elastic
diff --git a/‎packages/checkpoint/changelog.yml‎
Lines changed: 5 additions & 0 deletions b/‎packages/checkpoint/changelog.yml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-checkpoint.log-expected.json‎
Lines changed: 1 addition & 1 deletion b/‎packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-checkpoint.log-expected.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/checkpoint/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml‎
Lines changed: 27 additions & 0 deletions b/‎packages/checkpoint/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml‎
Lines changed: 27 additions & 0 deletions
diff --git a/‎packages/checkpoint/data_stream/firewall/fields/fields.yml‎
Lines changed: 1 addition & 1 deletion b/‎packages/checkpoint/data_stream/firewall/fields/fields.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/checkpoint/docs/README.md‎
Lines changed: 1 addition & 1 deletion b/‎packages/checkpoint/docs/README.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/checkpoint/manifest.yml‎
Lines changed: 1 addition & 1 deletion b/‎packages/checkpoint/manifest.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/github/changelog.yml‎
Lines changed: 5 additions & 0 deletions b/‎packages/github/changelog.yml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎packages/github/data_stream/dependabot/fields/fields.yml‎
Lines changed: 1 addition & 1 deletion b/‎packages/github/data_stream/dependabot/fields/fields.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/github/docs/README.md‎
Lines changed: 1 addition & 1 deletion b/‎packages/github/docs/README.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/github/manifest.yml‎
Lines changed: 1 addition & 1 deletion b/‎packages/github/manifest.yml‎
Lines changed: 1 addition & 1 deletion
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.24.0"
+ changes:
+ - description: Ensure `checkpoint.subs_exp` is a date.
+ type: enhancement
+ link: https://github.com/elastic/integrations/pull/7714
 - version: "1.23.0"
  changes:
  - description: Update package to ECS 8.9.0.
 
@@ -1509,7 +1509,7 @@
  "log_id": "4",
  "origin_sic_name": "CN=NPFDCA00002,O=NPMDCM00001.domain.com.r44cbg",
  "special_properties": "0",
- "subs_exp": "Tue Jan 1 00:00:00 2030",
+ "subs_exp": "2030-01-01T00:00:00.000Z",
  "subscription_stat": "valid",
  "subscription_stat_desc": "Contract is up to date."
  },
 
@@ -655,6 +655,33 @@ processors:
  } else if (iana_number == '132') {
  ctx.network.transport = 'sctp';
  }
+ - date:
+ field: checkpoint.subs_exp
+ target_field: checkpoint.subs_exp
+ timezone: "{{{ event.timezone }}}"
+ formats:
+ - 'EEE MMM dd HH:mm:ss yyyy'
+ - 'EEE MMM d HH:mm:ss yyyy'
+ - 'EEE MMM d HH:mm:ss yyyy'
+ - ISO8601
+ - UNIX
+ if: "ctx.checkpoint?.subs_exp != null"
+ on_failure:
+ # Try to re-parse as UTC to catch when TZ is invalid or unknown.
+ - date:
+ tag: "date_utc_fallback"
+ field: checkpoint.subs_exp
+ target_field: checkpoint.subs_exp
+ formats:
+ - 'EEE MMM dd HH:mm:ss yyyy'
+ - 'EEE MMM d HH:mm:ss yyyy'
+ - 'EEE MMM d HH:mm:ss yyyy'
+ - ISO8601
+ - UNIX
+ on_failure:
+ - remove:
+ field: checkpoint.subs_exp
+ ignore_missing: true
  - convert:
  field: checkpoint.packets
  type: long
 
@@ -1467,7 +1467,7 @@
  description: |
  Layer uid.
  - name: subs_exp
- type: keyword
+ type: date
  - name: subscriber
  type: ip
  description: |
 
@@ -518,7 +518,7 @@ An example event for `firewall` looks as following:
 | checkpoint.stormagentname | | keyword |
 | checkpoint.sub_policy_name | Layer name. | keyword |
 | checkpoint.sub_policy_uid | Layer uid. | keyword |
-| checkpoint.subs_exp | | keyword |
+| checkpoint.subs_exp | | date |
 | checkpoint.subscriber | Source IP before CGNAT. | ip |
 | checkpoint.subscription_stat | | keyword |
 | checkpoint.subscription_stat_desc | | keyword |
 
@@ -1,6 +1,6 @@
 name: checkpoint
 title: Check Point
-version: "1.23.0"
+version: "1.24.0"
 description: Collect logs from Check Point with Elastic Agent.
 type: integration
 format_version: 2.7.0
 
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.20.1"
+ changes:
+ - description: Make datastreams agree on type of `github.repository.description`.
+ type: bugfix
+ link: https://github.com/elastic/integrations/pull/7714
 - version: "1.20.0"
  changes:
  - description: Add support for `github.permission` and `github.repository_public` fields.
 
@@ -289,7 +289,7 @@
 
  fields:
  - name: description
- type: keyword
+ type: text
  description: >
  The description of the repository.
 
 
@@ -566,7 +566,7 @@ To use this integration, you must be an administrator for the repository or for
 | github.dependabot.vulnerable_manifest_filename | The vulnerable manifest filename. | keyword |
 | github.dependabot.vulnerable_manifest_path | The vulnerable manifest path. | keyword |
 | github.dependabot.vulnerable_requirements | The vulnerable requirements. | keyword |
-| github.repository.description | The description of the repository. | keyword |
+| github.repository.description | The description of the repository. | text |
 | github.repository.is_in_organization | Indicates if a repository is either owned by an organization, or is a private fork of an organization repository. | boolean |
 | github.repository.is_private | Identifies if the repository is private or internal. | boolean |
 | github.repository.name | Identifies if the repository is private or internal. | keyword |
 
@@ -1,6 +1,6 @@
 name: github
 title: GitHub
-version: "1.20.0"
+version: "1.20.1"
 description: Collect logs from GitHub with Elastic Agent.
 type: integration
 format_version: 2.9.0