Merge branch 'main' into fr-attributevalue

Author: w0rk3r

packages/aws_bedrock/changelog.yml

@@ -1,3 +1,8 @@
+- version: "0.1.2"
+ changes:
+ - description: Add documentation image.
+ type: bugfix
+ link: https://github.com/elastic/integrations/pull/9831
 - version: "0.1.1"
  changes:
  - description: Fix documentation markdown.

packages/aws_bedrock/img/add_aws_bedrock.png

@@ -3,7 +3,7 @@ name: aws_bedrock
 title: AWS Bedrock
 description: Collect AWS Bedrock model invocation logs with Elastic Agent.
 type: integration
-version: "0.1.1"
+version: "0.1.2"
 categories:
  - aws
 conditions:
@@ -22,6 +22,11 @@ policy_templates:
  - type: aws-cloudwatch
  title: Collect Logs from CloudWatch
  description: Collect bedrock logs from CloudWatch with Elastic Agent.
+screenshots:
+ - src: /img/add_aws_bedrock.png
+ title: Overview
+ size: 805x1921
+ type: image/png
 icons:
  - src: "/img/icon.svg"
  type: "image/svg+xml"

packages/aws_bedrock/manifest.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.17.1"
+ changes:
+ - description: Add ignore_failure to the community_id processor in the ingest node pipeline.
+ type: bugfix
+ link: https://github.com/elastic/integrations/pull/9837
 - version: "2.17.0"
  changes:
  - description: Update package spec to 3.0.3.

packages/cef/changelog.yml

@@ -106,6 +106,8 @@ processors:
  name: '{{ IngestPipeline "cp-pipeline" }}'
  tag: checkpoint pipeline
  - community_id:
+ ignore_missing: true
+ ignore_failure: true
  tag: community id processor
  # Ensure source.mac and destination.mac are formatted to ECS specifications.
  - gsub:

packages/cef/data_stream/log/elasticsearch/ingest_pipeline/default.yml

@@ -1,6 +1,6 @@
 name: cef
 title: Common Event Format (CEF)
-version: "2.17.0"
+version: "2.17.1"
 description: Collect logs from CEF Logs with Elastic Agent.
 categories:
  - security

packages/cef/manifest.yml

@@ -1 +1 @@
-{"BotDetectionIDs":[7,8,9],"BotScore":20,"BotScoreSrc":"Verified Bot","BotTags":["bing","api"],"CacheCacheStatus":"dynamic","CacheResponseBytes":983828,"CacheResponseStatus":200,"CacheTieredFill":false,"ClientASN":43766,"ClientCountry":"sa","ClientDeviceType":"desktop","ClientIP":"175.16.199.0","ClientIPClass":"noRecord","ClientMTLSAuthCertFingerprint":"Fingerprint","ClientMTLSAuthStatus":"unknown","ClientRequestBytes":5800,"ClientRequestHost":"xyz.example.com","ClientRequestMethod":"POST","ClientRequestPath":"/xyz/checkout","ClientRequestProtocol":"HTTP/1.1","ClientRequestReferer":"https://example.com/s/example/default?sourcerer=(default:(id:!n,selectedPatterns:!(example,%27logs-endpoint.*-example%27,%27logs-system.*-example%27,%27logs-windows.*-example%27)))&timerange=(global:(linkTo:!(),timerange:(from:%272022-05-16T06:26:36.340Z%27,fromStr:now-24h,kind:relative,to:%272022-05-17T06:26:36.340Z%27,toStr:now)),timeline:(linkTo:!(),timerange:(from:%272022-04-17T22:00:00.000Z%27,kind:absolute,to:%272022-04-18T21:59:59.999Z%27)))&timeline=(activeTab:notes,graphEventId:%27%27,id:%279844bdd4-4dd6-5b22-ab40-3cd46fce8d6b%27,isOpen:!t)","ClientRequestScheme":"https","ClientRequestSource":"edgeWorkerFetch","ClientRequestURI":"/s/example/api/telemetry/v2/clusters/_stats","ClientRequestUserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36","ClientSrcPort":0,"ClientSSLCipher":"NONE","ClientSSLProtocol":"TLSv1.2","ClientTCPRTTMs":0,"ClientXRequestedWith":"Request With","Cookies":{"key":"value"},"EdgeCFConnectingO2O":false,"EdgeColoCode":"RUH","EdgeColoID":339,"EdgeEndTimestamp":"2022-05-25T13:25:32Z","EdgePathingOp":"wl","EdgePathingSrc":"macro","EdgePathingStatus":"nr","EdgeRateLimitAction":"unknown","EdgeRateLimitID":0,"EdgeRequestHost":"abc.example.com","EdgeResponseBodyBytes":980397,"EdgeResponseBytes":981308,"EdgeResponseCompressionRatio":0,"EdgeResponseContentType":"application/json","EdgeResponseStatus":200,"EdgeServerIP":"1.128.0.0","EdgeStartTimestamp":"2022-05-25T13:25:26Z","EdgeTimeToFirstByteMs":5333,"OriginDNSResponseTimeMs":3,"OriginIP":"67.43.156.0","OriginRequestHeaderSendDurationMs":0,"OriginResponseBytes":0,"OriginResponseDurationMs":5319,"OriginResponseHeaderReceiveDurationMs":5155,"OriginResponseHTTPExpires":"2022-05-27T13:25:26Z","OriginResponseHTTPLastModified":"2022-05-26T13:25:26Z","OriginResponseStatus":200,"OriginResponseTime":5232000000,"OriginSSLProtocol":"TLSv1.2","OriginTCPHandshakeDurationMs":24,"OriginTLSHandshakeDurationMs":53,"ParentRayID":"710e98d93d50357d","RayID":"710e98d9367f357d","SecurityLevel":"off","SmartRouteColoID":20,"UpperTierColoID":0,"SecurityAction":"unknown","WAFFlags":"0","WAFMatchedVar":"example","WAFProfile":"unknown","SecurityRuleID":"98d93d5","SecurityRuleDescription":"matchad variable message","WorkerCPUTime":0,"WorkerStatus":"unknown","WorkerSubrequest":true,"WorkerSubrequestCount":0,"ZoneID":393347122,"ZoneName":"example.com"}
+{"BotDetectionIDs":[7,8,9],"BotScore":20,"BotScoreSrc":"Verified Bot","BotTags":["bing","api"],"CacheCacheStatus":"dynamic","CacheResponseBytes":983828,"CacheResponseStatus":200,"CacheTieredFill":false,"ClientASN":43766,"ClientCountry":"sa","ClientDeviceType":"desktop","ClientIP":"175.16.199.0","ClientIPClass":"noRecord","ClientMTLSAuthCertFingerprint":"Fingerprint","ClientMTLSAuthStatus":"unknown","ClientRequestBytes":5800,"ClientRequestHost":"xyz.example.com","ClientRequestMethod":"POST","ClientRequestPath":"/xyz/checkout","ClientRequestProtocol":"HTTP/1.1","ClientRequestReferer":"https://example.com/s/example/default?sourcerer=(default:(id:!n,selectedPatterns:!(example,%27logs-endpoint.*-example%27,%27logs-system.*-example%27,%27logs-windows.*-example%27)))&timerange=(global:(linkTo:!(),timerange:(from:%272022-05-16T06:26:36.340Z%27,fromStr:now-24h,kind:relative,to:%272022-05-17T06:26:36.340Z%27,toStr:now)),timeline:(linkTo:!(),timerange:(from:%272022-04-17T22:00:00.000Z%27,kind:absolute,to:%272022-04-18T21:59:59.999Z%27)))&timeline=(activeTab:notes,graphEventId:%27%27,id:%279844bdd4-4dd6-5b22-ab40-3cd46fce8d6b%27,isOpen:!t)","ClientRequestScheme":"https","ClientRequestSource":"edgeWorkerFetch","ClientRequestURI":"/s/example/api/telemetry/v2/clusters/_stats","ClientRequestUserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36","ClientSrcPort":0,"ClientSSLCipher":"NONE","ClientSSLProtocol":"TLSv1.2","ClientTCPRTTMs":0,"ClientXRequestedWith":"Request With","Cookies":{"key":"value"},"EdgeCFConnectingO2O":false,"EdgeColoCode":"RUH","EdgeColoID":339,"EdgeEndTimestamp":"2022-05-25T13:25:32Z","EdgePathingOp":"wl","EdgePathingSrc":"macro","EdgePathingStatus":"nr","EdgeRateLimitAction":"unknown","EdgeRateLimitID":0,"EdgeRequestHost":"abc.example.com","EdgeResponseBodyBytes":980397,"EdgeResponseBytes":981308,"EdgeResponseCompressionRatio":0,"EdgeResponseContentType":"application/json","EdgeResponseStatus":200,"EdgeServerIP":"1.128.0.0","EdgeStartTimestamp":"2022-05-25T13:25:26Z","EdgeTimeToFirstByteMs":5333,"OriginDNSResponseTimeMs":3,"OriginIP":"67.43.156.0","OriginRequestHeaderSendDurationMs":0,"OriginResponseBytes":0,"OriginResponseDurationMs":5319,"OriginResponseHeaderReceiveDurationMs":5155,"OriginResponseHTTPExpires":"2022-05-27T13:25:26Z","OriginResponseHTTPLastModified":"2022-05-26T13:25:26Z","OriginResponseStatus":200,"OriginResponseTime":5232000000,"OriginSSLProtocol":"TLSv1.2","OriginTCPHandshakeDurationMs":24,"OriginTLSHandshakeDurationMs":53,"ParentRayID":"710e98d93d50357d","RayID":"710e98d9367f357d","SecurityLevel":"off","SmartRouteColoID":20,"UpperTierColoID":0,"SecurityAction":"unknown","WAFAttackScore":50,"WAFRCEAttackScore":1,"WAFSQLiAttackScore":99,"WAFXSSAttackScore":90,"WAFFlags":"0","WAFMatchedVar":"example","WAFProfile":"unknown","SecurityRuleID":"98d93d5","SecurityRuleDescription":"matchad variable message","WorkerCPUTime":0,"WorkerStatus":"unknown","WorkerSubrequest":true,"WorkerSubrequestCount":0,"ZoneID":393347122,"ZoneName":"example.com"}

packages/cloudflare_logpush/_dev/deploy/docker/sample_logs/http_request.log

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.19.0"
+ changes:
+ - description: Support new WAF AttackScore fields from HTTP Requests logs.
+ type: enhancement
+ link: https://github.com/elastic/integrations/pull/9810
 - version: "1.18.0"
  changes:
  - description: Set sensitive values as secret.