elastic
diff --git a/‎packages/ti_google_threat_intelligence/_dev/build/docs/README.md‎
Lines changed: 7 additions & 1 deletion b/‎packages/ti_google_threat_intelligence/_dev/build/docs/README.md‎
Lines changed: 7 additions & 1 deletion
diff --git a/‎packages/ti_google_threat_intelligence/changelog.yml‎
Lines changed: 5 additions & 0 deletions b/‎packages/ti_google_threat_intelligence/changelog.yml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎packages/ti_google_threat_intelligence/data_stream/cryptominer/agent/stream/cel.yml.hbs‎
Lines changed: 1 addition & 1 deletion b/‎packages/ti_google_threat_intelligence/data_stream/cryptominer/agent/stream/cel.yml.hbs‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/ti_google_threat_intelligence/data_stream/cryptominer/elasticsearch/ingest_pipeline/default.yml‎
Lines changed: 11 additions & 0 deletions b/‎packages/ti_google_threat_intelligence/data_stream/cryptominer/elasticsearch/ingest_pipeline/default.yml‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎packages/ti_google_threat_intelligence/data_stream/first_stage_delivery_vectors/agent/stream/cel.yml.hbs‎
Lines changed: 1 addition & 1 deletion b/‎packages/ti_google_threat_intelligence/data_stream/first_stage_delivery_vectors/agent/stream/cel.yml.hbs‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/ti_google_threat_intelligence/data_stream/first_stage_delivery_vectors/elasticsearch/ingest_pipeline/default.yml‎
Lines changed: 11 additions & 0 deletions b/‎packages/ti_google_threat_intelligence/data_stream/first_stage_delivery_vectors/elasticsearch/ingest_pipeline/default.yml‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎packages/ti_google_threat_intelligence/data_stream/infostealer/agent/stream/cel.yml.hbs‎
Lines changed: 1 addition & 1 deletion b/‎packages/ti_google_threat_intelligence/data_stream/infostealer/agent/stream/cel.yml.hbs‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/ti_google_threat_intelligence/data_stream/infostealer/elasticsearch/ingest_pipeline/default.yml‎
Lines changed: 11 additions & 0 deletions b/‎packages/ti_google_threat_intelligence/data_stream/infostealer/elasticsearch/ingest_pipeline/default.yml‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎packages/ti_google_threat_intelligence/data_stream/iot/agent/stream/cel.yml.hbs‎
Lines changed: 1 addition & 1 deletion b/‎packages/ti_google_threat_intelligence/data_stream/iot/agent/stream/cel.yml.hbs‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/ti_google_threat_intelligence/data_stream/iot/elasticsearch/ingest_pipeline/default.yml‎
Lines changed: 11 additions & 0 deletions b/‎packages/ti_google_threat_intelligence/data_stream/iot/elasticsearch/ingest_pipeline/default.yml‎
Lines changed: 11 additions & 0 deletions
@@ -34,6 +34,12 @@ Data collection is available for all nine feed types: `cryptominer`, `first_stag
 
 ## Requirements
 
+### Agentless-enabled integration
+Agentless integrations allow you to collect data without having to manage Elastic Agent in your cloud. They make manual agent deployment unnecessary, so you can focus on your data instead of the agent that collects it. For more information, refer to [Agentless integrations](https://www.elastic.co/guide/en/serverless/current/security-agentless-integrations.html) and the [Agentless integrations FAQ](https://www.elastic.co/guide/en/serverless/current/agentless-integration-troubleshooting.html).
+
+Agentless deployments are only supported in Elastic Serverless and Elastic Cloud environments. This functionality is in beta and is subject to change. Beta features are not subject to the support SLA of official GA features.
+
+### Agent-based installation
 Elastic Agent must be installed. For more details, check the Elastic Agent [installation instructions](docs-content://reference/fleet/install-elastic-agents.md).
 
 ## Setup
@@ -145,7 +151,7 @@ The following transform and its associated pipelines are used to filter relevant
  - Prefix the pipeline name with the integration version.
  For example:
  ```
- 0.2.0-ti_google_threat_intelligence-latest_ip_ioc-transform-pipeline
+ {package_version}-ti_google_threat_intelligence-latest_ip_ioc-transform-pipeline
  ```
  - Click **Update** to save the changes.
 5. Click the **three dots** again next to the transform and select **Start** to activate it.
 
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: 0.4.0
+ changes:
+ - description: Enable Agentless deployment.
+ type: enhancement
+ link: https://github.com/elastic/integrations/pull/1
 - version: 0.3.0
  changes:
  - description: Add data streams - linux, malicious_network_infrastructure, malware, mobile, osx.
 
@@ -33,7 +33,7 @@ program: |
  ?"query": has(state.query) ? optional.of([state.query]) : optional.none(),
  "limit": ["4000"],
  "x-tool": ["Elastic"],
- "User-Agent": ["v0.3.0"], // Keep this in sync with 'version' in package level manifest.yml.
+ "User-Agent": ["v0.4.0"], // Keep this in sync with 'version' in package level manifest.yml.
  }.format_query()
  ).with({
  "Header": {
 
@@ -12,6 +12,17 @@ processors:
  - drop:
  if: ctx.message == 'retry'
  tag: drop_retry_events
+ - remove:
+ field:
+ - organization
+ - division
+ - team
+ ignore_missing: true
+ if: ctx.organization instanceof String && ctx.division instanceof String && ctx.team instanceof String
+ tag: remove_agentless_tags
+ description: >-
+ Removes the fields added by Agentless as metadata,
+ as they can collide with ECS fields.
  - rename:
  field: message
  tag: rename_message_to_event_original
 
@@ -33,7 +33,7 @@ program: |
  ?"query": has(state.query) ? optional.of([state.query]) : optional.none(),
  "limit": ["4000"],
  "x-tool": ["Elastic"],
- "User-Agent": ["v0.3.0"], // Keep this in sync with 'version' in package level manifest.yml.
+ "User-Agent": ["v0.4.0"], // Keep this in sync with 'version' in package level manifest.yml.
  }.format_query()
  ).with({
  "Header": {
 
@@ -12,6 +12,17 @@ processors:
  - drop:
  if: ctx.message == 'retry'
  tag: drop_retry_events
+ - remove:
+ field:
+ - organization
+ - division
+ - team
+ ignore_missing: true
+ if: ctx.organization instanceof String && ctx.division instanceof String && ctx.team instanceof String
+ tag: remove_agentless_tags
+ description: >-
+ Removes the fields added by Agentless as metadata,
+ as they can collide with ECS fields.
  - rename:
  field: message
  tag: rename_message_to_event_original
 
@@ -33,7 +33,7 @@ program: |
  ?"query": has(state.query) ? optional.of([state.query]) : optional.none(),
  "limit": ["4000"],
  "x-tool": ["Elastic"],
- "User-Agent": ["v0.3.0"], // Keep this in sync with 'version' in package level manifest.yml.
+ "User-Agent": ["v0.4.0"], // Keep this in sync with 'version' in package level manifest.yml.
  }.format_query()
  ).with({
  "Header": {
 
@@ -12,6 +12,17 @@ processors:
  - drop:
  if: ctx.message == 'retry'
  tag: drop_retry_events
+ - remove:
+ field:
+ - organization
+ - division
+ - team
+ ignore_missing: true
+ if: ctx.organization instanceof String && ctx.division instanceof String && ctx.team instanceof String
+ tag: remove_agentless_tags
+ description: >-
+ Removes the fields added by Agentless as metadata,
+ as they can collide with ECS fields.
  - rename:
  field: message
  tag: rename_message_to_event_original
 
@@ -33,7 +33,7 @@ program: |
  ?"query": has(state.query) ? optional.of([state.query]) : optional.none(),
  "limit": ["4000"],
  "x-tool": ["Elastic"],
- "User-Agent": ["v0.3.0"], // Keep this in sync with 'version' in package level manifest.yml.
+ "User-Agent": ["v0.4.0"], // Keep this in sync with 'version' in package level manifest.yml.
  }.format_query()
  ).with({
  "Header": {
 
@@ -12,6 +12,17 @@ processors:
  - drop:
  if: ctx.message == 'retry'
  tag: drop_retry_events
+ - remove:
+ field:
+ - organization
+ - division
+ - team
+ ignore_missing: true
+ if: ctx.organization instanceof String && ctx.division instanceof String && ctx.team instanceof String
+ tag: remove_agentless_tags
+ description: >-
+ Removes the fields added by Agentless as metadata,
+ as they can collide with ECS fields.
  - rename:
  field: message
  tag: rename_message_to_event_original