Merge branch 'main' into ti_google_threat_intelligence_phase_1

Author: niraj-crest

packages/aws/_dev/build/docs/README.md

@@ -91,6 +91,7 @@ There are a few ways to provide AWS credentials:
 * Use temporary security credentials
 * Use a shared credentials file
 * Use an IAM role Amazon Resource Name (ARN)
+* Use an EC2 instance's IAM Role
 
 #### Use access keys directly
 
@@ -163,6 +164,19 @@ Note: If `role_arn` is given, the package will check if access keys are given.
 If they are not given, the package will check for a credential profile name.
 If neither is given, the default credential profile will be used. 
 
+#### Use an EC2 instance's IAM Role
+
+When Elastic Agent runs on an EC2 instance that has an IAM role attached via an instance profile, it can automatically authenticate to AWS services using a temporary access key pair and session token provided by the Instance Metadata Service (IMDS). For more details see [IAM roles for Amazon EC2](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html).
+
+To use the IAM role attached to the EC2 instance, leave all of the following options empty:
+
+* `access_key_id`
+* `secret_access_key`
+* `session_token`
+* `credential_profile_name`
+* `shared_credential_file`
+* `role_arn`
+
 ### AWS Permissions
 
 Specific AWS permissions are required for the IAM user to make specific AWS API calls.

packages/aws/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "3.3.2"
+ changes:
+ - description: Update README - EC2 Instance IAM Role for AWS Authentication
+ type: enhancement
+ link: https://github.com/elastic/integrations/pull/13434
 - version: "3.3.1"
  changes:
  - description: Fix handling of duplicate fields in Network Firewall Logs data stream.

packages/aws/docs/README.md

@@ -91,6 +91,7 @@ There are a few ways to provide AWS credentials:
 * Use temporary security credentials
 * Use a shared credentials file
 * Use an IAM role Amazon Resource Name (ARN)
+* Use an EC2 instance's IAM Role
 
 #### Use access keys directly
 
@@ -163,6 +164,19 @@ Note: If `role_arn` is given, the package will check if access keys are given.
 If they are not given, the package will check for a credential profile name.
 If neither is given, the default credential profile will be used. 
 
+#### Use an EC2 instance's IAM Role
+
+When Elastic Agent runs on an EC2 instance that has an IAM role attached via an instance profile, it can automatically authenticate to AWS services using a temporary access key pair and session token provided by the Instance Metadata Service (IMDS). For more details see [IAM roles for Amazon EC2](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html).
+
+To use the IAM role attached to the EC2 instance, leave all of the following options empty:
+
+* `access_key_id`
+* `secret_access_key`
+* `session_token`
+* `credential_profile_name`
+* `shared_credential_file`
+* `role_arn`
+
 ### AWS Permissions
 
 Specific AWS permissions are required for the IAM user to make specific AWS API calls.

packages/aws/manifest.yml

@@ -1,7 +1,7 @@
-format_version: 3.3.1
+format_version: 3.3.2
 name: aws
 title: AWS
-version: 3.3.1
+version: 3.3.2
 description: Collect logs and metrics from Amazon Web Services (AWS) with Elastic Agent.
 type: integration
 categories:

packages/azure/_dev/build/docs/events.md

@@ -71,18 +71,18 @@ The integration routes the logs to the most appropriate data stream based on the
 
 Use the following table to identify the target data streams for each log category. For example, if the integration receives a log event with the `NonInteractiveUserSignInLogs` category, it will infer `azure.signinlogs` as dataset, indexing the log into `logs-azure.signinlogs-default` data stream. 
 
-| Data Stream | Log Category |
-| --------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `logs-azure.activitylogs-*` | Administrative, Security, ServiceHealth, Alert, Recommendation, Policy, Autoscale, ResourceHealth  |
-| `logs-azure.application_gateway-*` | ApplicationGatewayFirewallLog, ApplicationGatewayAccessLog |
-| `logs-azure.auditlogs-*` | AuditLogs |
-| `logs-azure.firewall_logs-*` | AzureFirewallApplicationRule, AzureFirewallNetworkRule, AzureFirewallDnsProxy, AZFWApplicationRule, AZFWNetworkRule, AZFWNatRule, AZFWDnsQuery  |
-| `logs-azure.graphactivitylog-*` | MicrosoftGraphActivityLogs |
-| `logs-azure.identity_protection-*` | RiskyUsers, UserRiskEvents |
-| `logs-azure.provisioning-*` | ProvisioningLogs |
-| `logs-azure.signinlogs-*` | SignInLogs, NonInteractiveUserSignInLogs, ServicePrincipalSignInLogs, ManagedIdentitySignInLogs |
-| `logs-azure.springcloudlogs-*` | ApplicationConsole, SystemLogs, IngressLogs, BuildLogs, ContainerEventLogs  |
-| `logs-azure.platformlogs-*` | All other log categories |
+| Data Stream  | Log Categories  |
+| ---------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| `logs-azure.activitylogs-*` | `Administrative`, `Security`, `ServiceHealth`, `Alert`, `Recommendation`, `Policy`, `Autoscale`, `ResourceHealth` |
+| `logs-azure.application_gateway-*` | `ApplicationGatewayFirewallLog`, `ApplicationGatewayAccessLog`  |
+| `logs-azure.auditlogs-*` | `AuditLogs`  |
+| `logs-azure.firewall_logs-*` | `AzureFirewallApplicationRule`, `AzureFirewallNetworkRule`, `AzureFirewallDnsProxy`, `AZFWApplicationRule`, `AZFWNetworkRule`, `AZFWNatRule`, `AZFWDnsQuery` |
+| `logs-azure.graphactivitylog-*` | `MicrosoftGraphActivityLogs`  |
+| `logs-azure.identity_protection-*` | `RiskyUsers`, `UserRiskEvents`  |
+| `logs-azure.provisioning-*` | `ProvisioningLogs`  |
+| `logs-azure.signinlogs-*` | `SignInLogs`, `NonInteractiveUserSignInLogs`, `ServicePrincipalSignInLogs`, `ManagedIdentitySignInLogs`  |
+| `logs-azure.springcloudlogs-*` | `ApplicationConsole`, `SystemLogs`, `IngressLogs`, `BuildLogs`, `ContainerEventLogs` |
+| `logs-azure.platformlogs-*` | All other log categories  |
 
 ### What about all other log categories?
 

packages/azure/changelog.yml

@@ -1,3 +1,8 @@
+- version: "1.23.3"
+ changes:
+ - description: Improve Azure logs documentation with more details on log categories routing rules.
+ type: enhancement
+ link: https://github.com/elastic/integrations/pull/13863
 - version: "1.23.2"
  changes:
  - description: Fix Grok processor error in ingest pipeline for `AzureFirewallNetworkRuleLog` in `azure.firewall_logs`.

packages/azure/docs/events.md

@@ -71,18 +71,18 @@ The integration routes the logs to the most appropriate data stream based on the
 
 Use the following table to identify the target data streams for each log category. For example, if the integration receives a log event with the `NonInteractiveUserSignInLogs` category, it will infer `azure.signinlogs` as dataset, indexing the log into `logs-azure.signinlogs-default` data stream. 
 
-| Data Stream | Log Category |
-| --------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `logs-azure.activitylogs-*` | Administrative, Security, ServiceHealth, Alert, Recommendation, Policy, Autoscale, ResourceHealth  |
-| `logs-azure.application_gateway-*` | ApplicationGatewayFirewallLog, ApplicationGatewayAccessLog |
-| `logs-azure.auditlogs-*` | AuditLogs |
-| `logs-azure.firewall_logs-*` | AzureFirewallApplicationRule, AzureFirewallNetworkRule, AzureFirewallDnsProxy, AZFWApplicationRule, AZFWNetworkRule, AZFWNatRule, AZFWDnsQuery  |
-| `logs-azure.graphactivitylog-*` | MicrosoftGraphActivityLogs |
-| `logs-azure.identity_protection-*` | RiskyUsers, UserRiskEvents |
-| `logs-azure.provisioning-*` | ProvisioningLogs |
-| `logs-azure.signinlogs-*` | SignInLogs, NonInteractiveUserSignInLogs, ServicePrincipalSignInLogs, ManagedIdentitySignInLogs |
-| `logs-azure.springcloudlogs-*` | ApplicationConsole, SystemLogs, IngressLogs, BuildLogs, ContainerEventLogs  |
-| `logs-azure.platformlogs-*` | All other log categories |
+| Data Stream  | Log Categories  |
+| ---------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| `logs-azure.activitylogs-*` | `Administrative`, `Security`, `ServiceHealth`, `Alert`, `Recommendation`, `Policy`, `Autoscale`, `ResourceHealth` |
+| `logs-azure.application_gateway-*` | `ApplicationGatewayFirewallLog`, `ApplicationGatewayAccessLog`  |
+| `logs-azure.auditlogs-*` | `AuditLogs`  |
+| `logs-azure.firewall_logs-*` | `AzureFirewallApplicationRule`, `AzureFirewallNetworkRule`, `AzureFirewallDnsProxy`, `AZFWApplicationRule`, `AZFWNetworkRule`, `AZFWNatRule`, `AZFWDnsQuery` |
+| `logs-azure.graphactivitylog-*` | `MicrosoftGraphActivityLogs`  |
+| `logs-azure.identity_protection-*` | `RiskyUsers`, `UserRiskEvents`  |
+| `logs-azure.provisioning-*` | `ProvisioningLogs`  |
+| `logs-azure.signinlogs-*` | `SignInLogs`, `NonInteractiveUserSignInLogs`, `ServicePrincipalSignInLogs`, `ManagedIdentitySignInLogs`  |
+| `logs-azure.springcloudlogs-*` | `ApplicationConsole`, `SystemLogs`, `IngressLogs`, `BuildLogs`, `ContainerEventLogs` |
+| `logs-azure.platformlogs-*` | All other log categories  |
 
 ### What about all other log categories?
 

packages/azure/manifest.yml

@@ -1,6 +1,6 @@
 name: azure
 title: Azure Logs
-version: "1.23.2"
+version: "1.23.3"
 description: This Elastic integration collects logs from Azure
 type: integration
 icons:

packages/sentinel_one/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.34.2"
+ changes:
+ - description: Fix the `Activities by OS Family` visualization in the Activities dashboard.
+ type: bugfix
+ link: https://github.com/elastic/integrations/pull/13943
 - version: "1.34.1"
  changes:
  - description: Fix default request trace enabled behavior.