From 8b3f75480374a7b571319a475123331f8cc00041 Mon Sep 17 00:00:00 2001 From: mohitjha-elastic Date: Tue, 15 Jul 2025 13:03:26 +0530 Subject: [PATCH 1/2] Add troubleshooting note in readme --- packages/wiz/_dev/build/docs/README.md | 11 +++++++++++ packages/wiz/changelog.yml | 5 +++++ packages/wiz/docs/README.md | 11 +++++++++++ packages/wiz/manifest.yml | 2 +- 4 files changed, 28 insertions(+), 1 deletion(-) diff --git a/packages/wiz/_dev/build/docs/README.md b/packages/wiz/_dev/build/docs/README.md index fc2a6e9841b..f5e292f3180 100644 --- a/packages/wiz/_dev/build/docs/README.md +++ b/packages/wiz/_dev/build/docs/README.md @@ -98,6 +98,17 @@ Agentless deployments are only supported in Elastic Serverless and Elastic Cloud - Vulnerability data is fetched for the previous day. - Custom headers are not supported in this integration. Only the standard Authorization header (for example, Bearer token) is used for API requests. +### Troubleshooting + +The transforms used in the Wiz integration depend on the presence of the `event.ingested` field to function correctly. + +When using Fleet-managed Elastic Agents, the `.fleet_final_pipeline-1` is automatically executed and ensures that the `event.ingested` field is added to all events. + +However, when using standalone Elastic Agents, this pipeline is not applied, and the `event.ingested` field is not automatically added. + +📌 Action Required (for standalone agents): +You must manually add the `event.ingested` field, preferably via a custom ingest pipeline (e.g., using the @custom pipeline). + ## Logs reference ### Audit diff --git a/packages/wiz/changelog.yml b/packages/wiz/changelog.yml index 4a61c4dba6c..36cf2c6c5fe 100644 --- a/packages/wiz/changelog.yml +++ b/packages/wiz/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "3.6.0" + changes: + - description: Add troubleshooting note in README on `event.ingested` requirement for standalone Elastic Agent. + type: bugfix + link: https://github.com/elastic/integrations/pull/1 - version: "3.5.1" changes: - description: Update texts for the input fields helpers. diff --git a/packages/wiz/docs/README.md b/packages/wiz/docs/README.md index 06851771aac..0b855a376bb 100644 --- a/packages/wiz/docs/README.md +++ b/packages/wiz/docs/README.md @@ -98,6 +98,17 @@ Agentless deployments are only supported in Elastic Serverless and Elastic Cloud - Vulnerability data is fetched for the previous day. - Custom headers are not supported in this integration. Only the standard Authorization header (for example, Bearer token) is used for API requests. +### Troubleshooting + +The transforms used in the Wiz integration depend on the presence of the `event.ingested` field to function correctly. + +When using Fleet-managed Elastic Agents, the `.fleet_final_pipeline-1` is automatically executed and ensures that the `event.ingested` field is added to all events. + +However, when using standalone Elastic Agents, this pipeline is not applied, and the `event.ingested` field is not automatically added. + +📌 Action Required (for standalone agents): +You must manually add the `event.ingested` field, preferably via a custom ingest pipeline (e.g., using the @custom pipeline). + ## Logs reference ### Audit diff --git a/packages/wiz/manifest.yml b/packages/wiz/manifest.yml index 52c1389f4b3..4c1478e5883 100644 --- a/packages/wiz/manifest.yml +++ b/packages/wiz/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.4.0 name: wiz title: Wiz -version: "3.5.1" +version: "3.6.0" description: Collect logs from Wiz with Elastic Agent. type: integration categories: From 21d8a18bfdd0377972c0ea97dbc214976105c583 Mon Sep 17 00:00:00 2001 From: mohitjha-elastic Date: Tue, 15 Jul 2025 13:17:54 +0530 Subject: [PATCH 2/2] Update changelog entry --- packages/wiz/changelog.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/wiz/changelog.yml b/packages/wiz/changelog.yml index 36cf2c6c5fe..e70f5c3a5bd 100644 --- a/packages/wiz/changelog.yml +++ b/packages/wiz/changelog.yml @@ -2,8 +2,8 @@ - version: "3.6.0" changes: - description: Add troubleshooting note in README on `event.ingested` requirement for standalone Elastic Agent. - type: bugfix - link: https://github.com/elastic/integrations/pull/1 + type: enhancement + link: https://github.com/elastic/integrations/pull/14546 - version: "3.5.1" changes: - description: Update texts for the input fields helpers.