elastic
diff --git a/‎packages/ti_crowdstrike/_dev/build/docs/README.md‎
Lines changed: 5 additions & 0 deletions b/‎packages/ti_crowdstrike/_dev/build/docs/README.md‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎packages/ti_crowdstrike/changelog.yml‎
Lines changed: 5 additions & 0 deletions b/‎packages/ti_crowdstrike/changelog.yml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎packages/ti_crowdstrike/data_stream/intel/elasticsearch/ingest_pipeline/default.yml‎
Lines changed: 16 additions & 0 deletions b/‎packages/ti_crowdstrike/data_stream/intel/elasticsearch/ingest_pipeline/default.yml‎
Lines changed: 16 additions & 0 deletions
diff --git a/‎packages/ti_crowdstrike/data_stream/ioc/elasticsearch/ingest_pipeline/default.yml‎
Lines changed: 16 additions & 0 deletions b/‎packages/ti_crowdstrike/data_stream/ioc/elasticsearch/ingest_pipeline/default.yml‎
Lines changed: 16 additions & 0 deletions
diff --git a/‎packages/ti_crowdstrike/docs/README.md‎
Lines changed: 5 additions & 0 deletions b/‎packages/ti_crowdstrike/docs/README.md‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎packages/ti_crowdstrike/manifest.yml‎
Lines changed: 14 additions & 3 deletions b/‎packages/ti_crowdstrike/manifest.yml‎
Lines changed: 14 additions & 3 deletions
@@ -2,6 +2,11 @@
 
 CrowdStrike Falcon Intelligence is a threat intelligence product that provides advanced cybersecurity insights to organizations. Leveraging machine learning and behavioural analytics, Falcon Intelligence delivers real-time threat data, enabling proactive threat detection and response. With a focus on actionable intelligence, it empowers businesses to stay ahead of cyber adversaries and enhance their overall security posture. This [CrowdStrike Falcon Intelligence](https://www.crowdstrike.com/en-us/) integration enables you to consume and analyze CrowdStrike Falcon Intelligence data within Elastic Security, including Intel Indicator and IOCs, providing you with visibility and context for your cloud environments within Elastic Security.
 
+## Agentless Enabled Integration
+
+Agentless integrations allow you to collect data without having to manage Elastic Agent in your cloud. They make manual agent deployment unnecessary, so you can focus on your data instead of the agent that collects it. For more information, refer to [Agentless integrations](https://www.elastic.co/guide/en/serverless/current/security-agentless-integrations.html) and the [Agentless integrations FAQ](https://www.elastic.co/guide/en/serverless/current/agentless-integration-troubleshooting.html).
+Agentless deployments are only supported in Elastic Serverless and Elastic Cloud environments. This functionality is in beta and is subject to change. Beta features are not subject to the support SLA of official GA features.
+
 ## Data streams
 
 The CrowdStrike Falcon Intelligence integration collects two types of data: IOC and Intel Indicator.
 
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.6.0"
+ changes:
+ - description: Enable Agentless deployment.
+ type: enhancement
+ link: https://github.com/elastic/integrations/pull/15249
 - version: "2.5.0"
  changes:
  - description: Remove duplicated installation instructions from the documentation
 
@@ -5,6 +5,17 @@ processors:
  field: ecs.version
  tag: set_ecs_version
  value: 8.11.0
+ - remove:
+ field:
+ - organization
+ - division
+ - team
+ ignore_missing: true
+ if: ctx.organization instanceof String && ctx.division instanceof String && ctx.team instanceof String
+ tag: remove_agentless_tags
+ description: >-
+ Removes the fields added by Agentless as metadata,
+ as they can collide with ECS fields.
  - set:
  field: event.kind
  tag: set_event_kind
@@ -29,6 +40,11 @@ processors:
  target_field: event.original
  ignore_missing: true
  if: ctx.event?.original == null
+ - remove:
+ field: message
+ ignore_missing: true
+ if: ctx.event?.original != null
+ description: 'The `message` field is no longer required if the document has an `event.original` field.'
  - json:
  field: event.original
  tag: json_event_original
 
@@ -5,6 +5,17 @@ processors:
  field: ecs.version
  tag: set_ecs_version
  value: 8.11.0
+ - remove:
+ field:
+ - organization
+ - division
+ - team
+ ignore_missing: true
+ if: ctx.organization instanceof String && ctx.division instanceof String && ctx.team instanceof String
+ tag: remove_agentless_tags
+ description: >-
+ Removes the fields added by Agentless as metadata,
+ as they can collide with ECS fields.
  - set:
  field: event.kind
  tag: set_event_kind
@@ -29,6 +40,11 @@ processors:
  target_field: event.original
  ignore_missing: true
  if: ctx.event?.original == null
+ - remove:
+ field: message
+ ignore_missing: true
+ if: ctx.event?.original != null
+ description: 'The `message` field is no longer required if the document has an `event.original` field.'
  - json:
  field: event.original
  tag: json_event_original
 
@@ -2,6 +2,11 @@
 
 CrowdStrike Falcon Intelligence is a threat intelligence product that provides advanced cybersecurity insights to organizations. Leveraging machine learning and behavioural analytics, Falcon Intelligence delivers real-time threat data, enabling proactive threat detection and response. With a focus on actionable intelligence, it empowers businesses to stay ahead of cyber adversaries and enhance their overall security posture. This [CrowdStrike Falcon Intelligence](https://www.crowdstrike.com/en-us/) integration enables you to consume and analyze CrowdStrike Falcon Intelligence data within Elastic Security, including Intel Indicator and IOCs, providing you with visibility and context for your cloud environments within Elastic Security.
 
+## Agentless Enabled Integration
+
+Agentless integrations allow you to collect data without having to manage Elastic Agent in your cloud. They make manual agent deployment unnecessary, so you can focus on your data instead of the agent that collects it. For more information, refer to [Agentless integrations](https://www.elastic.co/guide/en/serverless/current/security-agentless-integrations.html) and the [Agentless integrations FAQ](https://www.elastic.co/guide/en/serverless/current/agentless-integration-troubleshooting.html).
+Agentless deployments are only supported in Elastic Serverless and Elastic Cloud environments. This functionality is in beta and is subject to change. Beta features are not subject to the support SLA of official GA features.
+
 ## Data streams
 
 The CrowdStrike Falcon Intelligence integration collects two types of data: IOC and Intel Indicator.
 
@@ -1,15 +1,15 @@
-format_version: 3.0.3
+format_version: 3.3.2
 name: ti_crowdstrike
 title: CrowdStrike Falcon Intelligence
-version: "2.5.0"
+version: "2.6.0"
 description: Collect logs from CrowdStrike Falcon Intelligence with Elastic Agent.
 type: integration
 categories:
  - security
  - threat_intel
 conditions:
  kibana:
- version: "^8.13.0 || ^9.0.0"
+ version: "^8.18.0 || ^9.0.0"
  elastic:
  subscription: basic
 screenshots:
@@ -30,6 +30,17 @@ policy_templates:
  - name: ti_crowdstrike
  title: CrowdStrike Falcon Intelligence logs
  description: Collect CrowdStrike Falcon Intelligence logs.
+ deployment_modes:
+ default:
+ enabled: true
+ agentless:
+ enabled: true
+ organization: security
+ division: engineering
+ team: security-service-integrations
+ resources:
+ requests:
+ memory: 4Gi
  inputs:
  - type: cel
  title: Collect CrowdStrike Falcon Intelligence logs via API