Merge branch 'main' into gitlab-pages

.buildkite/scripts/find_oldest_supported_version.py

@@ -61,6 +61,25 @@ def find_oldest_supported_version(kibana_version_condition: str) -> str:
 
     # Old minors may not be available in artifacts-api, if it is older
     # than the others in the same major, return the version as is.
+    older = is_older_version(available_versions, major, minor)
+
+    # Check if there could be some version removed or missing from the
+    # artifacts-api response. If it is missing, return the version as is
+    newerPatch = exists_newer_patch(available_versions, major, minor, patch)
+
+    if older or newerPatch:
+        return version
+
+    # If no version has been found so far, try with the snapshot of the next version
+    # in the current major.
+    major_snapshot = f"{major}.x-SNAPSHOT"
+    if major_snapshot in available_aliases:
+        return major_snapshot
+
+    # Otherwise, return it, whatever this is.
+    return version
+
+def is_older_version(available_versions: list[str], major: str, minor: str) -> bool:
     older = True
     for available_version in available_versions:
         available_parts = available_version.split(".")
@@ -72,17 +91,28 @@ def find_oldest_supported_version(kibana_version_condition: str) -> str:
         if int(major) == available_major and int(minor) > available_minor:
             older = False
             break
-    if older:
-        return version
 
-    # If no version has been found so far, try with the snapshot of the next version
-    # in the current major.
-    major_snapshot = f"{major}.x-SNAPSHOT"
-    if major_snapshot in available_aliases:
-        return major_snapshot
+    return older
 
-    # Otherwise, return it, whatever this is.
-    return version
+def exists_newer_patch(available_versions: list[str], major: str, minor: str, patch: str) -> bool:
+    newer_patch = False
+    for available_version in available_versions:
+        available_parts = available_version.split(".")
+        if len(available_parts) < 2:
+            continue
+
+        available_major = int(available_parts[0])
+        available_minor = int(available_parts[1])
+        if int(major) == available_major and int(minor) == available_minor:
+            available_patch = available_parts[2]
+            # skip prerelease tags?
+            if "+" in available_patch or '-' in available_patch:
+                continue
+
+            if int(patch) < int(available_patch):
+                newer_patch = True
+                break
+    return newer_patch
 
 
 def remove_operator(kibana_version_condition: str) -> str:
@@ -175,6 +205,7 @@ class TestFindOldestSupportVersion(unittest.TestCase):
             "8.9.1",
             "8.9.2-SNAPSHOT",
             "8.9.2",
+            "8.9.4",
             "8.10.0-SNAPSHOT",
             "8.10.0",
             "8.10.1-SNAPSHOT",
@@ -190,7 +221,8 @@ class TestFindOldestSupportVersion(unittest.TestCase):
             "8.9",
             "8.10-SNAPSHOT",
             "8.10",
-            "8.11-SNAPSHOT"
+            "8.11-SNAPSHOT",
+            "8.x-SNAPSHOT"
         ],
         "manifests": {
             "last-update-time": "Thu, 14 Sep 2023 16:03:46 UTC",
@@ -230,11 +262,23 @@ def test_too_old_to_be_in_api(self):
 
     def test_no_version_available_no_next_minor_in_current_major(self):
         # returns the version as in the manifest
-        self.assertEqual(find_oldest_supported_version("8.11.3"), "8.11.3")
+        # no exists in available_versions or snapshots, neither the current {major}-x.SNAPSHOT
+        self.assertEqual(find_oldest_supported_version("9.0.0"), "9.0.0")
 
     def test_available_next_minor_in_current_major(self):
         self.assertEqual(find_oldest_supported_version("7.19.0"), "7.x-SNAPSHOT")
 
+        # not sure if this test case for 8.8.3 should return 8.x-SNAPSHOT stack version,
+        # that would test with probably a newer stack (8.11.0-SNAPSHOT).
+        self.assertEqual(find_oldest_supported_version("8.8.3"), "8.x-SNAPSHOT")
+        self.assertEqual(find_oldest_supported_version("8.12.0"), "8.x-SNAPSHOT")
+
+    def test_available_version_in_current_major_but_missing_minor(self):
+        # 8.9.2 and 8.9.4 versions exist in the artifacts-api response and the alias
+        # 8.x-SNAPSHOT too exists,
+        # but there is no 8.9.3 version in the artifacts-api response.
+        self.assertEqual(find_oldest_supported_version("8.9.3"), "8.9.3")
+
     def test_or(self):
         self.assertEqual(find_oldest_supported_version("8.6.0||8.7.0"), "8.6.0")
         self.assertEqual(find_oldest_supported_version("8.9.2||8.9.1||7.17.14"), "7.17.14-SNAPSHOT")

.github/CODEOWNERS

@@ -171,7 +171,7 @@
 /packages/digital_guardian @elastic/security-service-integrations
 /packages/docker @elastic/obs-cloudnative-monitoring
 /packages/elastic_agent @elastic/elastic-agent
-/packages/elastic_connectors @elastic/ingestion-team
+/packages/elastic_connectors @elastic/search-extract-and-transform
 /packages/elastic_package_registry @elastic/ecosystem
 /packages/elasticsearch @elastic/stack-monitoring
 /packages/enterprisesearch @elastic/stack-monitoring
@@ -401,6 +401,7 @@
 /packages/trellix_epo_cloud @elastic/security-service-integrations
 /packages/trend_micro_vision_one @elastic/security-service-integrations
 /packages/trendmicro @elastic/security-service-integrations
+/packages/tychon @elastic/security-service-integrations
 /packages/udp @elastic/sec-deployment-and-devices
 /packages/universal_profiling_agent @elastic/profiling
 /packages/universal_profiling_collector @elastic/obs-ds-intake-services

packages/1password/data_stream/audit_events/sample_event.json

@@ -84,4 +84,4 @@
     "user": {
         "id": "GLF6WUEKS5CSNDJ2OG6TCZD3M4"
     }
-}
+}

packages/1password/data_stream/item_usages/sample_event.json

@@ -77,4 +77,4 @@
         "full_name": "Name",
         "id": "OJQGU46KAPROEJLCK674RHSAY5"
     }
-}
+}

packages/1password/data_stream/signin_attempts/sample_event.json

@@ -78,4 +78,4 @@
         "full_name": "Name",
         "id": "OJQGU46KAPROEJLCK674RHSAY5"
     }
-}
+}

packages/1password/docs/README.md

@@ -129,7 +129,6 @@ An example event for `signin_attempts` looks as following:
         "id": "OJQGU46KAPROEJLCK674RHSAY5"
     }
 }
-
 ```
 
 ### Item Usages
@@ -242,7 +241,6 @@ An example event for `item_usages` looks as following:
         "id": "OJQGU46KAPROEJLCK674RHSAY5"
     }
 }
-
 ```
 
 
@@ -374,5 +372,4 @@ An example event for `audit_events` looks as following:
         "id": "GLF6WUEKS5CSNDJ2OG6TCZD3M4"
     }
 }
-
 ```

packages/abnormal_security/_dev/build/docs/README.md

@@ -8,21 +8,21 @@ The Abnormal Security integration collects data for AI Security Mailbox (formerl
 
 The Abnormal Security integration collects four types of logs:
 
-**[AI Security Mailbox](https://app.swaggerhub.com/apis-docs/abnormal-security/abx/1.4.3#/AI%20Security%20Mailbox%20(formerly%20known%20as%20Abuse%20Mailbox))** - Get details of AI Security Mailbox.
+- **[AI Security Mailbox](https://app.swaggerhub.com/apis-docs/abnormal-security/abx/1.4.3#/AI%20Security%20Mailbox%20(formerly%20known%20as%20Abuse%20Mailbox))** - Get details of AI Security Mailbox.
 
-**[Audit](https://app.swaggerhub.com/apis-docs/abnormal-security/abx/1.4.3#/Audit%20Logs)** - Get details of Audit logs for Portal.
+- **[Audit](https://app.swaggerhub.com/apis-docs/abnormal-security/abx/1.4.3#/Audit%20Logs)** - Get details of Audit logs for Portal.
 
-**[Case](https://app.swaggerhub.com/apis-docs/abnormal-security/abx/1.4.3#/Cases)** - Get details of Abnormal Cases.
+- **[Case](https://app.swaggerhub.com/apis-docs/abnormal-security/abx/1.4.3#/Cases)** - Get details of Abnormal Cases.
 
-**[Threat](https://app.swaggerhub.com/apis-docs/abnormal-security/abx/1.4.3#/Threats)** - Get details of Abnormal Threat Logs.
+- **[Threat](https://app.swaggerhub.com/apis-docs/abnormal-security/abx/1.4.3#/Threats)** - Get details of Abnormal Threat Logs.
 
 ## Requirements
 
-Elastic Agent must be installed. For more information, refer to the link [here](https://www.elastic.co/guide/en/fleet/current/elastic-agent-installation.html).
+Elastic Agent must be installed. For more details and installation instructions, please refer to the [Elastic Agent Installation Guide](https://www.elastic.co/guide/en/fleet/current/elastic-agent-installation.html).
 
 ### Installing and managing an Elastic Agent:
 
-You have a few options for installing and managing an Elastic Agent:
+There are several options for installing and managing Elastic Agent:
 
 ### Install a Fleet-managed Elastic Agent (recommended):
 
@@ -36,7 +36,7 @@ With this approach, you install Elastic Agent and manually configure the agent l
 
 You can run Elastic Agent inside a container, either with Fleet Server or standalone. Docker images for all versions of Elastic Agent are available from the Elastic Docker registry, and we provide deployment manifests for running on Kubernetes.
 
-There are some minimum requirements for running Elastic Agent and for more information, refer to the link [here](https://www.elastic.co/guide/en/fleet/current/elastic-agent-installation.html#_minimum_requirements).
+Please note, there are minimum requirements for running Elastic Agent. For more information, refer to the  [Elastic Agent Minimum Requirements](https://www.elastic.co/guide/en/fleet/current/elastic-agent-installation.html#elastic-agent-installation-minimum-requirements).
 
 ## Setup
 
@@ -53,12 +53,12 @@ There are some minimum requirements for running Elastic Agent and for more infor
 
 ### Enabling the integration in Elastic:
 
-1. In Kibana go to Management > Integrations.
-2. In "Search for integrations" search bar, type Abnormal Security.
-3. Click on the "Abnormal Security" integration from the search results.
-4. Click on the "Add Abnormal Security" button to add the integration.
+1. In Kibana navigate to Management > Integrations.
+2. In "Search for integrations" top bar, search for `Abnormal Security`.
+3. Select the "Abnormal Security" integration from the search results.
+4. Select "Add Abnormal Security" to add the integration.
 5. Add all the required integration configuration parameters, including Access Token, Interval, Initial Interval and Page Size to enable data collection.
-6. Click on "Save and continue" to save the integration.
+6. Select "Save and continue" to save the integration.
 
 **Note**: By default, the URL is set to `https://api.abnormalplatform.com`. We have observed that Abnormal Security Base URL changes based on location so find your own base URL.
 

packages/abnormal_security/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.0.0"
+  changes:
+    - description: Release package as GA.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/11210
 - version: "0.1.2"
   changes:
     - description: Handles empty threats arrays correctly, ensuring REST calls continue during subsequent intervals.

packages/abnormal_security/docs/README.md

@@ -8,21 +8,21 @@ The Abnormal Security integration collects data for AI Security Mailbox (formerl
 
 The Abnormal Security integration collects four types of logs:
 
-**[AI Security Mailbox](https://app.swaggerhub.com/apis-docs/abnormal-security/abx/1.4.3#/AI%20Security%20Mailbox%20(formerly%20known%20as%20Abuse%20Mailbox))** - Get details of AI Security Mailbox.
+- **[AI Security Mailbox](https://app.swaggerhub.com/apis-docs/abnormal-security/abx/1.4.3#/AI%20Security%20Mailbox%20(formerly%20known%20as%20Abuse%20Mailbox))** - Get details of AI Security Mailbox.
 
-**[Audit](https://app.swaggerhub.com/apis-docs/abnormal-security/abx/1.4.3#/Audit%20Logs)** - Get details of Audit logs for Portal.
+- **[Audit](https://app.swaggerhub.com/apis-docs/abnormal-security/abx/1.4.3#/Audit%20Logs)** - Get details of Audit logs for Portal.
 
-**[Case](https://app.swaggerhub.com/apis-docs/abnormal-security/abx/1.4.3#/Cases)** - Get details of Abnormal Cases.
+- **[Case](https://app.swaggerhub.com/apis-docs/abnormal-security/abx/1.4.3#/Cases)** - Get details of Abnormal Cases.
 
-**[Threat](https://app.swaggerhub.com/apis-docs/abnormal-security/abx/1.4.3#/Threats)** - Get details of Abnormal Threat Logs.
+- **[Threat](https://app.swaggerhub.com/apis-docs/abnormal-security/abx/1.4.3#/Threats)** - Get details of Abnormal Threat Logs.
 
 ## Requirements
 
-Elastic Agent must be installed. For more information, refer to the link [here](https://www.elastic.co/guide/en/fleet/current/elastic-agent-installation.html).
+Elastic Agent must be installed. For more details and installation instructions, please refer to the [Elastic Agent Installation Guide](https://www.elastic.co/guide/en/fleet/current/elastic-agent-installation.html).
 
 ### Installing and managing an Elastic Agent:
 
-You have a few options for installing and managing an Elastic Agent:
+There are several options for installing and managing Elastic Agent:
 
 ### Install a Fleet-managed Elastic Agent (recommended):
 
@@ -36,7 +36,7 @@ With this approach, you install Elastic Agent and manually configure the agent l
 
 You can run Elastic Agent inside a container, either with Fleet Server or standalone. Docker images for all versions of Elastic Agent are available from the Elastic Docker registry, and we provide deployment manifests for running on Kubernetes.
 
-There are some minimum requirements for running Elastic Agent and for more information, refer to the link [here](https://www.elastic.co/guide/en/fleet/current/elastic-agent-installation.html#_minimum_requirements).
+Please note, there are minimum requirements for running Elastic Agent. For more information, refer to the  [Elastic Agent Minimum Requirements](https://www.elastic.co/guide/en/fleet/current/elastic-agent-installation.html#elastic-agent-installation-minimum-requirements).
 
 ## Setup
 
@@ -53,12 +53,12 @@ There are some minimum requirements for running Elastic Agent and for more infor
 
 ### Enabling the integration in Elastic:
 
-1. In Kibana go to Management > Integrations.
-2. In "Search for integrations" search bar, type Abnormal Security.
-3. Click on the "Abnormal Security" integration from the search results.
-4. Click on the "Add Abnormal Security" button to add the integration.
+1. In Kibana navigate to Management > Integrations.
+2. In "Search for integrations" top bar, search for `Abnormal Security`.
+3. Select the "Abnormal Security" integration from the search results.
+4. Select "Add Abnormal Security" to add the integration.
 5. Add all the required integration configuration parameters, including Access Token, Interval, Initial Interval and Page Size to enable data collection.
-6. Click on "Save and continue" to save the integration.
+6. Select "Save and continue" to save the integration.
 
 **Note**: By default, the URL is set to `https://api.abnormalplatform.com`. We have observed that Abnormal Security Base URL changes based on location so find your own base URL.
 

packages/abnormal_security/manifest.yml

@@ -1,7 +1,7 @@
 format_version: 3.2.1
 name: abnormal_security
 title: Abnormal Security
-version: 0.1.2
+version: 1.0.0
 description: Collect logs from Abnormal Security with Elastic Agent.
 type: integration
 categories:

packages/akamai/data_stream/siem/sample_event.json

@@ -192,4 +192,4 @@
         "port": 80,
         "query": "a=../../../etc/passwd"
     }
-}
+}

packages/akamai/docs/README.md

@@ -269,5 +269,4 @@ An example event for `siem` looks as following:
         "query": "a=../../../etc/passwd"
     }
 }
-
 ```

packages/atlassian_bitbucket/data_stream/audit/sample_event.json

@@ -90,4 +90,4 @@
         "id": "2",
         "name": "admin"
     }
-}
+}

packages/atlassian_bitbucket/docs/README.md

@@ -134,5 +134,4 @@ An example event for `audit` looks as following:
         "name": "admin"
     }
 }
-
 ```

packages/atlassian_confluence/data_stream/audit/sample_event.json

@@ -73,4 +73,4 @@
     "user": {
         "full_name": "System"
     }
-}
+}

packages/atlassian_confluence/docs/README.md

@@ -122,5 +122,4 @@ An example event for `audit` looks as following:
         "full_name": "System"
     }
 }
-
 ```

packages/atlassian_jira/data_stream/audit/sample_event.json

@@ -114,4 +114,4 @@
         "id": "-2",
         "name": "Anonymous"
     }
-}
+}

packages/atlassian_jira/docs/README.md

@@ -162,5 +162,4 @@ An example event for `audit` looks as following:
         "name": "Anonymous"
     }
 }
-
 ```

packages/auditd/data_stream/log/sample_event.json

@@ -67,4 +67,4 @@
     "tags": [
         "auditd-log"
     ]
-}
+}

packages/auditd/docs/README.md

@@ -83,7 +83,6 @@ An example event for `log` looks as following:
         "auditd-log"
     ]
 }
-
 ```
 
 **Exported fields**

packages/auditd_manager/data_stream/auditd/sample_event.json

@@ -130,4 +130,4 @@
         "id": "0",
         "name": "root"
     }
-}
+}

packages/auditd_manager/docs/README.md

@@ -266,7 +266,6 @@ An example event for `auditd` looks as following:
         "name": "root"
     }
 }
-
 ```
 
 **Exported fields**