"ti-falsepositives\": false,\n \"tlds\": false,\n \"tranco\": false,\n \"tranco10k\": false,\n \"university_domains\": false,\n \"url-shortener\": false,\n \"vpn-ipv4\": true,\n \"vpn-ipv6\": false,\n \"whats-my-ip\": false,\n \"wikimedia\": false\n},\n\"last_updated\": \"2023-05-05T15:45:59.710Z\",\n\"first_seen\": \"2022-06-18T23:22:01.000Z\",\n\"last_seen\": \"2023-03-23T23:22:01.000Z\"\n }" + } + ] } \ No newline at end of file diff --git a/packages/ti_mandiant_advantage/data_stream/threat_intelligence/_dev/test/pipeline/test-threat-intelligence-md5-event.json b/packages/ti_mandiant_advantage/data_stream/threat_intelligence/_dev/test/pipeline/test-threat-intelligence-md5-event.json index 90a8aafd82d..82638d1c408 100644 --- a/packages/ti_mandiant_advantage/data_stream/threat_intelligence/_dev/test/pipeline/test-threat-intelligence-md5-event.json +++ b/packages/ti_mandiant_advantage/data_stream/threat_intelligence/_dev/test/pipeline/test-threat-intelligence-md5-event.json @@ -1,8 +1,8 @@ { - "events": [ - { - "@timestamp": "2023-05-05T15:45:59.710Z", - "message": "{\n\"id\": \"md5--7d3b6c5e-c50b-5203-8808-b560d39aff11\",\n\"mscore\": 100,\n\"type\": \"md5\",\n\"value\": \"373d34874d7bc89fd4cefa6272ee80bf\",\n\"is_exclusive\": true,\n\"is_publishable\": true,\n\"sources\": [\n {\n\"first_seen\": \"2022-06-04T16:00:00.000+0000\",\n\"last_seen\": \"2022-06-04T18:00:00.000+0000\",\n\"osint\": false,\n\"category\": [],\n\"source_name\": \"Mandiant\"\n },\n {\n\"first_seen\": \"2023-02-21T15:10:08.000+0000\",\n\"last_seen\": \"2023-03-24T13:40:10.000+0000\",\n\"osint\": false,\n\"category\": [],\n\"source_name\": \"Mandiant\"\n },\n {\n\"first_seen\": \"2020-10-19T15:01:39.000+0000\",\n\"last_seen\": \"2020-10-19T15:01:39.000+0000\",\n\"osint\": false,\n\"category\": [],\n\"source_name\": \"Mandiant\"\n },\n {\n\"first_seen\": \"2020-02-29T00:30:30.000+0000\",\n\"last_seen\": \"2020-02-29T00:30:30.000+0000\",\n\"osint\": false,\n\"category\": [],\n\"source_name\": \"Mandiant\"\n },\n {\n\"first_seen\": \"2020-02-18T20:25:58.000+0000\",\n\"last_seen\": \"2020-02-18T20:27:17.000+0000\",\n\"osint\": false,\n\"category\": [],\n\"source_name\": \"Mandiant\"\n }\n],\n\"associated_hashes\": [\n {\n\"id\": \"md5--7d3b6c5e-c50b-5203-8808-b560d39aff11\",\n\"type\": \"md5\",\n\"value\": \"373d34874d7bc89fd4cefa6272ee80bf\"\n },\n {\n\"id\": \"sha1--162427ac-5e18-5ff2-8412-6b51c7a4bac0\",\n\"type\": \"sha1\",\n\"value\": \"a7b57d47c1b80c61c61c1bcf9089eed6fdaac756\"\n },\n {\n\"id\": \"sha256--40ccc9f7-1a84-564d-83b2-70d0170464a0\",\n\"type\": \"sha256\",\n\"value\": \"a69fee382cf86f9e457e0688932cbd00671d0d5218f8043f1ee385278ee19c8c\"\n }\n],\n\"attributed_associations\": [\n {\n\"id\": \"threat-actor--09b06892-9738-5c53-b704-368d5ac8dd62\",\n\"name\": \"UNC3313\",\n\"type\": \"threat-actor\"\n },\n {\n\"id\": \"malware--999a4d92-b34f-5ca1-b9ba-e2dd99b669d8\",\n\"name\": \"SMUGPIGEON\",\n\"type\": \"malware\"\n }\n],\n\"misp\": {\n \"akamai\": false,\n \"alexa\": false,\n \"amazon-aws\": false,\n \"apple\": false,\n \"automated-malware-analysis\": false,\n \"bank-website\": false,\n \"captive-portals\": false,\n \"cisco_1M\": false,\n \"cisco_top1000\": false,\n \"cisco_top10k\": false,\n \"cisco_top20k\": false,\n \"cisco_top5k\": false,\n \"cloudflare\": false,\n \"common-contact-emails\": false,\n \"common-ioc-false-positive\": false,\n \"covid\": false,\n \"covid-19-cyber-threat-coalition-whitelist\": false,\n \"covid-19-krassi-whitelist\": false,\n \"crl-hostname\": false,\n \"crl-ip\": false,\n \"dax30\": false,\n \"disposable-email\": false,\n \"dynamic-dns\": false,\n \"eicar.com\": false,\n \"empty-hashes\": false,\n \"fastly\": false,\n \"google\": false,\n \"google-chrome-crux-1million\": false,\n \"google-gcp\": false,\n \"google-gmail-sending-ips\": false,\n \"googlebot\": false,\n \"ipv6-linklocal\": false,\n \"majestic_million\": false,\n \"majestic_million_1M\": false,\n \"microsoft\": false,\n \"microsoft-attack-simulator\": false,\n \"microsoft-azure\": false,\n \"microsoft-azure-appid\": false,\n \"microsoft-azure-china\": false,\n \"microsoft-azure-germany\": false,\n \"microsoft-azure-us-gov\": false,\n \"microsoft-office365\": false,\n \"microsoft-office365-cn\": false,\n \"microsoft-office365-ip\": false,\n \"microsoft-win10-connection-endpoints\": false,\n \"moz-top500\": false,\n \"mozilla-CA\": false,\n \"mozilla-IntermediateCA\": false,\n \"multicast\": false,\n \"nioc-filehash\": false,\n \"ovh-cluster\": false,\n \"parking-domain\": false,\n \"parking-domain-ns\": false,\n \"phone_numbers\": false,\n \"public-dns-hostname\": false,\n \"public-dns-v4\": false,\n \"public-dns-v6\": false,\n \"public-ipfs-gateways\": false,\n \"rfc1918\": false,\n \"rfc3849\": false,\n \"rfc5735\": false,\n \"rfc6598\": false,\n \"rfc6761\": false,\n \"second-level-tlds\": false,\n \"security-provider-blogpost\": false,\n \"sinkholes\": false,\n \"smtp-receiving-ips\": false,\n \"smtp-sending-ips\": false,\n \"stackpath\": false,\n \"tenable-cloud-ipv4\": false,\n \"tenable-cloud-ipv6\": false,\n \"ti-falsepositives\": false,\n \"tlds\": false,\n \"tranco\": false,\n \"tranco10k\": false,\n \"university_domains\": false,\n \"url-shortener\": false,\n \"vpn-ipv4\": false,\n \"vpn-ipv6\": false,\n \"whats-my-ip\": false,\n \"wikimedia\": false\n},\n\"last_updated\": \"2023-05-31T17:55:04.343Z\",\n\"first_seen\": \"2020-02-18T20:25:58.000Z\",\n\"last_seen\": \"2023-03-24T13:40:10.000Z\"\n }" - } - ] + "events": [ + { + "@timestamp": "2023-05-05T15:45:59.710Z", + "message": "{\n\"id\": \"md5--7d3b6c5e-c50b-5203-8808-b560d39aff11\",\n\"mscore\": 100,\n\"type\": \"md5\",\n\"value\": \"373d34874d7bc89fd4cefa6272ee80bf\",\n\"is_exclusive\": true,\n\"is_publishable\": true,\n\"sources\": [\n {\n\"first_seen\": \"2022-06-04T16:00:00.000+0000\",\n\"last_seen\": \"2022-06-04T18:00:00.000+0000\",\n\"osint\": false,\n\"category\": [],\n\"source_name\": \"Mandiant\"\n },\n {\n\"first_seen\": \"2023-02-21T15:10:08.000+0000\",\n\"last_seen\": \"2023-03-24T13:40:10.000+0000\",\n\"osint\": false,\n\"category\": [],\n\"source_name\": \"Mandiant\"\n },\n {\n\"first_seen\": \"2020-10-19T15:01:39.000+0000\",\n\"last_seen\": \"2020-10-19T15:01:39.000+0000\",\n\"osint\": false,\n\"category\": [],\n\"source_name\": \"Mandiant\"\n },\n {\n\"first_seen\": \"2020-02-29T00:30:30.000+0000\",\n\"last_seen\": \"2020-02-29T00:30:30.000+0000\",\n\"osint\": false,\n\"category\": [],\n\"source_name\": \"Mandiant\"\n },\n {\n\"first_seen\": \"2020-02-18T20:25:58.000+0000\",\n\"last_seen\": \"2020-02-18T20:27:17.000+0000\",\n\"osint\": false,\n\"category\": [],\n\"source_name\": \"Mandiant\"\n }\n],\n\"associated_hashes\": [\n {\n\"id\": \"md5--7d3b6c5e-c50b-5203-8808-b560d39aff11\",\n\"type\": \"md5\",\n\"value\": \"373d34874d7bc89fd4cefa6272ee80bf\"\n },\n {\n\"id\": \"sha1--162427ac-5e18-5ff2-8412-6b51c7a4bac0\",\n\"type\": \"sha1\",\n\"value\": \"a7b57d47c1b80c61c61c1bcf9089eed6fdaac756\"\n },\n {\n\"id\": \"sha256--40ccc9f7-1a84-564d-83b2-70d0170464a0\",\n\"type\": \"sha256\",\n\"value\": \"a69fee382cf86f9e457e0688932cbd00671d0d5218f8043f1ee385278ee19c8c\"\n }\n],\n\"attributed_associations\": [\n {\n\"id\": \"threat-actor--09b06892-9738-5c53-b704-368d5ac8dd62\",\n\"name\": \"UNC3313\",\n\"type\": \"threat-actor\"\n },\n {\n\"id\": \"malware--999a4d92-b34f-5ca1-b9ba-e2dd99b669d8\",\n\"name\": \"SMUGPIGEON\",\n\"type\": \"malware\"\n }\n],\n\"misp\": {\n \"akamai\": false,\n \"alexa\": false,\n \"amazon-aws\": false,\n \"apple\": false,\n \"automated-malware-analysis\": false,\n \"bank-website\": false,\n \"captive-portals\": false,\n \"cisco_1M\": false,\n \"cisco_top1000\": false,\n \"cisco_top10k\": false,\n \"cisco_top20k\": false,\n \"cisco_top5k\": false,\n \"cloudflare\": false,\n \"common-contact-emails\": false,\n \"common-ioc-false-positive\": false,\n \"covid\": false,\n \"covid-19-cyber-threat-coalition-whitelist\": false,\n \"covid-19-krassi-whitelist\": false,\n \"crl-hostname\": false,\n \"crl-ip\": false,\n \"dax30\": false,\n \"disposable-email\": false,\n \"dynamic-dns\": false,\n \"eicar.com\": false,\n \"empty-hashes\": false,\n \"fastly\": false,\n \"google\": false,\n \"google-chrome-crux-1million\": false,\n \"google-gcp\": false,\n \"google-gmail-sending-ips\": false,\n \"googlebot\": false,\n \"ipv6-linklocal\": false,\n \"majestic_million\": false,\n \"majestic_million_1M\": false,\n \"microsoft\": false,\n \"microsoft-attack-simulator\": false,\n \"microsoft-azure\": false,\n \"microsoft-azure-appid\": false,\n \"microsoft-azure-china\": false,\n \"microsoft-azure-germany\": false,\n \"microsoft-azure-us-gov\": false,\n \"microsoft-office365\": false,\n \"microsoft-office365-cn\": false,\n \"microsoft-office365-ip\": false,\n \"microsoft-win10-connection-endpoints\": false,\n \"moz-top500\": false,\n \"mozilla-CA\": false,\n \"mozilla-IntermediateCA\": false,\n \"multicast\": false,\n \"nioc-filehash\": false,\n \"ovh-cluster\": false,\n \"parking-domain\": false,\n \"parking-domain-ns\": false,\n \"phone_numbers\": false,\n \"public-dns-hostname\": false,\n \"public-dns-v4\": false,\n \"public-dns-v6\": false,\n \"public-ipfs-gateways\": false,\n \"rfc1918\": false,\n \"rfc3849\": false,\n \"rfc5735\": false,\n \"rfc6598\": false,\n \"rfc6761\": false,\n \"second-level-tlds\": false,\n \"security-provider-blogpost\": false,\n \"sinkholes\": false,\n \"smtp-receiving-ips\": false,\n \"smtp-sending-ips\": false,\n \"stackpath\": false,\n \"tenable-cloud-ipv4\": false,\n \"tenable-cloud-ipv6\": false,\n \"ti-falsepositives\": false,\n \"tlds\": false,\n \"tranco\": false,\n \"tranco10k\": false,\n \"university_domains\": false,\n \"url-shortener\": false,\n \"vpn-ipv4\": false,\n \"vpn-ipv6\": false,\n \"whats-my-ip\": false,\n \"wikimedia\": false\n},\n\"last_updated\": \"2023-05-31T17:55:04.343Z\",\n\"first_seen\": \"2020-02-18T20:25:58.000Z\",\n\"last_seen\": \"2023-03-24T13:40:10.000Z\"\n }" + } + ] } \ No newline at end of file diff --git a/packages/ti_mandiant_advantage/data_stream/threat_intelligence/_dev/test/pipeline/test-threat-intelligence-url-event.json b/packages/ti_mandiant_advantage/data_stream/threat_intelligence/_dev/test/pipeline/test-threat-intelligence-url-event.json index b259c7c305b..4c1abab5165 100644 --- a/packages/ti_mandiant_advantage/data_stream/threat_intelligence/_dev/test/pipeline/test-threat-intelligence-url-event.json +++ b/packages/ti_mandiant_advantage/data_stream/threat_intelligence/_dev/test/pipeline/test-threat-intelligence-url-event.json @@ -1,8 +1,8 @@ { - "events": [ - { - "@timestamp": "2023-03-24T12:50:12.000+0000", - "message": "{\n\"id\": \"url--bc5075be-1937-556b-9f66-1a5fa1df4a82\",\n\"mscore\": 100,\n\"type\": \"url\",\n\"value\": \"https://example.com/some/path\",\n\"is_exclusive\": true,\n\"is_publishable\": true,\n\"sources\": [\n {\n\"first_seen\": \"2023-02-20T00:47:56.000+0000\",\n\"last_seen\": \"2023-03-24T12:50:12.000+0000\",\n\"osint\": false,\n\"category\": [],\n\"source_name\": \"Mandiant\"\n },\n {\n\"first_seen\": \"2023-03-06T17:29:14.000+0000\",\n\"last_seen\": \"2023-03-06T17:29:14.000+0000\",\n\"osint\": false,\n\"category\": [],\n\"source_name\": \"Mandiant\"\n }\n],\n\"attributed_associations\": [\n {\n\"id\": \"threat-actor--6ca32cd4-0c60-5f0b-91fb-e6e590f1f10b\",\n\"name\": \"UNC961\",\n\"type\": \"threat-actor\"\n },\n {\n\"id\": \"malware--6c9e3c50-490d-5a8f-8ed6-56510a62055b\",\n\"name\": \"IHSBACKCONNECT\",\n\"type\": \"malware\"\n }\n],\n\"misp\": {\n \"akamai\": false,\n \"alexa\": false,\n \"alexa_1M\": false,\n \"amazon-aws\": false,\n \"apple\": false,\n \"automated-malware-analysis\": false,\n \"bank-website\": false,\n \"captive-portals\": false,\n \"cisco_1M\": false,\n \"cisco_top1000\": false,\n \"cisco_top10k\": false,\n \"cisco_top20k\": false,\n \"cisco_top5k\": false,\n \"cloudflare\": false,\n \"common-contact-emails\": false,\n \"common-ioc-false-positive\": false,\n \"covid\": false,\n \"covid-19-cyber-threat-coalition-whitelist\": false,\n \"covid-19-krassi-whitelist\": false,\n \"crl-hostname\": false,\n \"crl-ip\": false,\n \"dax30\": false,\n \"disposable-email\": false,\n \"dynamic-dns\": false,\n \"eicar.com\": false,\n \"empty-hashes\": false,\n \"fastly\": false,\n \"google\": false,\n \"google-chrome-crux-1million\": false,\n \"google-gcp\": false,\n \"google-gmail-sending-ips\": false,\n \"googlebot\": false,\n \"ipv6-linklocal\": false,\n \"majestic_million\": false,\n \"majestic_million_1M\": false,\n \"microsoft\": false,\n \"microsoft-attack-simulator\": false,\n \"microsoft-azure\": false,\n \"microsoft-azure-appid\": false,\n \"microsoft-azure-china\": false,\n \"microsoft-azure-germany\": false,\n \"microsoft-azure-us-gov\": false,\n \"microsoft-office365\": false,\n \"microsoft-office365-cn\": false,\n \"microsoft-office365-ip\": false,\n \"microsoft-win10-connection-endpoints\": false,\n \"moz-top500\": false,\n \"mozilla-CA\": false,\n \"mozilla-IntermediateCA\": false,\n \"multicast\": false,\n \"nioc-filehash\": false,\n \"ovh-cluster\": false,\n \"parking-domain\": false,\n \"parking-domain-ns\": false,\n \"phone_numbers\": false,\n \"public-dns-hostname\": false,\n \"public-dns-v4\": false,\n \"public-dns-v6\": false,\n \"public-ipfs-gateways\": false,\n \"rfc1918\": false,\n \"rfc3849\": false,\n \"rfc5735\": false,\n \"rfc6598\": false,\n \"rfc6761\": false,\n \"second-level-tlds\": false,\n \"security-provider-blogpost\": false,\n \"sinkholes\": false,\n \"smtp-receiving-ips\": false,\n \"smtp-sending-ips\": false,\n \"stackpath\": false,\n \"tenable-cloud-ipv4\": false,\n \"tenable-cloud-ipv6\": false,\n \"ti-falsepositives\": false,\n \"tlds\": false,\n \"tranco\": false,\n \"tranco10k\": false,\n \"university_domains\": false,\n \"url-shortener\": false,\n \"vpn-ipv4\": false,\n \"vpn-ipv6\": false,\n \"whats-my-ip\": false,\n \"wikimedia\": false\n},\n\"last_updated\": \"2023-05-18T21:08:30.819Z\",\n\"first_seen\": \"2023-02-20T00:47:56.000Z\",\n\"last_seen\": \"2023-03-24T12:50:12.000Z\"\n }" - } - ] + "events": [ + { + "@timestamp": "2023-03-24T12:50:12.000+0000", + "message": "{\n\"id\": \"url--bc5075be-1937-556b-9f66-1a5fa1df4a82\",\n\"mscore\": 100,\n\"type\": \"url\",\n\"value\": \"https://example.com/some/path\",\n\"is_exclusive\": true,\n\"is_publishable\": true,\n\"sources\": [\n {\n\"first_seen\": \"2023-02-20T00:47:56.000+0000\",\n\"last_seen\": \"2023-03-24T12:50:12.000+0000\",\n\"osint\": false,\n\"category\": [],\n\"source_name\": \"Mandiant\"\n },\n {\n\"first_seen\": \"2023-03-06T17:29:14.000+0000\",\n\"last_seen\": \"2023-03-06T17:29:14.000+0000\",\n\"osint\": false,\n\"category\": [],\n\"source_name\": \"Mandiant\"\n }\n],\n\"attributed_associations\": [\n {\n\"id\": \"threat-actor--6ca32cd4-0c60-5f0b-91fb-e6e590f1f10b\",\n\"name\": \"UNC961\",\n\"type\": \"threat-actor\"\n },\n {\n\"id\": \"malware--6c9e3c50-490d-5a8f-8ed6-56510a62055b\",\n\"name\": \"IHSBACKCONNECT\",\n\"type\": \"malware\"\n }\n],\n\"misp\": {\n \"akamai\": false,\n \"alexa\": false,\n \"alexa_1M\": false,\n \"amazon-aws\": false,\n \"apple\": false,\n \"automated-malware-analysis\": false,\n \"bank-website\": false,\n \"captive-portals\": false,\n \"cisco_1M\": false,\n \"cisco_top1000\": false,\n \"cisco_top10k\": false,\n \"cisco_top20k\": false,\n \"cisco_top5k\": false,\n \"cloudflare\": false,\n \"common-contact-emails\": false,\n \"common-ioc-false-positive\": false,\n \"covid\": false,\n \"covid-19-cyber-threat-coalition-whitelist\": false,\n \"covid-19-krassi-whitelist\": false,\n \"crl-hostname\": false,\n \"crl-ip\": false,\n \"dax30\": false,\n \"disposable-email\": false,\n \"dynamic-dns\": false,\n \"eicar.com\": false,\n \"empty-hashes\": false,\n \"fastly\": false,\n \"google\": false,\n \"google-chrome-crux-1million\": false,\n \"google-gcp\": false,\n \"google-gmail-sending-ips\": false,\n \"googlebot\": false,\n \"ipv6-linklocal\": false,\n \"majestic_million\": false,\n \"majestic_million_1M\": false,\n \"microsoft\": false,\n \"microsoft-attack-simulator\": false,\n \"microsoft-azure\": false,\n \"microsoft-azure-appid\": false,\n \"microsoft-azure-china\": false,\n \"microsoft-azure-germany\": false,\n \"microsoft-azure-us-gov\": false,\n \"microsoft-office365\": false,\n \"microsoft-office365-cn\": false,\n \"microsoft-office365-ip\": false,\n \"microsoft-win10-connection-endpoints\": false,\n \"moz-top500\": false,\n \"mozilla-CA\": false,\n \"mozilla-IntermediateCA\": false,\n \"multicast\": false,\n \"nioc-filehash\": false,\n \"ovh-cluster\": false,\n \"parking-domain\": false,\n \"parking-domain-ns\": false,\n \"phone_numbers\": false,\n \"public-dns-hostname\": false,\n \"public-dns-v4\": false,\n \"public-dns-v6\": false,\n \"public-ipfs-gateways\": false,\n \"rfc1918\": false,\n \"rfc3849\": false,\n \"rfc5735\": false,\n \"rfc6598\": false,\n \"rfc6761\": false,\n \"second-level-tlds\": false,\n \"security-provider-blogpost\": false,\n \"sinkholes\": false,\n \"smtp-receiving-ips\": false,\n \"smtp-sending-ips\": false,\n \"stackpath\": false,\n \"tenable-cloud-ipv4\": false,\n \"tenable-cloud-ipv6\": false,\n \"ti-falsepositives\": false,\n \"tlds\": false,\n \"tranco\": false,\n \"tranco10k\": false,\n \"university_domains\": false,\n \"url-shortener\": false,\n \"vpn-ipv4\": false,\n \"vpn-ipv6\": false,\n \"whats-my-ip\": false,\n \"wikimedia\": false\n},\n\"last_updated\": \"2023-05-18T21:08:30.819Z\",\n\"first_seen\": \"2023-02-20T00:47:56.000Z\",\n\"last_seen\": \"2023-03-24T12:50:12.000Z\"\n }" + } + ] } \ No newline at end of file diff --git a/packages/ti_mandiant_advantage/data_stream/threat_intelligence/_dev/test/system/test-default-config.yml b/packages/ti_mandiant_advantage/data_stream/threat_intelligence/_dev/test/system/test-default-config.yml index 54cd47486b7..a8425101ed5 100644 --- a/packages/ti_mandiant_advantage/data_stream/threat_intelligence/_dev/test/system/test-default-config.yml +++ b/packages/ti_mandiant_advantage/data_stream/threat_intelligence/_dev/test/system/test-default-config.yml @@ -11,4 +11,4 @@ data_stream: initial_interval: 10m min_ic_score: 0 assert: - hit_count: 3 \ No newline at end of file + hit_count: 3 diff --git a/packages/ti_mandiant_advantage/data_stream/threat_intelligence/fields/ecs.yml b/packages/ti_mandiant_advantage/data_stream/threat_intelligence/fields/ecs.yml index c077672803e..0090bbfe7aa 100644 --- a/packages/ti_mandiant_advantage/data_stream/threat_intelligence/fields/ecs.yml +++ b/packages/ti_mandiant_advantage/data_stream/threat_intelligence/fields/ecs.yml @@ -163,4 +163,4 @@ - external: ecs name: host.os.version - external: ecs - name: host.type \ No newline at end of file + name: host.type diff --git a/packages/ti_mandiant_advantage/data_stream/threat_intelligence/fields/fields.yml b/packages/ti_mandiant_advantage/data_stream/threat_intelligence/fields/fields.yml index 22831d53a68..f0034a0b7a6 100644 --- a/packages/ti_mandiant_advantage/data_stream/threat_intelligence/fields/fields.yml +++ b/packages/ti_mandiant_advantage/data_stream/threat_intelligence/fields/fields.yml @@ -1,44 +1,44 @@ - name: mandiant.threat_intelligence.ioc type: group fields: - - name: first_seen - type: date - description: IOC first seen date. - - name: last_seen - type: date - description: IOC last seen date. - - name: last_update_date - type: date - description: IOC last update date. - - name: sources - type: object - object_type: keyword - description: List of the indicator sources. - - name: attributed_associations - type: object - object_type: keyword - description: List of attributed associations that this indicator has to other Malware families or Actors. - - name: associated_hashes - type: object - object_type: keyword - description: List of associated hashes and their types. - - name: mscore - type: integer - description: M-Score (IC-Score) between 0 - 100. - - name: type - type: keyword - description: IOC type. - - name: value - type: keyword - description: IOC value. - ignore_above: 4096 - - name: id - type: keyword - description: IOC internal ID. - ignore_above: 4096 - - name: is_exclusive - type: boolean - description: Whether the indicator is exclusive to Mandiant or not. - - name: categories - type: keyword - description: Categories associated with this indicator. \ No newline at end of file + - name: first_seen + type: date + description: IOC first seen date. + - name: last_seen + type: date + description: IOC last seen date. + - name: last_update_date + type: date + description: IOC last update date. + - name: sources + type: object + object_type: keyword + description: List of the indicator sources. + - name: attributed_associations + type: object + object_type: keyword + description: List of attributed associations that this indicator has to other Malware families or Actors. + - name: associated_hashes + type: object + object_type: keyword + description: List of associated hashes and their types. + - name: mscore + type: integer + description: M-Score (IC-Score) between 0 - 100. + - name: type + type: keyword + description: IOC type. + - name: value + type: keyword + description: IOC value. + ignore_above: 4096 + - name: id + type: keyword + description: IOC internal ID. + ignore_above: 4096 + - name: is_exclusive + type: boolean + description: Whether the indicator is exclusive to Mandiant or not. + - name: categories + type: keyword + description: Categories associated with this indicator. diff --git a/packages/ti_mandiant_advantage/data_stream/threat_intelligence/manifest.yml b/packages/ti_mandiant_advantage/data_stream/threat_intelligence/manifest.yml index df0eb958f76..da0dc258fd6 100644 --- a/packages/ti_mandiant_advantage/data_stream/threat_intelligence/manifest.yml +++ b/packages/ti_mandiant_advantage/data_stream/threat_intelligence/manifest.yml @@ -1,70 +1,70 @@ title: "Mandiant Threat Intelligence" type: logs streams: -- input: httpjson - title: Mandiant Threat Intelligence - description: Collect IOCs from Mandiant Threat Intelligence - template_path: httpjson.yml.hbs - vars: - - name: mati_api_key_id - type: text - title: Threat Intelligence API Key ID - description: Key ID for the Threat Intelligence API. - multi: false - required: true - show_user: true - - name: mati_api_key_secret - type: password - title: Threat Intelligence API Key Secret - description: Key Secret for the Threat Intelligence API. - multi: false - required: true - show_user: true - - name: interval - type: text - title: Interval - description: Interval at which the indicators will be pulled. Supported units for this parameter are h/m/s. - multi: false - required: true - show_user: true - default: 1h - - name: initial_interval - type: text - title: Initial Interval - description: 'The time in the past to start the collection of Indicator data from, based on an indicators last_update date. NOTE: Supported units for this parameter are h/m/s.' - default: 720h - multi: false - required: true - show_user: true - - name: min_ic_score - type: text - title: Minimum IC-Score - description: "Indicators that have an IC-Score greater than or equal to the given value will be collected. Indicators with any IC-Score will be collected if the value is set to 0." - multi: false - default: 80 - required: false - show_user: true - - name: tags - type: text - title: Tags - multi: true - show_user: false - default: - - forwarded - - mandiant-threat-intelligence-indicator - - name: url - type: text - title: Threat Intelligence URL - default: https://api.intelligence.mandiant.com - description: Mandiant Threat Intelligence API Endpoint. - multi: false - required: true - show_user: false - - name: preserve_original_event - required: true - show_user: true - title: Preserve original event - description: Preserves a raw copy of the original event, added to the field `event.original`. - type: bool - multi: false - default: false \ No newline at end of file + - input: httpjson + title: Mandiant Threat Intelligence + description: Collect IOCs from Mandiant Threat Intelligence + template_path: httpjson.yml.hbs + vars: + - name: mati_api_key_id + type: text + title: Threat Intelligence API Key ID + description: Key ID for the Threat Intelligence API. + multi: false + required: true + show_user: true + - name: mati_api_key_secret + type: password + title: Threat Intelligence API Key Secret + description: Key Secret for the Threat Intelligence API. + multi: false + required: true + show_user: true + - name: interval + type: text + title: Interval + description: Interval at which the indicators will be pulled. Supported units for this parameter are h/m/s. + multi: false + required: true + show_user: true + default: 1h + - name: initial_interval + type: text + title: Initial Interval + description: 'The time in the past to start the collection of Indicator data from, based on an indicators last_update date. NOTE: Supported units for this parameter are h/m/s.' + default: 720h + multi: false + required: true + show_user: true + - name: min_ic_score + type: text + title: Minimum IC-Score + description: "Indicators that have an IC-Score greater than or equal to the given value will be collected. Indicators with any IC-Score will be collected if the value is set to 0." + multi: false + default: 80 + required: false + show_user: true + - name: tags + type: text + title: Tags + multi: true + show_user: false + default: + - forwarded + - mandiant-threat-intelligence-indicator + - name: url + type: text + title: Threat Intelligence URL + default: https://api.intelligence.mandiant.com + description: Mandiant Threat Intelligence API Endpoint. + multi: false + required: true + show_user: false + - name: preserve_original_event + required: true + show_user: true + title: Preserve original event + description: Preserves a raw copy of the original event, added to the field `event.original`. + type: bool + multi: false + default: false diff --git a/packages/ti_mandiant_advantage/data_stream/threat_intelligence/sample_event.json b/packages/ti_mandiant_advantage/data_stream/threat_intelligence/sample_event.json index 52880c95e65..92a0a1a0a7d 100644 --- a/packages/ti_mandiant_advantage/data_stream/threat_intelligence/sample_event.json +++ b/packages/ti_mandiant_advantage/data_stream/threat_intelligence/sample_event.json @@ -1,104 +1,104 @@ { - "@timestamp": "2023-05-05T15:45:59.710Z", - "ecs": { - "version": "8.7.0" - }, - "event": { - "category": [ - "threat" - ], - "kind": "enrichment", - "module": "ti_mandiant_advantage_threat_intelligence", - "risk_score": 50.0, - "type": [ - "indicator" - ] - }, - "mandiant": { - "threat_intelligence": { - "ioc": { - "categories": [ - "exploit/vuln-scanning", - "exploit", - "spam/sender", - "spam" - ], - "first_seen": "2022-06-18T23:22:01.000Z", - "id": "ipv4--af6febd0-3351-5b32-a66c-bbac306c7360", - "last_seen": "2023-03-23T23:22:01.000Z", - "last_update_date": "2023-05-05T15:45:59.710Z", - "mscore": 50, - "sources": [ - { - "first_seen": "2022-09-22T23:40:00.911+0000", - "last_seen": "2022-09-23T00:33:09.000+0000", - "osint": true, - "source_name": "voipbl" - }, - { - "category": [ - "exploit/vuln-scanning", - "exploit" - ], - "first_seen": "2022-09-14T09:20:00.904+0000", - "last_seen": "2023-02-24T18:20:00.857+0000", - "osint": true, - "source_name": "greensnow" - }, - { - "category": [ - "spam/sender", - "spam" - ], - "first_seen": "2022-06-18T23:22:01.386+0000", - "last_seen": "2023-03-23T23:22:01.308+0000", - "osint": true, - "source_name": "sblam_blacklist" - }, - { - "first_seen": "2022-09-14T23:34:04.312+0000", - "last_seen": "2022-09-23T00:33:09.000+0000", - "osint": true, - "source_name": "blocklist_net_ua" - } + "@timestamp": "2023-05-05T15:45:59.710Z", + "ecs": { + "version": "8.7.0" + }, + "event": { + "category": [ + "threat" ], - "type": "ipv4", - "value": "1.128.3.4" - } - } - }, - "related": { - "ip": [ - "1.128.3.4" - ] - }, - "threat": { - "feed": { - "name": "Mandiant Threat Intelligence" + "kind": "enrichment", + "module": "ti_mandiant_advantage_threat_intelligence", + "risk_score": 50.0, + "type": [ + "indicator" + ] }, - "indicator": { - "as": { - "number": 1221, - "organization": { - "name": "Telstra Pty Ltd" + "mandiant": { + "threat_intelligence": { + "ioc": { + "categories": [ + "exploit/vuln-scanning", + "exploit", + "spam/sender", + "spam" + ], + "first_seen": "2022-06-18T23:22:01.000Z", + "id": "ipv4--af6febd0-3351-5b32-a66c-bbac306c7360", + "last_seen": "2023-03-23T23:22:01.000Z", + "last_update_date": "2023-05-05T15:45:59.710Z", + "mscore": 50, + "sources": [ + { + "first_seen": "2022-09-22T23:40:00.911+0000", + "last_seen": "2022-09-23T00:33:09.000+0000", + "osint": true, + "source_name": "voipbl" + }, + { + "category": [ + "exploit/vuln-scanning", + "exploit" + ], + "first_seen": "2022-09-14T09:20:00.904+0000", + "last_seen": "2023-02-24T18:20:00.857+0000", + "osint": true, + "source_name": "greensnow" + }, + { + "category": [ + "spam/sender", + "spam" + ], + "first_seen": "2022-06-18T23:22:01.386+0000", + "last_seen": "2023-03-23T23:22:01.308+0000", + "osint": true, + "source_name": "sblam_blacklist" + }, + { + "first_seen": "2022-09-14T23:34:04.312+0000", + "last_seen": "2022-09-23T00:33:09.000+0000", + "osint": true, + "source_name": "blocklist_net_ua" + } + ], + "type": "ipv4", + "value": "1.128.3.4" + } + } + }, + "related": { + "ip": [ + "1.128.3.4" + ] + }, + "threat": { + "feed": { + "name": "Mandiant Threat Intelligence" + }, + "indicator": { + "as": { + "number": 1221, + "organization": { + "name": "Telstra Pty Ltd" + } + }, + "confidence": "Medium", + "first_seen": "2022-06-18T23:22:01.000Z", + "ip": "1.128.3.4", + "last_seen": "2023-03-23T23:22:01.000Z", + "marking": { + "tlp": "GREEN", + "tlp_version": "2.0" + }, + "modified_at": "2023-05-05T15:45:59.710Z", + "provider": [ + "voipbl", + "greensnow", + "sblam_blacklist", + "blocklist_net_ua" + ], + "type": "ipv4-addr" } - }, - "confidence": "Medium", - "first_seen": "2022-06-18T23:22:01.000Z", - "ip": "1.128.3.4", - "last_seen": "2023-03-23T23:22:01.000Z", - "marking": { - "tlp": "GREEN", - "tlp_version": "2.0" - }, - "modified_at": "2023-05-05T15:45:59.710Z", - "provider": [ - "voipbl", - "greensnow", - "sblam_blacklist", - "blocklist_net_ua" - ], - "type": "ipv4-addr" } - } } \ No newline at end of file diff --git a/packages/ti_mandiant_advantage/manifest.yml b/packages/ti_mandiant_advantage/manifest.yml index 46cb6b4b827..ab605ac8546 100644 --- a/packages/ti_mandiant_advantage/manifest.yml +++ b/packages/ti_mandiant_advantage/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.0.0 name: ti_mandiant_advantage title: "Mandiant Advantage" -version: 0.1.0 +version: 1.0.0 source: license: "Elastic-2.0" description: "Collect Threat Intelligence from products within the Mandiant Advantage platform." diff --git a/packages/ti_opencti/changelog.yml b/packages/ti_opencti/changelog.yml index b0e67919e52..15c06d270e9 100644 --- a/packages/ti_opencti/changelog.yml +++ b/packages/ti_opencti/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.0.0" + changes: + - description: Release package as GA. + type: enhancement + link: https://github.com/elastic/integrations/pull/8833 - version: "0.3.5" changes: - description: Keep expected nulls, improve error handling diff --git a/packages/ti_opencti/data_stream/indicator/_dev/test/pipeline/test-domain-name-with-external-reference.json b/packages/ti_opencti/data_stream/indicator/_dev/test/pipeline/test-domain-name-with-external-reference.json index 84a9922cb08..71bccb30875 100644 --- a/packages/ti_opencti/data_stream/indicator/_dev/test/pipeline/test-domain-name-with-external-reference.json +++ b/packages/ti_opencti/data_stream/indicator/_dev/test/pipeline/test-domain-name-with-external-reference.json @@ -1,77 +1,77 @@ { - "events": [ - { - "confidence": 0, - "created": "2023-11-02T00:17:00.295Z", - "createdBy": { - "identity_class": "organization", - "name": "Stopforumspam" - }, - "description": "Stopforumspam", - "externalReferences": { - "edges": [ - { - "node": { - "description": "Stopforumspam feed URL", - "source_name": "stopforumspam", - "url": "https://www.stopforumspam.com/downloads/toxic_domains_whole_filtered_50000.txt" - } - }, - { - "node": { - "external_id": null, - "source_name": "MISC", - "url": "https://example.com/CVE-0079-1234", - "description": null - } - } - ] - }, - "id": "fcfa872e-a8b6-4525-847e-f3c756b70035", - "is_inferred": false, - "killChainPhases": { - "edges": null - }, - "lang": "en", - "modified": "2023-11-09T23:22:20.586Z", - "name": "freelifetimexxxdates.com", - "objectLabel": { - "edges": [ - { - "node": { - "value": "spam" - } - } - ] - }, - "objectMarking": { - "edges": null - }, - "observables": { - "edges": [ - { - "node": { - "entity_type": "Domain-Name", - "id": "cc34949a-5a6f-4595-afec-c3bf98c62a7d", - "observable_value": "freelifetimexxxdates.com", - "standard_id": "domain-name--726e8863-8941-5a1b-b345-1f0131902233", - "value": "freelifetimexxxdates.com" - } - } - ], - "pageInfo": { - "globalCount": 1 + "events": [ + { + "confidence": 0, + "created": "2023-11-02T00:17:00.295Z", + "createdBy": { + "identity_class": "organization", + "name": "Stopforumspam" + }, + "description": "Stopforumspam", + "externalReferences": { + "edges": [ + { + "node": { + "description": "Stopforumspam feed URL", + "source_name": "stopforumspam", + "url": "https://www.stopforumspam.com/downloads/toxic_domains_whole_filtered_50000.txt" + } + }, + { + "node": { + "external_id": null, + "source_name": "MISC", + "url": "https://example.com/CVE-0079-1234", + "description": null + } + } + ] + }, + "id": "fcfa872e-a8b6-4525-847e-f3c756b70035", + "is_inferred": false, + "killChainPhases": { + "edges": null + }, + "lang": "en", + "modified": "2023-11-09T23:22:20.586Z", + "name": "freelifetimexxxdates.com", + "objectLabel": { + "edges": [ + { + "node": { + "value": "spam" + } + } + ] + }, + "objectMarking": { + "edges": null + }, + "observables": { + "edges": [ + { + "node": { + "entity_type": "Domain-Name", + "id": "cc34949a-5a6f-4595-afec-c3bf98c62a7d", + "observable_value": "freelifetimexxxdates.com", + "standard_id": "domain-name--726e8863-8941-5a1b-b345-1f0131902233", + "value": "freelifetimexxxdates.com" + } + } + ], + "pageInfo": { + "globalCount": 1 + } + }, + "pattern": "[domain-name:value = 'freelifetimexxxdates.com']", + "pattern_type": "stix", + "revoked": false, + "standard_id": "indicator--08a7e875-2ce4-50ab-a8de-2915addd93c4", + "valid_from": "2023-11-09T23:22:19.426Z", + "valid_until": "2024-11-08T23:22:19.426Z", + "x_opencti_detection": false, + "x_opencti_main_observable_type": "Domain-Name", + "x_opencti_score": 60 } - }, - "pattern": "[domain-name:value = 'freelifetimexxxdates.com']", - "pattern_type": "stix", - "revoked": false, - "standard_id": "indicator--08a7e875-2ce4-50ab-a8de-2915addd93c4", - "valid_from": "2023-11-09T23:22:19.426Z", - "valid_until": "2024-11-08T23:22:19.426Z", - "x_opencti_detection": false, - "x_opencti_main_observable_type": "Domain-Name", - "x_opencti_score": 60 - } - ] + ] } diff --git a/packages/ti_opencti/manifest.yml b/packages/ti_opencti/manifest.yml index 1581f13997a..e6336e08060 100644 --- a/packages/ti_opencti/manifest.yml +++ b/packages/ti_opencti/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.0" name: ti_opencti title: OpenCTI -version: "0.3.5" +version: "1.0.0" description: "Ingest threat intelligence indicators from OpenCTI with Elastic Agent." type: integration source: diff --git a/packages/trellix_edr_cloud/changelog.yml b/packages/trellix_edr_cloud/changelog.yml index f4ae666cbb7..ae05caca1db 100644 --- a/packages/trellix_edr_cloud/changelog.yml +++ b/packages/trellix_edr_cloud/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.0.0" + changes: + - description: Release package as GA. + type: enhancement + link: https://github.com/elastic/integrations/pull/8833 - version: 0.6.0 changes: - description: ECS version updated to 8.11.0. diff --git a/packages/trellix_edr_cloud/manifest.yml b/packages/trellix_edr_cloud/manifest.yml index 08e223ab218..57c2f900f73 100644 --- a/packages/trellix_edr_cloud/manifest.yml +++ b/packages/trellix_edr_cloud/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.0" name: trellix_edr_cloud title: Trellix EDR Cloud -version: "0.6.0" +version: "1.0.0" description: Collect logs from Trellix EDR Cloud with Elastic Agent. type: integration categories: diff --git a/packages/wiz/changelog.yml b/packages/wiz/changelog.yml index 0c4a532e9f2..b043944b106 100644 --- a/packages/wiz/changelog.yml +++ b/packages/wiz/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.0.0" + changes: + - description: Release package as GA. + type: enhancement + link: https://github.com/elastic/integrations/pull/8833 - version: "0.4.0" changes: - description: Limit request tracer log count to five. diff --git a/packages/wiz/manifest.yml b/packages/wiz/manifest.yml index 1b3f28225fc..89714f1b598 100644 --- a/packages/wiz/manifest.yml +++ b/packages/wiz/manifest.yml @@ -1,14 +1,16 @@ -format_version: 2.9.0 +format_version: 3.0.0 name: wiz title: Wiz -version: "0.4.0" +version: "1.0.0" description: Collect logs from Wiz with Elastic Agent. type: integration categories: - security conditions: - kibana.version: "^8.10.1" - elastic.subscription: "basic" + kibana: + version: "^8.10.1" + elastic: + subscription: "basic" screenshots: - src: /img/wiz-audit-dashboard.png title: Wiz Audit Dashboard Screenshot @@ -102,3 +104,4 @@ policy_templates: # -----END CERTIFICATE----- owner: github: elastic/security-external-integrations + type: elastic diff --git a/packages/wiz/validation.yml b/packages/wiz/validation.yml new file mode 100644 index 00000000000..d291922c236 --- /dev/null +++ b/packages/wiz/validation.yml @@ -0,0 +1,3 @@ +errors: + exclude_checks: + - SVR00002 # Mandatory filters in dashboards