elastic · sholzhauer-es · Jul 15, 2025 · Jul 15, 2025 · Aug 19, 2025 · Aug 19, 2025
@@ -7,6 +7,20 @@ It has the following data streams:
 - **`intelligence`** Indicators retrieved from the Anomali ThreatStream API's intelligence endpoint.
 - **`threatstream`** Indicators received from the Anomali ThreatStream Elastic Extension, which is additional software. This is deprecated.
 
+## Requirements
+
+### Agentless enabled integration
+
+Agentless integrations allow you to collect data without having to manage Elastic Agent in your cloud. They make manual agent deployment unnecessary, so you can focus on your data instead of the agent that collects it. For more information, refer to [Agentless integrations](https://www.elastic.co/guide/en/serverless/current/security-agentless-integrations.html) and the [Agentless integrations FAQ](https://www.elastic.co/guide/en/serverless/current/agentless-integration-troubleshooting.html).
+
+Agentless deployments are only supported in Elastic Serverless and Elastic Cloud environments. This functionality is in beta and is subject to change. Beta features are not subject to the support SLA of official GA features.
+
+### Agent based installation
+
+Elastic Agent must be installed. For more details, check the Elastic Agent [installation instructions](docs-content://reference/fleet/install-elastic-agents.md).
+You can install only one Elastic Agent per host.
+Elastic Agent is required to stream data from the REST API or webhook and ship the data to Elastic, where the events will then be processed via the integration's ingest pipelines.
+
 ## Logs
 
 ### Expiration of Indicators of Compromise (IOCs)

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.2.0"
+  changes:
+    - description: Added Agentless deployment mode.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/14547
 - version: "2.1.0"
   changes:
     - description: Allow setting an advanced search query.

@@ -7,6 +7,20 @@ It has the following data streams:
 - **`intelligence`** Indicators retrieved from the Anomali ThreatStream API's intelligence endpoint.
 - **`threatstream`** Indicators received from the Anomali ThreatStream Elastic Extension, which is additional software. This is deprecated.
 
+## Requirements
+
+### Agentless enabled integration
+
+Agentless integrations allow you to collect data without having to manage Elastic Agent in your cloud. They make manual agent deployment unnecessary, so you can focus on your data instead of the agent that collects it. For more information, refer to [Agentless integrations](https://www.elastic.co/guide/en/serverless/current/security-agentless-integrations.html) and the [Agentless integrations FAQ](https://www.elastic.co/guide/en/serverless/current/agentless-integration-troubleshooting.html).
+
+Agentless deployments are only supported in Elastic Serverless and Elastic Cloud environments. This functionality is in beta and is subject to change. Beta features are not subject to the support SLA of official GA features.
+
+### Agent based installation
+
+Elastic Agent must be installed. For more details, check the Elastic Agent [installation instructions](docs-content://reference/fleet/install-elastic-agents.md).
+You can install only one Elastic Agent per host.
+Elastic Agent is required to stream data from the REST API or webhook and ship the data to Elastic, where the events will then be processed via the integration's ingest pipelines.
+
 ## Logs
 
 ### Expiration of Indicators of Compromise (IOCs)

@@ -1,9 +1,9 @@
 name: ti_anomali
 title: Anomali
-version: "2.1.0"
+version: "2.2.0"
 description: Ingest threat intelligence indicators from Anomali with Elastic Agent.
 type: integration
-format_version: 3.0.2
+format_version: 3.4.0
 categories: ["security", "threat_intel"]
 conditions:
   kibana:
@@ -38,6 +38,15 @@ policy_templates:
   - name: ti_anomali
     title: Anomali
     description: Ingest threat intelligence indicators from Anomali with Elastic Agent.
+    deployment_modes:
+      default:
+        enabled: true
+      agentless:
+        enabled: true
+        is_default: true
+        organization: security
+        division: engineering
+        team: security-service-integrations
     inputs:
       - type: cel
         title: "Anomali ThreatStream API"