From b1cf53727ce47355da6fb864167de070207b2fa6 Mon Sep 17 00:00:00 2001 From: Alexandra Konrad Date: Wed, 16 Jul 2025 18:14:31 +0200 Subject: [PATCH 1/7] update category --- packages/abnormal_security/manifest.yml | 4 ++++ packages/activemq/manifest.yml | 4 ++++ packages/admin_by_request_epm/manifest.yml | 4 ++++ packages/airflow/manifest.yml | 4 ++++ packages/amazon_security_lake/manifest.yml | 6 +++++- packages/apache_spark/manifest.yml | 4 ++++ packages/apache_tomcat/manifest.yml | 8 +++++++- packages/arista_ngfw/manifest.yml | 6 ++++++ packages/armis/manifest.yml | 4 ++++ packages/authentik/manifest.yml | 2 ++ packages/aws/manifest.yml | 2 ++ packages/azure/manifest.yml | 2 ++ packages/azure_ai_foundry/manifest.yml | 2 ++ packages/azure_app_service/manifest.yml | 2 ++ packages/azure_openai/manifest.yml | 2 ++ packages/bbot/manifest.yml | 2 ++ packages/beaconing/manifest.yml | 2 ++ packages/beelzebub/manifest.yml | 2 ++ packages/beyondinsight_password_safe/manifest.yml | 4 ++++ packages/beyondtrust_pra/manifest.yml | 4 ++++ packages/bitdefender/manifest.yml | 2 ++ packages/blacklens/manifest.yml | 4 ++++ packages/canva/manifest.yml | 2 ++ packages/cef/manifest.yml | 4 ++++ packages/checkpoint_email/manifest.yml | 2 ++ packages/checkpoint_harmony_endpoint/manifest.yml | 2 ++ packages/cisa_kevs/manifest.yml | 2 ++ packages/cisco_ise/manifest.yml | 2 ++ packages/cisco_meraki/manifest.yml | 2 ++ packages/microsoft_defender_endpoint/manifest.yml | 6 ++++-- packages/microsoft_dhcp/manifest.yml | 2 ++ packages/microsoft_exchange_server/manifest.yml | 2 ++ packages/mongodb/manifest.yml | 2 ++ packages/mongodb_atlas/manifest.yml | 2 ++ packages/mysql/manifest.yml | 2 ++ packages/mysql_enterprise/manifest.yml | 2 ++ packages/nats/manifest.yml | 2 ++ packages/netscout/manifest.yml | 4 +++- packages/o365/manifest.yml | 6 +++++- packages/o365_metrics/manifest.yml | 4 +++- packages/oracle/manifest.yml | 2 ++ packages/panw/manifest.yml | 4 +++- packages/panw_metrics/manifest.yml | 2 ++ packages/pfsense/manifest.yml | 2 ++ packages/ping_federate/manifest.yml | 2 ++ packages/sailpoint_identity_sc/manifest.yml | 2 ++ packages/salesforce/manifest.yml | 2 ++ packages/security_detection_engine/manifest.yml | 2 ++ packages/sentinel_one_cloud_funnel/manifest.yml | 4 +++- packages/snort/manifest.yml | 6 +++++- packages/snyk/manifest.yml | 2 ++ packages/sonicwall_firewall/manifest.yml | 2 ++ packages/sophos/manifest.yml | 6 +++--- packages/stan/manifest.yml | 2 ++ packages/stormshield/manifest.yml | 2 ++ packages/suricata/manifest.yml | 7 ++++++- packages/symantec_endpoint/manifest.yml | 4 +++- packages/synthetics/manifest.yml | 5 ++++- packages/system/manifest.yml | 2 ++ packages/system_otel/manifest.yml | 4 ++++ packages/threat_map/manifest.yml | 2 ++ packages/thycotic_ss/manifest.yml | 2 ++ packages/ti_abusech/manifest.yml | 4 +++- packages/ti_anomali/manifest.yml | 4 +++- packages/ti_cybersixgill/manifest.yml | 4 +++- packages/ti_eset/manifest.yml | 4 ++++ packages/ti_google_threat_intelligence/manifest.yml | 4 ++++ packages/ti_greynoise/manifest.yml | 4 ++++ packages/ti_maltiverse/manifest.yml | 8 +++++++- packages/ti_misp/manifest.yml | 4 +++- packages/ti_otx/manifest.yml | 4 +++- packages/ti_rapid7_threat_command/manifest.yml | 8 +++++++- packages/ti_recordedfuture/manifest.yml | 4 +++- packages/ti_threatconnect/manifest.yml | 4 ++++ packages/ti_threatq/manifest.yml | 4 +++- packages/ti_util/manifest.yml | 2 ++ packages/tomcat/manifest.yml | 8 +++++++- packages/traefik/manifest.yml | 6 ++++++ packages/trellix_edr_cloud/manifest.yml | 4 ++++ packages/trellix_epo_cloud/manifest.yml | 4 ++++ packages/trend_micro_vision_one/manifest.yml | 2 ++ packages/trendmicro/manifest.yml | 2 ++ packages/tychon/manifest.yml | 4 ++++ packages/udp/manifest.yml | 2 ++ packages/unifiedlogs/manifest.yml | 2 ++ packages/universal_profiling_agent/manifest.yml | 6 +++++- packages/varonis/manifest.yml | 2 ++ packages/vectra_detect/manifest.yml | 6 +++++- packages/vectra_rux/manifest.yml | 2 ++ packages/vsphere/manifest.yml | 2 ++ packages/watchguard_firebox/manifest.yml | 2 ++ packages/websocket/manifest.yml | 2 ++ packages/websphere_application_server/manifest.yml | 2 ++ packages/windows/manifest.yml | 4 ++++ packages/windows_etw/manifest.yml | 4 ++++ packages/winlog/manifest.yml | 4 ++++ packages/wiz/manifest.yml | 4 ++++ packages/zeek/manifest.yml | 6 +++++- packages/zerofox/manifest.yml | 4 ++++ packages/zeronetworks/manifest.yml | 4 ++++ packages/zookeeper/manifest.yml | 2 ++ packages/zoom/manifest.yml | 6 +++++- packages/zscaler_zia/manifest.yml | 2 ++ packages/zscaler_zpa/manifest.yml | 2 ++ 104 files changed, 326 insertions(+), 30 deletions(-) diff --git a/packages/abnormal_security/manifest.yml b/packages/abnormal_security/manifest.yml index 9776b70fd9a..071c0878ab1 100644 --- a/packages/abnormal_security/manifest.yml +++ b/packages/abnormal_security/manifest.yml @@ -6,6 +6,10 @@ description: Collect logs from Abnormal AI with Elastic Agent. type: integration categories: - security + # Added email_security category as this integration focuses on email security and mailbox protection + - email_security + # Added threat_intel category as it includes threat detection and case management for email security threats + - threat_intel conditions: kibana: version: "^8.17.0 || ^9.0.0" diff --git a/packages/activemq/manifest.yml b/packages/activemq/manifest.yml index 168587ad2f6..6a1361a363c 100644 --- a/packages/activemq/manifest.yml +++ b/packages/activemq/manifest.yml @@ -12,6 +12,10 @@ format_version: "3.0.2" categories: - message_queue - observability + # Added monitoring category as this integration collects metrics for monitoring ActiveMQ instances + - monitoring + # Added infrastructure category as ActiveMQ is part of the infrastructure stack + - infrastructure conditions: kibana: version: "^8.13.0 || ^9.0.0" diff --git a/packages/admin_by_request_epm/manifest.yml b/packages/admin_by_request_epm/manifest.yml index 34e228c6d61..b7959b5035a 100644 --- a/packages/admin_by_request_epm/manifest.yml +++ b/packages/admin_by_request_epm/manifest.yml @@ -8,6 +8,10 @@ description: "Collect logs from Admin By Request EPM with Elastic Agent." type: integration categories: - security + # Added iam category as Admin By Request EPM is focused on privilege management and administrative access control + - iam + # Added credential_management category as it deals with elevated privileges management + - credential_management conditions: kibana: version: "^8.15.3 || ^9.0.0" diff --git a/packages/airflow/manifest.yml b/packages/airflow/manifest.yml index dc3a9166917..ae1b24c9be4 100644 --- a/packages/airflow/manifest.yml +++ b/packages/airflow/manifest.yml @@ -6,6 +6,10 @@ type: integration format_version: "3.0.0" categories: - observability + # Added process_manager category as Airflow is a workflow management platform that schedules and monitors workflows + - process_manager + # Added stream_processing category as it's used for orchestrating data pipelines and processing data streams + - stream_processing conditions: kibana: version: "^8.13.0 || ^9.0.0" diff --git a/packages/amazon_security_lake/manifest.yml b/packages/amazon_security_lake/manifest.yml index 39c401ead7b..bfa3f67338d 100644 --- a/packages/amazon_security_lake/manifest.yml +++ b/packages/amazon_security_lake/manifest.yml @@ -4,7 +4,11 @@ title: Amazon Security Lake version: "2.5.3" description: Collect logs from Amazon Security Lake with Elastic Agent. type: integration -categories: ["aws", "security"] +categories: + - aws + - security + # Added siem category as it functions as a security information and event management system for AWS resources + - siem conditions: kibana: version: "^8.16.5 || ^9.0.0" diff --git a/packages/apache_spark/manifest.yml b/packages/apache_spark/manifest.yml index baf38a607a5..5a967c38c5e 100644 --- a/packages/apache_spark/manifest.yml +++ b/packages/apache_spark/manifest.yml @@ -7,6 +7,10 @@ type: integration categories: - observability - analytics_engine + # Added big_data category as Apache Spark is a unified analytics engine for large-scale data processing + - big_data + # Added stream_processing category as Spark includes capabilities for stream processing with Spark Streaming + - stream_processing conditions: kibana: version: "^8.13.0 || ^9.0.0" diff --git a/packages/apache_tomcat/manifest.yml b/packages/apache_tomcat/manifest.yml index be40042b9e8..125f553420e 100644 --- a/packages/apache_tomcat/manifest.yml +++ b/packages/apache_tomcat/manifest.yml @@ -3,7 +3,13 @@ name: apache_tomcat title: Apache Tomcat version: "1.11.0" description: Collect and parse logs and metrics from Apache Tomcat servers with Elastic Agent. -categories: ["web", "observability"] +categories: + - web + - observability + # Added application_observability category as Apache Tomcat is an application server, and this integration provides detailed application-level metrics and logs + - application_observability + # Added websphere category as Tomcat is a Java web application server similar to WebSphere + - websphere type: integration conditions: kibana: diff --git a/packages/arista_ngfw/manifest.yml b/packages/arista_ngfw/manifest.yml index 19065222598..b8170b63383 100755 --- a/packages/arista_ngfw/manifest.yml +++ b/packages/arista_ngfw/manifest.yml @@ -8,6 +8,12 @@ description: "Collect logs and metrics from Arista NG Firewall." type: integration categories: - network + # Added network_security category as Arista NGFW is primarily a network security device + - network_security + # Added firewall_security category as it provides firewall capabilities and logs firewall events + - firewall_security + # Added ids_ips category as it includes intrusion prevention system functionality + - ids_ips conditions: kibana: version: "^8.11.0 || ^9.0.0" diff --git a/packages/armis/manifest.yml b/packages/armis/manifest.yml index 7bcb7619d2d..7249b00f471 100644 --- a/packages/armis/manifest.yml +++ b/packages/armis/manifest.yml @@ -6,6 +6,10 @@ description: Collect logs from Armis with Elastic Agent. type: integration categories: - security + # Added vulnerability_management category as it detects and manages vulnerabilities across devices + - vulnerability_management + # Added network_security category as it monitors and protects devices across the network + - network_security conditions: kibana: version: "^8.18.0 || ^9.0.0" diff --git a/packages/authentik/manifest.yml b/packages/authentik/manifest.yml index 8345d688e0e..64627b0fd95 100644 --- a/packages/authentik/manifest.yml +++ b/packages/authentik/manifest.yml @@ -6,6 +6,8 @@ description: Collect logs from authentik with Elastic Agent. type: integration categories: - security + # Added iam category as Authentik is an Identity Provider (IdP) and SSO solution + - iam conditions: kibana: version: "^8.13.0 || ^9.0.0" diff --git a/packages/aws/manifest.yml b/packages/aws/manifest.yml index c06d1c0753f..c22f9112e4a 100644 --- a/packages/aws/manifest.yml +++ b/packages/aws/manifest.yml @@ -7,6 +7,8 @@ type: integration categories: - aws - cloud + # Added security category as AWS integration collects security-relevant data like CloudTrail logs, GuardDuty findings, and other security monitoring data + - security conditions: elastic: subscription: basic diff --git a/packages/azure/manifest.yml b/packages/azure/manifest.yml index bedc4f4b7a4..b3e48511b00 100644 --- a/packages/azure/manifest.yml +++ b/packages/azure/manifest.yml @@ -13,6 +13,8 @@ categories: - cloud - azure - observability + # Added security category as it collects security-relevant logs like Microsoft Entra ID sign-in logs, audit logs, and identity protection logs + - security conditions: kibana: version: "^8.15.1 || ^9.0.0" diff --git a/packages/azure_ai_foundry/manifest.yml b/packages/azure_ai_foundry/manifest.yml index a55f50e94ac..64c2d993f88 100644 --- a/packages/azure_ai_foundry/manifest.yml +++ b/packages/azure_ai_foundry/manifest.yml @@ -10,6 +10,8 @@ categories: - azure - cloud - observability + # Added security category as it collects audit logs and security-relevant data like content filter results + - security conditions: kibana: version: "^9.0.0" diff --git a/packages/azure_app_service/manifest.yml b/packages/azure_app_service/manifest.yml index 45a4116b410..89ccf7983ad 100644 --- a/packages/azure_app_service/manifest.yml +++ b/packages/azure_app_service/manifest.yml @@ -10,6 +10,8 @@ categories: - azure - cloud - observability + # Added security category as it collects audit logs and security-relevant HTTP logs + - security conditions: kibana: version: "^8.13.0 || ^9.0.0" diff --git a/packages/azure_openai/manifest.yml b/packages/azure_openai/manifest.yml index 0066719abf0..048262e2e2f 100644 --- a/packages/azure_openai/manifest.yml +++ b/packages/azure_openai/manifest.yml @@ -10,6 +10,8 @@ categories: - azure - cloud - observability + # Added security category as it collects audit logs and content filtering data for AI prompts and responses + - security conditions: kibana: version: "^8.17.1 || ^9.0.0" diff --git a/packages/bbot/manifest.yml b/packages/bbot/manifest.yml index b209c03628e..0937564623b 100644 --- a/packages/bbot/manifest.yml +++ b/packages/bbot/manifest.yml @@ -6,6 +6,8 @@ description: "BBOT is a recursive internet scanner inspired by Spiderfoot, but d type: integration categories: - security + # Added threat_intel category as BBOT is an OSINT tool that provides external intelligence about attack surfaces + - threat_intel conditions: kibana: version: "^8.13.0 || ^9.0.0" diff --git a/packages/beaconing/manifest.yml b/packages/beaconing/manifest.yml index ffaf7fa48e5..d91af88a925 100644 --- a/packages/beaconing/manifest.yml +++ b/packages/beaconing/manifest.yml @@ -9,6 +9,8 @@ type: integration categories: - security - advanced_analytics_ueba + # Added network_security category as this package identifies beaconing activity in network traffic which is critical for detecting C2 communications + - network_security conditions: kibana: version: "^8.10.1 || ^9.0.0" diff --git a/packages/beelzebub/manifest.yml b/packages/beelzebub/manifest.yml index 0161ae5edb5..b499079346b 100644 --- a/packages/beelzebub/manifest.yml +++ b/packages/beelzebub/manifest.yml @@ -7,6 +7,8 @@ type: integration categories: - network - security + # Added threat_intel category as Beelzebub is a honeypot framework that collects intelligence about attack techniques and behaviors + - threat_intel conditions: kibana: version: "^8.17.1 || ^9.0.0" diff --git a/packages/beyondinsight_password_safe/manifest.yml b/packages/beyondinsight_password_safe/manifest.yml index 8aabccaae96..e271bcd3b96 100644 --- a/packages/beyondinsight_password_safe/manifest.yml +++ b/packages/beyondinsight_password_safe/manifest.yml @@ -8,6 +8,10 @@ description: Ingest privileged access management (PAM) data from BeyondTrust's B type: integration categories: - security + # Added credential_management category as Password Safe is a privileged password management solution + - credential_management + # Added iam category as this integration provides user audit data and privileged access management functionality + - iam conditions: kibana: version: "^8.15.3 || ^9.0.0" diff --git a/packages/beyondtrust_pra/manifest.yml b/packages/beyondtrust_pra/manifest.yml index a1879c1fa45..82f22ad1157 100644 --- a/packages/beyondtrust_pra/manifest.yml +++ b/packages/beyondtrust_pra/manifest.yml @@ -6,6 +6,10 @@ type: integration format_version: 3.4.0 categories: - security + # Added iam category as BeyondTrust PRA provides privileged access management functionality + - iam + # Added network_security category as it secures remote access connections to critical systems + - network_security conditions: kibana: version: "^8.18.0 || ^9.0.0" diff --git a/packages/bitdefender/manifest.yml b/packages/bitdefender/manifest.yml index ca6205a8ea4..3dff1be5958 100644 --- a/packages/bitdefender/manifest.yml +++ b/packages/bitdefender/manifest.yml @@ -8,6 +8,8 @@ description: "Ingest BitDefender GravityZone logs and data" type: integration categories: - security + # Added edr_xdr category as BitDefender GravityZone provides endpoint detection and response capabilities + - edr_xdr conditions: kibana: version: "^8.14.3 || ^9.0.0" diff --git a/packages/blacklens/manifest.yml b/packages/blacklens/manifest.yml index 91c32ccb47d..520091c5960 100644 --- a/packages/blacklens/manifest.yml +++ b/packages/blacklens/manifest.yml @@ -8,6 +8,10 @@ description: "Collect logs from blacklens.io with Elastic Agent" type: integration categories: - security + # Added threat_intel category as Blacklens provides Darknet Monitoring and external threat intelligence + - threat_intel + # Added vulnerability_management category as Blacklens offers vulnerability scanning and attack surface management + - vulnerability_management conditions: kibana: version: "^8.15.2 || ^9.0.0" diff --git a/packages/canva/manifest.yml b/packages/canva/manifest.yml index 42e13564e87..d7e2a6cb120 100644 --- a/packages/canva/manifest.yml +++ b/packages/canva/manifest.yml @@ -7,6 +7,8 @@ type: integration categories: - security - productivity + # Added iam category as Canva integration collects audit logs related to user activities, permissions, and access management + - iam conditions: kibana: version: "^8.16.5 || ^9.0.0" diff --git a/packages/cef/manifest.yml b/packages/cef/manifest.yml index 044f1f14eb6..1a526489224 100644 --- a/packages/cef/manifest.yml +++ b/packages/cef/manifest.yml @@ -4,6 +4,10 @@ version: "2.21.1" description: Collect logs from CEF Logs with Elastic Agent. categories: - security + # Added custom category as CEF is a standardized log format that can be used by many different products + - custom + # Added network_security category as CEF is commonly used for network security monitoring and firewall logs + - network_security conditions: kibana: version: "^8.15.1 || ^9.0.0" diff --git a/packages/checkpoint_email/manifest.yml b/packages/checkpoint_email/manifest.yml index 8bed30810bf..a1f468c8535 100644 --- a/packages/checkpoint_email/manifest.yml +++ b/packages/checkpoint_email/manifest.yml @@ -6,6 +6,8 @@ description: Collect logs from Check Point Harmony Email & Collaboration with El type: integration categories: - security + # Added email_security category as Check Point Harmony Email & Collaboration focuses on monitoring and securing email platforms + - email_security conditions: kibana: version: "^8.15.0 || ^9.0.0" diff --git a/packages/checkpoint_harmony_endpoint/manifest.yml b/packages/checkpoint_harmony_endpoint/manifest.yml index 77b8ece1765..3d48267218a 100644 --- a/packages/checkpoint_harmony_endpoint/manifest.yml +++ b/packages/checkpoint_harmony_endpoint/manifest.yml @@ -8,6 +8,8 @@ description: "Collect logs from Check Point Harmony Endpoint" type: integration categories: - security + # Added edr_xdr category as Check Point Harmony Endpoint provides endpoint detection and response capabilities with advanced threat prevention + - edr_xdr conditions: kibana: version: "^8.14.0 || ^9.0.0" diff --git a/packages/cisa_kevs/manifest.yml b/packages/cisa_kevs/manifest.yml index 3bb4c51038b..97bb5792ac4 100644 --- a/packages/cisa_kevs/manifest.yml +++ b/packages/cisa_kevs/manifest.yml @@ -6,6 +6,8 @@ description: "This package allows the ingest of known exploited vulnerabilities type: integration categories: - security + # Added vulnerability_management category as CISA KEVs provides information about known exploited vulnerabilities for vulnerability tracking and management + - vulnerability_management conditions: kibana: version: "^8.13.0 || ^9.0.0" diff --git a/packages/cisco_ise/manifest.yml b/packages/cisco_ise/manifest.yml index 76da68b3c91..82f85ed33ab 100644 --- a/packages/cisco_ise/manifest.yml +++ b/packages/cisco_ise/manifest.yml @@ -7,6 +7,8 @@ type: integration categories: - security - network + # Added iam category as Cisco ISE is an identity services engine that provides identity and access management + - iam conditions: kibana: version: "^8.11.0 || ^9.0.0" diff --git a/packages/cisco_meraki/manifest.yml b/packages/cisco_meraki/manifest.yml index 6d07d747ae2..7c8b97de4fc 100644 --- a/packages/cisco_meraki/manifest.yml +++ b/packages/cisco_meraki/manifest.yml @@ -7,6 +7,8 @@ type: integration categories: - network - security + # Added cloud category as Cisco Meraki is a cloud-managed networking solution + - cloud conditions: kibana: version: "^8.13.0 || ^9.0.0" diff --git a/packages/microsoft_defender_endpoint/manifest.yml b/packages/microsoft_defender_endpoint/manifest.yml index 502fbadec3e..6ff4540a442 100644 --- a/packages/microsoft_defender_endpoint/manifest.yml +++ b/packages/microsoft_defender_endpoint/manifest.yml @@ -4,8 +4,10 @@ title: Microsoft Defender for Endpoint version: "2.42.0" description: Collect logs from Microsoft Defender for Endpoint with Elastic Agent. categories: - - "security" - - "edr_xdr" + - security + - edr_xdr + # Added siem category as Microsoft Defender for Endpoint provides security event data for monitoring and incident response + - siem type: integration conditions: kibana: diff --git a/packages/microsoft_dhcp/manifest.yml b/packages/microsoft_dhcp/manifest.yml index bd801c715ca..cd9758b635a 100644 --- a/packages/microsoft_dhcp/manifest.yml +++ b/packages/microsoft_dhcp/manifest.yml @@ -6,6 +6,8 @@ description: Collect logs from Microsoft DHCP with Elastic Agent. type: integration categories: - security + # Added network category as it collects DHCP server logs that contain network address assignment information + - network conditions: kibana: version: ^8.11.0 || ^9.0.0 diff --git a/packages/microsoft_exchange_server/manifest.yml b/packages/microsoft_exchange_server/manifest.yml index 744825111c0..b32f8a8d568 100644 --- a/packages/microsoft_exchange_server/manifest.yml +++ b/packages/microsoft_exchange_server/manifest.yml @@ -8,6 +8,8 @@ description: Collect logs from Microsoft Exchange Server with Elastic Agent. type: integration categories: - security + # Added email_security category as it collects logs from Exchange Server including HTTP proxy, IMAP/POP3, message tracking, and SMTP logs + - email_security conditions: kibana: version: "^8.11.0 || ^9.0.0" diff --git a/packages/mongodb/manifest.yml b/packages/mongodb/manifest.yml index 8fdb4dc0150..b97c537a2b6 100644 --- a/packages/mongodb/manifest.yml +++ b/packages/mongodb/manifest.yml @@ -6,6 +6,8 @@ type: integration categories: - datastore - observability + # Added database_security category as it collects database logs and metrics including collection statistics, database statistics, and replication status + - database_security icons: - src: /img/logo_mongodb.svg title: logo mongodb diff --git a/packages/mongodb_atlas/manifest.yml b/packages/mongodb_atlas/manifest.yml index 8e1d8b5e41a..d542d70aebe 100644 --- a/packages/mongodb_atlas/manifest.yml +++ b/packages/mongodb_atlas/manifest.yml @@ -10,6 +10,8 @@ categories: - cloud - datastore - observability + # Added database_security category as it collects audit logs, alerts, and security-relevant metrics from MongoDB Atlas + - database_security conditions: kibana: version: "^8.13.0 || ^9.0.0" diff --git a/packages/mysql/manifest.yml b/packages/mysql/manifest.yml index 63c8ca7b416..a06053ad2dc 100644 --- a/packages/mysql/manifest.yml +++ b/packages/mysql/manifest.yml @@ -7,6 +7,8 @@ type: integration categories: - datastore - observability + # Added database_security category as it collects error logs, slow query logs, and replication status metrics that are relevant for database security monitoring + - database_security conditions: kibana: version: "^8.15.0 || ^9.0.0" diff --git a/packages/mysql_enterprise/manifest.yml b/packages/mysql_enterprise/manifest.yml index 3804d2cbe32..e553c4b0a9e 100644 --- a/packages/mysql_enterprise/manifest.yml +++ b/packages/mysql_enterprise/manifest.yml @@ -7,6 +7,8 @@ type: integration categories: - security - datastore + # Added database_security category as it specifically collects MySQL Enterprise Audit logs which are critical for database security monitoring + - database_security conditions: kibana: version: "^7.17.0 || ^8.0.0 || ^9.0.0" diff --git a/packages/nats/manifest.yml b/packages/nats/manifest.yml index eda85779d32..c7be49c1aba 100644 --- a/packages/nats/manifest.yml +++ b/packages/nats/manifest.yml @@ -12,6 +12,8 @@ format_version: 3.0.4 categories: - observability - message_queue + # Added stream_processing category as NATS is commonly used for real-time data streaming and event processing + - stream_processing conditions: kibana: version: "^8.13.0 || ^9.0.0" diff --git a/packages/netscout/manifest.yml b/packages/netscout/manifest.yml index 1b3bfe00231..40f0a3739f7 100644 --- a/packages/netscout/manifest.yml +++ b/packages/netscout/manifest.yml @@ -3,7 +3,9 @@ name: netscout title: Arbor Peakflow SP Logs (Deprecated) version: "0.22.0" description: Deprecated. Netscout Arbor Peakflow SP is no longer supported. -categories: ["security", "network"] +categories: + - security + - network type: integration conditions: kibana.version: "^8.11.0" diff --git a/packages/o365/manifest.yml b/packages/o365/manifest.yml index cad37c9bb09..9280ebd6c99 100644 --- a/packages/o365/manifest.yml +++ b/packages/o365/manifest.yml @@ -4,7 +4,11 @@ version: "2.18.5" description: Collect logs from Microsoft Office 365 with Elastic Agent. type: integration format_version: "3.2.3" -categories: [security, productivity_security] +categories: + - security + - productivity_security + # Added cloud_security category as it monitors cloud-based Office 365 services, and iam category as it collects Azure AD activity logs related to identity and access management + - iam conditions: kibana: version: "^8.18.0 || ^9.0.0" diff --git a/packages/o365_metrics/manifest.yml b/packages/o365_metrics/manifest.yml index 40507077bf3..171fd5b0a00 100644 --- a/packages/o365_metrics/manifest.yml +++ b/packages/o365_metrics/manifest.yml @@ -4,7 +4,9 @@ version: "0.21.0" description: Collect metrics from Microsoft Office 365 with Elastic Agent. type: integration format_version: "3.0.2" -categories: [observability, security] +categories: + - observability + - security conditions: kibana: version: "^8.16.0 || ^9.0.0" diff --git a/packages/oracle/manifest.yml b/packages/oracle/manifest.yml index 911e61614a0..3ea0dcb3d4b 100644 --- a/packages/oracle/manifest.yml +++ b/packages/oracle/manifest.yml @@ -7,6 +7,8 @@ type: integration categories: - observability - datastore + # Added database_security category as it collects database audit logs which are critical for monitoring database security events + - database_security conditions: kibana: version: "^8.13.0 || ^9.0.0" diff --git a/packages/panw/manifest.yml b/packages/panw/manifest.yml index 2d3d8fbf315..a5fea7d04aa 100644 --- a/packages/panw/manifest.yml +++ b/packages/panw/manifest.yml @@ -4,7 +4,9 @@ version: "5.3.1" description: Collect logs from Palo Alto next-gen firewalls with Elastic Agent. type: integration format_version: "3.0.3" -categories: [security, network] +categories: + - security + - network conditions: kibana: version: ^8.11.0 || ^9.0.0 diff --git a/packages/panw_metrics/manifest.yml b/packages/panw_metrics/manifest.yml index 445c0b7fd8d..584ccb27281 100644 --- a/packages/panw_metrics/manifest.yml +++ b/packages/panw_metrics/manifest.yml @@ -8,6 +8,8 @@ categories: - network - security - observability + # Added network_security category as it collects metrics from Palo Alto Networks firewalls for monitoring network security + - network_security conditions: kibana: version: "^8.15.2 || ^9.0.0" diff --git a/packages/pfsense/manifest.yml b/packages/pfsense/manifest.yml index ff6e26c33c9..b8291e85ca9 100644 --- a/packages/pfsense/manifest.yml +++ b/packages/pfsense/manifest.yml @@ -13,6 +13,8 @@ categories: - network - security - firewall_security + # Added network_security category as it collects logs from pfSense and OPNsense firewalls for monitoring network traffic and security events + - network_security conditions: kibana: version: "^8.11.0 || ^9.0.0" diff --git a/packages/ping_federate/manifest.yml b/packages/ping_federate/manifest.yml index e6e1f4e7cb1..26e1655bf1b 100644 --- a/packages/ping_federate/manifest.yml +++ b/packages/ping_federate/manifest.yml @@ -7,6 +7,8 @@ type: integration categories: - security - authentication + # Added iam category as PingFederate is an identity and access management solution + - iam conditions: kibana: version: "^8.16.0 || ^9.0.0" diff --git a/packages/sailpoint_identity_sc/manifest.yml b/packages/sailpoint_identity_sc/manifest.yml index 61c2266a802..860bc59e0c8 100644 --- a/packages/sailpoint_identity_sc/manifest.yml +++ b/packages/sailpoint_identity_sc/manifest.yml @@ -8,6 +8,8 @@ description: "Sailpoint identity security cloud provides enterprise identity gov type: integration categories: - security + # Added iam category as SailPoint provides identity and access management capabilities + - iam conditions: kibana: version: "^8.16.1 || ^9.0.0" diff --git a/packages/salesforce/manifest.yml b/packages/salesforce/manifest.yml index ae41375590a..b62a0ac39b6 100644 --- a/packages/salesforce/manifest.yml +++ b/packages/salesforce/manifest.yml @@ -7,6 +7,8 @@ description: | type: integration categories: - observability + # Added crm category as Salesforce is a customer relationship management platform + - crm conditions: elastic: subscription: basic diff --git a/packages/security_detection_engine/manifest.yml b/packages/security_detection_engine/manifest.yml index 9d9410829a7..b1385e5a2e3 100644 --- a/packages/security_detection_engine/manifest.yml +++ b/packages/security_detection_engine/manifest.yml @@ -1,5 +1,7 @@ categories: - security + # Added siem category as these rules are used by the Elastic Security detection engine for security monitoring + - siem conditions: elastic: capabilities: diff --git a/packages/sentinel_one_cloud_funnel/manifest.yml b/packages/sentinel_one_cloud_funnel/manifest.yml index 733c80b58b2..389daa797ae 100644 --- a/packages/sentinel_one_cloud_funnel/manifest.yml +++ b/packages/sentinel_one_cloud_funnel/manifest.yml @@ -4,7 +4,9 @@ title: SentinelOne Cloud Funnel version: "1.13.1" description: Collect logs from SentinelOne Cloud Funnel with Elastic Agent. type: integration -categories: ["security", "edr_xdr"] +categories: + - security + - edr_xdr conditions: kibana: version: "^8.16.5 || ^9.0.0" diff --git a/packages/snort/manifest.yml b/packages/snort/manifest.yml index c44a9f7b787..e90158d2c95 100644 --- a/packages/snort/manifest.yml +++ b/packages/snort/manifest.yml @@ -9,7 +9,11 @@ icons: size: 120x60 type: image/svg+xml format_version: "3.0.3" -categories: [ids_ips, security] +categories: + - ids_ips + - security + # Added network_security category as Snort monitors network traffic for security threats + - network_security conditions: kibana: version: "^8.11.0 || ^9.0.0" diff --git a/packages/snyk/manifest.yml b/packages/snyk/manifest.yml index a388da991d2..f662265e4d0 100644 --- a/packages/snyk/manifest.yml +++ b/packages/snyk/manifest.yml @@ -7,6 +7,8 @@ type: integration categories: - security - cloudsecurity_cdr + # Added vulnerability_management category as Snyk identifies and tracks vulnerabilities in code and dependencies + - vulnerability_management conditions: kibana: version: "^8.13.0 || ^9.0.0" diff --git a/packages/sonicwall_firewall/manifest.yml b/packages/sonicwall_firewall/manifest.yml index ebcc4471ed0..f0611bc718b 100644 --- a/packages/sonicwall_firewall/manifest.yml +++ b/packages/sonicwall_firewall/manifest.yml @@ -8,6 +8,8 @@ categories: - network - security - firewall_security + # Added network_security category as SonicWall provides network security and traffic monitoring capabilities + - network_security conditions: kibana: version: "^8.11.0 || ^9.0.0" diff --git a/packages/sophos/manifest.yml b/packages/sophos/manifest.yml index 7d7180018d7..d0e63b107ff 100644 --- a/packages/sophos/manifest.yml +++ b/packages/sophos/manifest.yml @@ -4,9 +4,9 @@ title: Sophos version: "3.15.0" description: Collect logs from Sophos with Elastic Agent. categories: - - "security" - - "network" - - "firewall_security" + - security + - network + - firewall_security type: integration conditions: kibana: diff --git a/packages/stan/manifest.yml b/packages/stan/manifest.yml index 83b4dd9c61c..1dc9f073549 100644 --- a/packages/stan/manifest.yml +++ b/packages/stan/manifest.yml @@ -11,6 +11,8 @@ icons: format_version: 3.0.4 categories: - observability + # Added stream_processing category as STAN provides streaming data processing capabilities + - stream_processing conditions: kibana: version: "^8.13.0 || ^9.0.0" diff --git a/packages/stormshield/manifest.yml b/packages/stormshield/manifest.yml index fd7d6114cb9..b1f9d4aa5ac 100644 --- a/packages/stormshield/manifest.yml +++ b/packages/stormshield/manifest.yml @@ -10,6 +10,8 @@ categories: - network - security - firewall_security + # Added network_security category as Stormshield provides network security protection + - network_security conditions: kibana: version: "^8.11.4 || ^9.0.0" diff --git a/packages/suricata/manifest.yml b/packages/suricata/manifest.yml index bb550fc63e6..ed6db2961c7 100644 --- a/packages/suricata/manifest.yml +++ b/packages/suricata/manifest.yml @@ -9,7 +9,12 @@ icons: size: 309x309 type: image/svg+xml format_version: "3.0.3" -categories: [network, security, ids_ips] +categories: + - network + - security + - ids_ips + # Added network_security category as Suricata monitors network traffic for security threats + - network_security conditions: kibana: version: "^8.11.0 || ^9.0.0" diff --git a/packages/symantec_endpoint/manifest.yml b/packages/symantec_endpoint/manifest.yml index 4fcab7f049b..41ee01f59ee 100644 --- a/packages/symantec_endpoint/manifest.yml +++ b/packages/symantec_endpoint/manifest.yml @@ -4,7 +4,9 @@ version: "2.19.0" description: Collect logs from Symantec Endpoint Protection with Elastic Agent. type: integration format_version: "3.0.3" -categories: ["security", "edr_xdr"] +categories: + - security + - edr_xdr conditions: kibana: version: "^8.13.0 || ^9.0.0" diff --git a/packages/synthetics/manifest.yml b/packages/synthetics/manifest.yml index 159b5e5b533..435742f3f13 100644 --- a/packages/synthetics/manifest.yml +++ b/packages/synthetics/manifest.yml @@ -3,7 +3,10 @@ name: synthetics title: Elastic Synthetics description: Internal Elastic integration for providing access to private locations. version: 1.4.2 -categories: ["observability"] +categories: + - observability + # Added monitoring category as Synthetics provides synthetic monitoring capabilities + - monitoring type: integration source: license: Elastic-2.0 diff --git a/packages/system/manifest.yml b/packages/system/manifest.yml index 88cff10333f..d097ae96633 100644 --- a/packages/system/manifest.yml +++ b/packages/system/manifest.yml @@ -6,6 +6,8 @@ description: Collect system logs and metrics from your servers with Elastic Agen type: integration categories: - os_system + # Added monitoring category as System integration collects metrics for monitoring server health + - monitoring conditions: kibana: version: "^8.17.0 || ^9.0.0" diff --git a/packages/system_otel/manifest.yml b/packages/system_otel/manifest.yml index 049ac66f3e3..77f3525063a 100644 --- a/packages/system_otel/manifest.yml +++ b/packages/system_otel/manifest.yml @@ -6,6 +6,10 @@ description: "Dashboards for the OpenTelemetry data collected with the `hostmetr type: content categories: - os_system + # Added monitoring category as System OTEL provides dashboards for monitoring system metrics + - monitoring + # Added observability category as System OTEL uses OpenTelemetry for system observability + - observability conditions: kibana: version: "^8.18.0 || ^9.0.0" diff --git a/packages/threat_map/manifest.yml b/packages/threat_map/manifest.yml index 6d5458b1584..b3b1ffcf84c 100644 --- a/packages/threat_map/manifest.yml +++ b/packages/threat_map/manifest.yml @@ -7,6 +7,8 @@ type: integration categories: - custom - security + # Added network_security category as Threat Map visualizes network traffic for security analysis + - network_security conditions: kibana: version: "^8.14.0 || ^9.0.0" diff --git a/packages/thycotic_ss/manifest.yml b/packages/thycotic_ss/manifest.yml index 7bd31165739..f330d4069da 100644 --- a/packages/thycotic_ss/manifest.yml +++ b/packages/thycotic_ss/manifest.yml @@ -8,6 +8,8 @@ description: "Thycotic Secret Server logs" type: integration categories: - security + # Added credential_management category as Thycotic Secret Server provides secure storage and management of credentials + - credential_management conditions: kibana: version: "^8.13.0 || ^9.0.0" diff --git a/packages/ti_abusech/manifest.yml b/packages/ti_abusech/manifest.yml index 45c9f5d8998..6422cc1a034 100644 --- a/packages/ti_abusech/manifest.yml +++ b/packages/ti_abusech/manifest.yml @@ -4,7 +4,9 @@ version: "3.0.0" description: Ingest threat intelligence indicators from URL Haus, Malware Bazaar, and Threat Fox feeds with Elastic Agent. type: integration format_version: "3.3.2" -categories: ["security", "threat_intel"] +categories: + - security + - threat_intel conditions: kibana: version: "^8.18.0 || ^9.0.0" diff --git a/packages/ti_anomali/manifest.yml b/packages/ti_anomali/manifest.yml index 2fc18d10570..13add15d9ba 100644 --- a/packages/ti_anomali/manifest.yml +++ b/packages/ti_anomali/manifest.yml @@ -4,7 +4,9 @@ version: "2.0.0" description: Ingest threat intelligence indicators from Anomali with Elastic Agent. type: integration format_version: 3.0.2 -categories: ["security", "threat_intel"] +categories: + - security + - threat_intel conditions: kibana: version: "^8.13.0 || ^9.0.0" diff --git a/packages/ti_cybersixgill/manifest.yml b/packages/ti_cybersixgill/manifest.yml index 7c049c88c6b..0ffdd182e68 100644 --- a/packages/ti_cybersixgill/manifest.yml +++ b/packages/ti_cybersixgill/manifest.yml @@ -4,7 +4,9 @@ version: "1.33.0" description: Ingest threat intelligence indicators from Cybersixgill with Elastic Agent. type: integration format_version: "3.0.2" -categories: ["security", "threat_intel"] +categories: + - security + - threat_intel conditions: kibana: version: "^8.13.0 || ^9.0.0" diff --git a/packages/ti_eset/manifest.yml b/packages/ti_eset/manifest.yml index 96347898493..3d41d089a09 100644 --- a/packages/ti_eset/manifest.yml +++ b/packages/ti_eset/manifest.yml @@ -7,6 +7,10 @@ type: integration categories: - security - threat_intel + # Added siem category as ESET Threat Intelligence provides data that can be used for security monitoring and incident response + - siem + # Added network_security category as ESET Threat Intelligence includes IP and domain indicators for network protection + - network_security conditions: kibana: version: "^8.13.0 || ^9.0.0" diff --git a/packages/ti_google_threat_intelligence/manifest.yml b/packages/ti_google_threat_intelligence/manifest.yml index cecf6f0723d..376a1de1089 100644 --- a/packages/ti_google_threat_intelligence/manifest.yml +++ b/packages/ti_google_threat_intelligence/manifest.yml @@ -9,6 +9,10 @@ type: integration categories: - security - threat_intel + # Added siem category as Google Threat Intelligence provides data that can be used for security monitoring and incident response + - siem + # Added network_security category as Google Threat Intelligence includes malicious network infrastructure indicators + - network_security conditions: kibana: version: "^8.16.0" diff --git a/packages/ti_greynoise/manifest.yml b/packages/ti_greynoise/manifest.yml index 3bd22426733..bc91523f0a6 100644 --- a/packages/ti_greynoise/manifest.yml +++ b/packages/ti_greynoise/manifest.yml @@ -7,6 +7,10 @@ type: integration categories: - threat_intel - security + # Added network_security category as GreyNoise provides IP-based threat intelligence for network traffic analysis + - network_security + # Added siem category as GreyNoise data can be used for security monitoring and alert triage + - siem conditions: kibana: version: "^8.17.0" diff --git a/packages/ti_maltiverse/manifest.yml b/packages/ti_maltiverse/manifest.yml index b57a1b71bdf..ddeff32615f 100644 --- a/packages/ti_maltiverse/manifest.yml +++ b/packages/ti_maltiverse/manifest.yml @@ -4,7 +4,13 @@ version: "1.5.0" description: Ingest threat intelligence indicators from Maltiverse feeds with Elastic Agent type: integration format_version: 3.0.2 -categories: ["security", "threat_intel"] +categories: + - security + - threat_intel + # Added siem category as Maltiverse provides threat intelligence data that can be used for security monitoring and incident response + - siem + # Added network_security category as Maltiverse includes IP and domain indicators for network protection + - network_security conditions: kibana: version: "^8.13.0 || ^9.0.0" diff --git a/packages/ti_misp/manifest.yml b/packages/ti_misp/manifest.yml index fd9f61da980..8e026592154 100644 --- a/packages/ti_misp/manifest.yml +++ b/packages/ti_misp/manifest.yml @@ -4,7 +4,9 @@ version: "1.38.0" description: Ingest threat intelligence indicators from MISP platform with Elastic Agent. type: integration format_version: "3.0.2" -categories: ["security", "threat_intel"] +categories: + - security + - threat_intel conditions: kibana: version: "^8.13.0 || ^9.0.0" diff --git a/packages/ti_otx/manifest.yml b/packages/ti_otx/manifest.yml index 70c942d66c4..0abebf63537 100644 --- a/packages/ti_otx/manifest.yml +++ b/packages/ti_otx/manifest.yml @@ -4,7 +4,9 @@ version: "1.28.0" description: Ingest threat intelligence indicators from AlienVault Open Threat Exchange (OTX) with Elastic Agent. type: integration format_version: "3.0.2" -categories: ["security", "threat_intel"] +categories: + - security + - threat_intel conditions: kibana: version: "^8.13.0 || ^9.0.0" diff --git a/packages/ti_rapid7_threat_command/manifest.yml b/packages/ti_rapid7_threat_command/manifest.yml index 89f5b263e9c..07d4fb95537 100644 --- a/packages/ti_rapid7_threat_command/manifest.yml +++ b/packages/ti_rapid7_threat_command/manifest.yml @@ -4,7 +4,13 @@ title: Rapid7 Threat Command version: "2.5.0" description: Collect threat intelligence from Threat Command API with Elastic Agent. type: integration -categories: ["security", "threat_intel"] +categories: + - security + - threat_intel + # Added siem category as Rapid7 Threat Command provides threat intelligence data that can be used for security monitoring and incident response + - siem + # Added vulnerability_management category as Rapid7 Threat Command includes CVE data for vulnerability management + - vulnerability_management conditions: kibana: version: "^8.13.0 || ^9.0.0" diff --git a/packages/ti_recordedfuture/manifest.yml b/packages/ti_recordedfuture/manifest.yml index 4155f00db1a..082f506dfc2 100644 --- a/packages/ti_recordedfuture/manifest.yml +++ b/packages/ti_recordedfuture/manifest.yml @@ -4,7 +4,9 @@ version: "2.3.0" description: Ingest threat intelligence and alert data from Recorded Future with Elastic Agent. type: integration format_version: 3.4.0 -categories: ["security", "threat_intel"] +categories: + - security + - threat_intel conditions: kibana: version: "^8.18.0 || ^9.0.0" diff --git a/packages/ti_threatconnect/manifest.yml b/packages/ti_threatconnect/manifest.yml index 2cc14ece928..0e7a0860346 100644 --- a/packages/ti_threatconnect/manifest.yml +++ b/packages/ti_threatconnect/manifest.yml @@ -8,6 +8,10 @@ type: integration categories: - security - threat_intel + # Added siem category as ThreatConnect provides threat intelligence data that can be used for security monitoring and incident response + - siem + # Added network_security category as ThreatConnect includes IP and domain indicators for network protection + - network_security conditions: kibana: version: "^8.13.0 || ^9.0.0" diff --git a/packages/ti_threatq/manifest.yml b/packages/ti_threatq/manifest.yml index ae7196fb296..4a07a5784b5 100644 --- a/packages/ti_threatq/manifest.yml +++ b/packages/ti_threatq/manifest.yml @@ -4,7 +4,9 @@ version: "1.35.0" description: Ingest threat intelligence indicators from ThreatQuotient with Elastic Agent. type: integration format_version: "3.3.1" -categories: ["security", "threat_intel"] +categories: + - security + - threat_intel conditions: kibana: version: "^8.18.0 || ^9.0.0" diff --git a/packages/ti_util/manifest.yml b/packages/ti_util/manifest.yml index 7bac89b993e..1bde453646e 100644 --- a/packages/ti_util/manifest.yml +++ b/packages/ti_util/manifest.yml @@ -5,6 +5,8 @@ description: Prebuilt Threat Intelligence dashboard for Elastic Security categories: - security - threat_intel + # Added siem category as TI Util provides dashboards for security monitoring and threat intelligence visualization + - siem conditions: kibana: version: "^8.13.0 || ^9.0.0" diff --git a/packages/tomcat/manifest.yml b/packages/tomcat/manifest.yml index ce28cd42f30..f4df1ab3410 100644 --- a/packages/tomcat/manifest.yml +++ b/packages/tomcat/manifest.yml @@ -3,7 +3,13 @@ name: tomcat title: Tomcat NetWitness Logs (Deprecated) version: "1.14.0" description: Collect and parse logs from Apache Tomcat servers with Elastic Agent. -categories: ["web", "observability"] +categories: + - web + - observability + # Added application_observability category as Tomcat is a web application server that provides observability data + - application_observability + # Added websphere category as Tomcat is a web application server similar to WebSphere + - websphere type: integration conditions: kibana: diff --git a/packages/traefik/manifest.yml b/packages/traefik/manifest.yml index 3911d2d1787..993aa0e4b1c 100644 --- a/packages/traefik/manifest.yml +++ b/packages/traefik/manifest.yml @@ -11,6 +11,12 @@ icons: format_version: "3.0.0" categories: - observability + # Added web category as Traefik is a modern reverse proxy for web traffic + - web + # Added load_balancer category as Traefik functions as a load balancer for web applications + - load_balancer + # Added network category as Traefik manages network traffic routing + - network conditions: kibana: version: "^8.13.0 || ^9.0.0" diff --git a/packages/trellix_edr_cloud/manifest.yml b/packages/trellix_edr_cloud/manifest.yml index 3f48d0a9363..eaf8445aebb 100644 --- a/packages/trellix_edr_cloud/manifest.yml +++ b/packages/trellix_edr_cloud/manifest.yml @@ -7,6 +7,10 @@ type: integration categories: - cloud - security + # Added edr_xdr category as Trellix EDR Cloud is an Endpoint Detection and Response solution + - edr_xdr + # Added siem category as Trellix EDR Cloud provides security event data for monitoring and incident response + - siem conditions: kibana: version: "^8.16.5 || ^9.0.0" diff --git a/packages/trellix_epo_cloud/manifest.yml b/packages/trellix_epo_cloud/manifest.yml index 78b3c8ce10c..c3554b7c9ec 100644 --- a/packages/trellix_epo_cloud/manifest.yml +++ b/packages/trellix_epo_cloud/manifest.yml @@ -8,6 +8,10 @@ description: Collect logs from Trellix ePO Cloud with Elastic Agent. type: integration categories: - security + # Added edr_xdr category as Trellix ePO Cloud is a centralized security management platform for endpoints + - edr_xdr + # Added siem category as Trellix ePO Cloud provides security event data for monitoring and incident response + - siem conditions: kibana: version: "^8.13.0 || ^9.0.0" diff --git a/packages/trend_micro_vision_one/manifest.yml b/packages/trend_micro_vision_one/manifest.yml index ba35815d5ba..6369ee5c3ac 100644 --- a/packages/trend_micro_vision_one/manifest.yml +++ b/packages/trend_micro_vision_one/manifest.yml @@ -7,6 +7,8 @@ type: integration categories: - security - edr_xdr + # Added siem category as Trend Micro Vision One provides security event data for monitoring and incident response + - siem conditions: kibana: version: "^8.15.0 || ^9.0.0" diff --git a/packages/trendmicro/manifest.yml b/packages/trendmicro/manifest.yml index a4cf7aa554e..47e1d5d48b2 100644 --- a/packages/trendmicro/manifest.yml +++ b/packages/trendmicro/manifest.yml @@ -8,6 +8,8 @@ categories: - network - edr_xdr - security + # Added siem category as Trend Micro Deep Security provides security event data for monitoring and incident response + - siem conditions: kibana: version: "^8.13.0 || ^9.0.0" diff --git a/packages/tychon/manifest.yml b/packages/tychon/manifest.yml index d20195f7768..337d457f0a0 100644 --- a/packages/tychon/manifest.yml +++ b/packages/tychon/manifest.yml @@ -10,6 +10,10 @@ categories: - security - config_management - vulnerability_management + # Added siem category as TYCHON provides comprehensive endpoint data for security monitoring and incident response + - siem + # Added edr_xdr category as TYCHON provides endpoint detection and response capabilities + - edr_xdr conditions: kibana: version: "^8.14.0 || ^9.0.0" diff --git a/packages/udp/manifest.yml b/packages/udp/manifest.yml index 20905850142..4a594a63b58 100644 --- a/packages/udp/manifest.yml +++ b/packages/udp/manifest.yml @@ -10,6 +10,8 @@ conditions: categories: - custom - custom_logs + # Added network category as UDP is a network protocol and this integration collects network traffic data + - network policy_templates: - name: udp type: logs diff --git a/packages/unifiedlogs/manifest.yml b/packages/unifiedlogs/manifest.yml index 3d1b8f48189..4e813adb933 100644 --- a/packages/unifiedlogs/manifest.yml +++ b/packages/unifiedlogs/manifest.yml @@ -12,6 +12,8 @@ conditions: categories: - custom - os_system + # Added observability category as macOS Unified Logs provide comprehensive system telemetry for observability purposes + - observability policy_templates: - name: unifiedlogs type: logs diff --git a/packages/universal_profiling_agent/manifest.yml b/packages/universal_profiling_agent/manifest.yml index 18b17832e08..0b2132f4a52 100644 --- a/packages/universal_profiling_agent/manifest.yml +++ b/packages/universal_profiling_agent/manifest.yml @@ -1,7 +1,11 @@ name: profiler_agent title: Universal Profiling Agent version: 8.17.3 -categories: ["elastic_stack", "monitoring"] +categories: + - elastic_stack + - monitoring + # Added observability category as Universal Profiling provides comprehensive system and application performance data + - observability description: Fleet-wide, whole-system, continuous profiling with zero instrumentation. conditions: kibana: diff --git a/packages/varonis/manifest.yml b/packages/varonis/manifest.yml index 9adeb4c1034..21ae9971536 100644 --- a/packages/varonis/manifest.yml +++ b/packages/varonis/manifest.yml @@ -8,6 +8,8 @@ description: Collect Varonis syslog alerts using TCP/UDP input. type: integration categories: - security + # Added siem category as Varonis provides security alerts for monitoring and incident response + - siem conditions: kibana: version: "^8.15.3 || ^9.0.0" diff --git a/packages/vectra_detect/manifest.yml b/packages/vectra_detect/manifest.yml index 025f768529b..1da8866553c 100644 --- a/packages/vectra_detect/manifest.yml +++ b/packages/vectra_detect/manifest.yml @@ -6,7 +6,11 @@ source: license: Elastic-2.0 description: Collect logs from Vectra Detect with Elastic Agent. type: integration -categories: ["security", "network_security"] +categories: + - security + - network_security + # Added siem category as Vectra Detect provides security event data for monitoring and incident response + - siem conditions: kibana: version: "^8.13.0 || ^9.0.0" diff --git a/packages/vectra_rux/manifest.yml b/packages/vectra_rux/manifest.yml index 7dd2e0afa92..720cbcbc935 100644 --- a/packages/vectra_rux/manifest.yml +++ b/packages/vectra_rux/manifest.yml @@ -7,6 +7,8 @@ type: integration categories: - security - edr_xdr + # Added siem category as Vectra RUX provides security event data for monitoring and incident response + - siem conditions: kibana: version: "^8.18.0 || ^9.0.0" diff --git a/packages/vsphere/manifest.yml b/packages/vsphere/manifest.yml index 6b91b76dc96..c2dc6591340 100644 --- a/packages/vsphere/manifest.yml +++ b/packages/vsphere/manifest.yml @@ -7,6 +7,8 @@ type: integration categories: - observability - virtualization + # Added cloud category as VMware vSphere is a cloud computing virtualization platform + - cloud conditions: kibana: version: "^8.19.0 || ^9.1.0" diff --git a/packages/watchguard_firebox/manifest.yml b/packages/watchguard_firebox/manifest.yml index c1527f1e637..79c057f7bff 100644 --- a/packages/watchguard_firebox/manifest.yml +++ b/packages/watchguard_firebox/manifest.yml @@ -8,6 +8,8 @@ categories: - security - network - firewall_security + # Added siem category as Watchguard Firebox provides security event data for monitoring and incident response + - siem conditions: kibana: version: "^8.13.0 || ^9.0.0" diff --git a/packages/websocket/manifest.yml b/packages/websocket/manifest.yml index cf75a1afefa..e13aab5a939 100644 --- a/packages/websocket/manifest.yml +++ b/packages/websocket/manifest.yml @@ -6,6 +6,8 @@ description: Collect custom events from a socket server with Elastic agent. type: input categories: - custom + # Added network category as WebSocket is a network protocol for real-time communication + - network conditions: kibana: version: "^8.16.3 || ^8.17.1 || ^9.0.0" diff --git a/packages/websphere_application_server/manifest.yml b/packages/websphere_application_server/manifest.yml index 296d3afb145..8ef5dd58f29 100644 --- a/packages/websphere_application_server/manifest.yml +++ b/packages/websphere_application_server/manifest.yml @@ -7,6 +7,8 @@ type: integration categories: - websphere - observability + # Added application_observability category as WebSphere Application Server provides metrics for monitoring application performance + - application_observability conditions: kibana: version: "^8.13.0 || ^9.0.0" diff --git a/packages/windows/manifest.yml b/packages/windows/manifest.yml index c4235d7c528..42d8c5e33d5 100644 --- a/packages/windows/manifest.yml +++ b/packages/windows/manifest.yml @@ -6,6 +6,10 @@ type: integration categories: - os_system - security + # Added observability category as Windows integration provides comprehensive system metrics and logs for monitoring + - observability + # Added siem category as Windows integration provides security event data for monitoring and incident response + - siem icons: - src: /img/logo_windows.svg title: logo windows diff --git a/packages/windows_etw/manifest.yml b/packages/windows_etw/manifest.yml index 73bf121ae17..1522cda9a1f 100644 --- a/packages/windows_etw/manifest.yml +++ b/packages/windows_etw/manifest.yml @@ -10,6 +10,10 @@ conditions: categories: - custom - os_system + # Added security category as Windows ETW provides critical security event data + - security + # Added observability category as Windows ETW provides system telemetry for monitoring + - observability policy_templates: - name: etw type: logs diff --git a/packages/winlog/manifest.yml b/packages/winlog/manifest.yml index a732af4c14b..aba2de45d94 100644 --- a/packages/winlog/manifest.yml +++ b/packages/winlog/manifest.yml @@ -10,6 +10,10 @@ conditions: categories: - custom - os_system + # Added security category as Windows event logs contain critical security information + - security + # Added observability category as Windows event logs provide system telemetry for monitoring + - observability policy_templates: - name: winlogs type: logs diff --git a/packages/wiz/manifest.yml b/packages/wiz/manifest.yml index 0ab7e8a6b31..4e550eca78e 100644 --- a/packages/wiz/manifest.yml +++ b/packages/wiz/manifest.yml @@ -7,6 +7,10 @@ type: integration categories: - security - cloudsecurity_cdr + # Added cloud category as Wiz provides cloud security analysis and monitoring + - cloud + # Added siem category as Wiz provides security event data for monitoring and incident response + - siem conditions: kibana: version: "~8.16.6 || ~8.17.4 || ^8.18.0 || ^9.0.0" diff --git a/packages/zeek/manifest.yml b/packages/zeek/manifest.yml index dcb6f23cb75..80bf07798cf 100644 --- a/packages/zeek/manifest.yml +++ b/packages/zeek/manifest.yml @@ -9,7 +9,11 @@ icons: size: 214x203 type: image/svg+xml format_version: "3.0.3" -categories: [network, security] +categories: + - network + - security + # Added siem category as Zeek provides security event data for monitoring and incident response + - siem conditions: kibana: version: "^8.12.0 || ^9.0.0" diff --git a/packages/zerofox/manifest.yml b/packages/zerofox/manifest.yml index 13b959b6aff..9ba9b8c6ca2 100644 --- a/packages/zerofox/manifest.yml +++ b/packages/zerofox/manifest.yml @@ -11,6 +11,10 @@ icons: type: image/svg+xml categories: - security + # Added siem category as ZeroFox provides security alert data for monitoring and incident response + - siem + # Added threat_intel category as ZeroFox provides threat intelligence about external threats + - threat_intel conditions: kibana: version: "^8.13.0 || ^9.0.0" diff --git a/packages/zeronetworks/manifest.yml b/packages/zeronetworks/manifest.yml index f8fa57d5001..6ad74adde15 100644 --- a/packages/zeronetworks/manifest.yml +++ b/packages/zeronetworks/manifest.yml @@ -8,6 +8,10 @@ description: "Zero Networks Logs integration" type: integration categories: - security + # Added siem category as Zero Networks provides security audit events for monitoring and incident response + - siem + # Added network_security category as Zero Networks is used to microsegment networks and secure network access + - network_security conditions: kibana: version: "^8.13.0 || ^9.0.0" diff --git a/packages/zookeeper/manifest.yml b/packages/zookeeper/manifest.yml index adf1a133744..b6a204786d9 100644 --- a/packages/zookeeper/manifest.yml +++ b/packages/zookeeper/manifest.yml @@ -11,6 +11,8 @@ icons: format_version: "3.0.0" categories: - observability + # Added message_queue category as ZooKeeper is often used as a coordination service for distributed messaging systems + - message_queue conditions: kibana: version: "^8.13.0 || ^9.0.0" diff --git a/packages/zoom/manifest.yml b/packages/zoom/manifest.yml index b7ab07bb317..a4bf84fdd04 100644 --- a/packages/zoom/manifest.yml +++ b/packages/zoom/manifest.yml @@ -4,7 +4,11 @@ version: "1.22.0" description: Collect logs from Zoom with Elastic Agent. type: integration format_version: "3.0.2" -categories: ["security", "productivity_security"] +categories: + - security + - productivity_security + # Added observability category as Zoom provides meeting and user activity data for monitoring + - observability conditions: kibana: version: "^8.13.0 || ^9.0.0" diff --git a/packages/zscaler_zia/manifest.yml b/packages/zscaler_zia/manifest.yml index 4ff2eed0d08..f9091376eb7 100644 --- a/packages/zscaler_zia/manifest.yml +++ b/packages/zscaler_zia/manifest.yml @@ -10,6 +10,8 @@ type: integration categories: - security - network + # Added siem category as Zscaler ZIA provides security event data for monitoring and incident response + - siem source: license: "Elastic-2.0" conditions: diff --git a/packages/zscaler_zpa/manifest.yml b/packages/zscaler_zpa/manifest.yml index e716ee1a0b7..7daf8a2a33b 100644 --- a/packages/zscaler_zpa/manifest.yml +++ b/packages/zscaler_zpa/manifest.yml @@ -10,6 +10,8 @@ categories: - security - network - vpn_security + # Added siem category as Zscaler ZPA provides security event data for monitoring and incident response + - siem conditions: kibana: version: "^8.13.0 || ^9.0.0" From 39f6038843088e52899e7369c409c784fbafad36 Mon Sep 17 00:00:00 2001 From: Alexandra Konrad Date: Thu, 17 Jul 2025 12:23:36 +0200 Subject: [PATCH 2/7] update according to the comments --- packages/bbot/manifest.yml | 2 -- packages/blacklens/manifest.yml | 2 -- packages/ti_eset/manifest.yml | 4 ---- packages/ti_google_threat_intelligence/manifest.yml | 4 ---- packages/ti_greynoise/manifest.yml | 4 ---- packages/ti_maltiverse/manifest.yml | 4 ---- packages/ti_rapid7_threat_command/manifest.yml | 2 -- packages/ti_threatconnect/manifest.yml | 4 ---- packages/ti_util/manifest.yml | 2 -- packages/tomcat/manifest.yml | 2 -- packages/unifiedlogs/manifest.yml | 2 ++ packages/universal_profiling_collector/manifest.yml | 6 +++++- packages/universal_profiling_symbolizer/manifest.yml | 6 +++++- packages/windows/manifest.yml | 2 -- packages/zeek/manifest.yml | 2 -- 15 files changed, 12 insertions(+), 36 deletions(-) diff --git a/packages/bbot/manifest.yml b/packages/bbot/manifest.yml index 0937564623b..b209c03628e 100644 --- a/packages/bbot/manifest.yml +++ b/packages/bbot/manifest.yml @@ -6,8 +6,6 @@ description: "BBOT is a recursive internet scanner inspired by Spiderfoot, but d type: integration categories: - security - # Added threat_intel category as BBOT is an OSINT tool that provides external intelligence about attack surfaces - - threat_intel conditions: kibana: version: "^8.13.0 || ^9.0.0" diff --git a/packages/blacklens/manifest.yml b/packages/blacklens/manifest.yml index 520091c5960..b2c96984ca8 100644 --- a/packages/blacklens/manifest.yml +++ b/packages/blacklens/manifest.yml @@ -8,8 +8,6 @@ description: "Collect logs from blacklens.io with Elastic Agent" type: integration categories: - security - # Added threat_intel category as Blacklens provides Darknet Monitoring and external threat intelligence - - threat_intel # Added vulnerability_management category as Blacklens offers vulnerability scanning and attack surface management - vulnerability_management conditions: diff --git a/packages/ti_eset/manifest.yml b/packages/ti_eset/manifest.yml index 3d41d089a09..96347898493 100644 --- a/packages/ti_eset/manifest.yml +++ b/packages/ti_eset/manifest.yml @@ -7,10 +7,6 @@ type: integration categories: - security - threat_intel - # Added siem category as ESET Threat Intelligence provides data that can be used for security monitoring and incident response - - siem - # Added network_security category as ESET Threat Intelligence includes IP and domain indicators for network protection - - network_security conditions: kibana: version: "^8.13.0 || ^9.0.0" diff --git a/packages/ti_google_threat_intelligence/manifest.yml b/packages/ti_google_threat_intelligence/manifest.yml index 2947ffdde03..1317e41af5b 100644 --- a/packages/ti_google_threat_intelligence/manifest.yml +++ b/packages/ti_google_threat_intelligence/manifest.yml @@ -9,10 +9,6 @@ type: integration categories: - security - threat_intel - # Added siem category as Google Threat Intelligence provides data that can be used for security monitoring and incident response - - siem - # Added network_security category as Google Threat Intelligence includes malicious network infrastructure indicators - - network_security conditions: kibana: version: ^8.16.0 || ^9.0.0 diff --git a/packages/ti_greynoise/manifest.yml b/packages/ti_greynoise/manifest.yml index 3930d8f16bf..221bceed33e 100644 --- a/packages/ti_greynoise/manifest.yml +++ b/packages/ti_greynoise/manifest.yml @@ -7,10 +7,6 @@ type: integration categories: - threat_intel - security - # Added network_security category as GreyNoise provides IP-based threat intelligence for network traffic analysis - - network_security - # Added siem category as GreyNoise data can be used for security monitoring and alert triage - - siem conditions: kibana: version: ^8.17.0 || ^9.0.0 diff --git a/packages/ti_maltiverse/manifest.yml b/packages/ti_maltiverse/manifest.yml index ddeff32615f..c20bd5d663e 100644 --- a/packages/ti_maltiverse/manifest.yml +++ b/packages/ti_maltiverse/manifest.yml @@ -7,10 +7,6 @@ format_version: 3.0.2 categories: - security - threat_intel - # Added siem category as Maltiverse provides threat intelligence data that can be used for security monitoring and incident response - - siem - # Added network_security category as Maltiverse includes IP and domain indicators for network protection - - network_security conditions: kibana: version: "^8.13.0 || ^9.0.0" diff --git a/packages/ti_rapid7_threat_command/manifest.yml b/packages/ti_rapid7_threat_command/manifest.yml index 07d4fb95537..3bb0803b41f 100644 --- a/packages/ti_rapid7_threat_command/manifest.yml +++ b/packages/ti_rapid7_threat_command/manifest.yml @@ -7,8 +7,6 @@ type: integration categories: - security - threat_intel - # Added siem category as Rapid7 Threat Command provides threat intelligence data that can be used for security monitoring and incident response - - siem # Added vulnerability_management category as Rapid7 Threat Command includes CVE data for vulnerability management - vulnerability_management conditions: diff --git a/packages/ti_threatconnect/manifest.yml b/packages/ti_threatconnect/manifest.yml index 0e7a0860346..2cc14ece928 100644 --- a/packages/ti_threatconnect/manifest.yml +++ b/packages/ti_threatconnect/manifest.yml @@ -8,10 +8,6 @@ type: integration categories: - security - threat_intel - # Added siem category as ThreatConnect provides threat intelligence data that can be used for security monitoring and incident response - - siem - # Added network_security category as ThreatConnect includes IP and domain indicators for network protection - - network_security conditions: kibana: version: "^8.13.0 || ^9.0.0" diff --git a/packages/ti_util/manifest.yml b/packages/ti_util/manifest.yml index 1bde453646e..7bac89b993e 100644 --- a/packages/ti_util/manifest.yml +++ b/packages/ti_util/manifest.yml @@ -5,8 +5,6 @@ description: Prebuilt Threat Intelligence dashboard for Elastic Security categories: - security - threat_intel - # Added siem category as TI Util provides dashboards for security monitoring and threat intelligence visualization - - siem conditions: kibana: version: "^8.13.0 || ^9.0.0" diff --git a/packages/tomcat/manifest.yml b/packages/tomcat/manifest.yml index f4df1ab3410..82044dd0d2a 100644 --- a/packages/tomcat/manifest.yml +++ b/packages/tomcat/manifest.yml @@ -8,8 +8,6 @@ categories: - observability # Added application_observability category as Tomcat is a web application server that provides observability data - application_observability - # Added websphere category as Tomcat is a web application server similar to WebSphere - - websphere type: integration conditions: kibana: diff --git a/packages/unifiedlogs/manifest.yml b/packages/unifiedlogs/manifest.yml index 4e813adb933..2fd4976e1ab 100644 --- a/packages/unifiedlogs/manifest.yml +++ b/packages/unifiedlogs/manifest.yml @@ -14,6 +14,8 @@ categories: - os_system # Added observability category as macOS Unified Logs provide comprehensive system telemetry for observability purposes - observability + # Added security category as macOS Unified Logs contain critical security events, authentication attempts, and system modifications that are essential for security monitoring and forensic analysis + - security policy_templates: - name: unifiedlogs type: logs diff --git a/packages/universal_profiling_collector/manifest.yml b/packages/universal_profiling_collector/manifest.yml index 455cdf6080d..cea40717ac1 100644 --- a/packages/universal_profiling_collector/manifest.yml +++ b/packages/universal_profiling_collector/manifest.yml @@ -1,7 +1,11 @@ name: profiler_collector title: Universal Profiling Collector version: 8.17.3 -categories: ["elastic_stack", "monitoring"] +categories: + - elastic_stack + - monitoring + # Added observability category as Universal Profiling provides deep visibility into application and system performance + - observability description: Fleet-wide, whole-system, continuous profiling with zero instrumentation. conditions: kibana.version: "^8.17.3 || ^9.0.0" diff --git a/packages/universal_profiling_symbolizer/manifest.yml b/packages/universal_profiling_symbolizer/manifest.yml index 5883ddc8aaa..c4e07d473a3 100644 --- a/packages/universal_profiling_symbolizer/manifest.yml +++ b/packages/universal_profiling_symbolizer/manifest.yml @@ -1,7 +1,11 @@ name: profiler_symbolizer title: Universal Profiling Symbolizer version: 8.17.3 -categories: ["elastic_stack", "monitoring"] +categories: + - elastic_stack + - monitoring + # Added observability category as Universal Profiling provides deep visibility into application and system performance + - observability description: Fleet-wide, whole-system, continuous profiling with zero instrumentation. conditions: kibana.version: "^8.17.3 || ^9.0.0" diff --git a/packages/windows/manifest.yml b/packages/windows/manifest.yml index 42d8c5e33d5..bfc9e017256 100644 --- a/packages/windows/manifest.yml +++ b/packages/windows/manifest.yml @@ -8,8 +8,6 @@ categories: - security # Added observability category as Windows integration provides comprehensive system metrics and logs for monitoring - observability - # Added siem category as Windows integration provides security event data for monitoring and incident response - - siem icons: - src: /img/logo_windows.svg title: logo windows diff --git a/packages/zeek/manifest.yml b/packages/zeek/manifest.yml index 80bf07798cf..8d48b7a6c3b 100644 --- a/packages/zeek/manifest.yml +++ b/packages/zeek/manifest.yml @@ -12,8 +12,6 @@ format_version: "3.0.3" categories: - network - security - # Added siem category as Zeek provides security event data for monitoring and incident response - - siem conditions: kibana: version: "^8.12.0 || ^9.0.0" From 3f6f93e40e912e26c875e5548eec9b7f931fc0f1 Mon Sep 17 00:00:00 2001 From: Alexandra Konrad Date: Thu, 17 Jul 2025 14:45:58 +0200 Subject: [PATCH 3/7] more comments from PR --- packages/airflow/manifest.yml | 2 -- packages/apache_tomcat/manifest.yml | 2 -- packages/o365/manifest.yml | 2 ++ packages/system/manifest.yml | 2 ++ 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/packages/airflow/manifest.yml b/packages/airflow/manifest.yml index ae1b24c9be4..b2e5dfca6f5 100644 --- a/packages/airflow/manifest.yml +++ b/packages/airflow/manifest.yml @@ -8,8 +8,6 @@ categories: - observability # Added process_manager category as Airflow is a workflow management platform that schedules and monitors workflows - process_manager - # Added stream_processing category as it's used for orchestrating data pipelines and processing data streams - - stream_processing conditions: kibana: version: "^8.13.0 || ^9.0.0" diff --git a/packages/apache_tomcat/manifest.yml b/packages/apache_tomcat/manifest.yml index 125f553420e..d2f96b4889e 100644 --- a/packages/apache_tomcat/manifest.yml +++ b/packages/apache_tomcat/manifest.yml @@ -8,8 +8,6 @@ categories: - observability # Added application_observability category as Apache Tomcat is an application server, and this integration provides detailed application-level metrics and logs - application_observability - # Added websphere category as Tomcat is a Java web application server similar to WebSphere - - websphere type: integration conditions: kibana: diff --git a/packages/o365/manifest.yml b/packages/o365/manifest.yml index cf7bb46fb7f..6788ab40db7 100644 --- a/packages/o365/manifest.yml +++ b/packages/o365/manifest.yml @@ -9,6 +9,8 @@ categories: - productivity_security # Added cloud_security category as it monitors cloud-based Office 365 services, and iam category as it collects Azure AD activity logs related to identity and access management - iam + # Added observability category as it provides visibility into user activity, service health, and performance metrics across Office 365 services + - observability conditions: kibana: version: "^8.18.0 || ^9.0.0" diff --git a/packages/system/manifest.yml b/packages/system/manifest.yml index 7b80e04b875..0fdd1ed2b82 100644 --- a/packages/system/manifest.yml +++ b/packages/system/manifest.yml @@ -8,6 +8,8 @@ categories: - os_system # Added monitoring category as System integration collects metrics for monitoring server health - monitoring + # Added observability category as System integration provides comprehensive visibility into host performance, resource utilization, and system state + - observability conditions: kibana: version: "^8.17.0 || ^9.0.0" From 82d7262f0528e0874116a9aacfbcd23e6be0ade9 Mon Sep 17 00:00:00 2001 From: Alexandra Konrad Date: Fri, 18 Jul 2025 16:42:32 +0200 Subject: [PATCH 4/7] added security global category to those packages that are related to security --- packages/arista_ngfw/manifest.yml | 2 ++ packages/mongodb/manifest.yml | 2 ++ packages/mongodb_atlas/manifest.yml | 2 ++ packages/mysql/manifest.yml | 2 ++ packages/oracle/manifest.yml | 2 ++ 5 files changed, 10 insertions(+) diff --git a/packages/arista_ngfw/manifest.yml b/packages/arista_ngfw/manifest.yml index b8170b63383..81dbd9d2689 100755 --- a/packages/arista_ngfw/manifest.yml +++ b/packages/arista_ngfw/manifest.yml @@ -14,6 +14,8 @@ categories: - firewall_security # Added ids_ips category as it includes intrusion prevention system functionality - ids_ips + # Added global security category as this integration collects security-relevant data + - security conditions: kibana: version: "^8.11.0 || ^9.0.0" diff --git a/packages/mongodb/manifest.yml b/packages/mongodb/manifest.yml index d0f0bbfcf26..1642a51c210 100644 --- a/packages/mongodb/manifest.yml +++ b/packages/mongodb/manifest.yml @@ -8,6 +8,8 @@ categories: - observability # Added database_security category as it collects database logs and metrics including collection statistics, database statistics, and replication status - database_security + # Added global security category as this integration collects security-relevant data + - security icons: - src: /img/logo_mongodb.svg title: logo mongodb diff --git a/packages/mongodb_atlas/manifest.yml b/packages/mongodb_atlas/manifest.yml index d542d70aebe..594513dd8ef 100644 --- a/packages/mongodb_atlas/manifest.yml +++ b/packages/mongodb_atlas/manifest.yml @@ -12,6 +12,8 @@ categories: - observability # Added database_security category as it collects audit logs, alerts, and security-relevant metrics from MongoDB Atlas - database_security + # Added global security category as this integration collects security-relevant data + - security conditions: kibana: version: "^8.13.0 || ^9.0.0" diff --git a/packages/mysql/manifest.yml b/packages/mysql/manifest.yml index d59d540b30c..b95f81fd85a 100644 --- a/packages/mysql/manifest.yml +++ b/packages/mysql/manifest.yml @@ -9,6 +9,8 @@ categories: - observability # Added database_security category as it collects error logs, slow query logs, and replication status metrics that are relevant for database security monitoring - database_security + # Added global security category as this integration collects security-relevant data + - security conditions: kibana: version: "^8.15.0 || ^9.0.0" diff --git a/packages/oracle/manifest.yml b/packages/oracle/manifest.yml index 280d824dba5..cf314b7b914 100644 --- a/packages/oracle/manifest.yml +++ b/packages/oracle/manifest.yml @@ -9,6 +9,8 @@ categories: - datastore # Added database_security category as it collects database audit logs which are critical for monitoring database security events - database_security + # Added global security category as this integration collects security-relevant data + - security conditions: kibana: version: "^8.13.0 || ^9.0.0" From e3191afbb56f10707de3a1ab1b510125bca8cd0e Mon Sep 17 00:00:00 2001 From: Alexandra Konrad Date: Mon, 4 Aug 2025 15:55:27 +0200 Subject: [PATCH 5/7] make all integrations having parent category --- packages/apm/manifest.yml | 6 +++++- packages/azure_frontdoor/manifest.yml | 2 ++ packages/cloud_defend/manifest.yml | 2 ++ packages/docker_otel/manifest.yml | 2 ++ packages/elastic_connectors/manifest.yml | 2 ++ packages/falco/manifest.yml | 2 ++ packages/fortinet_fortiproxy/manifest.yml | 2 ++ packages/gigamon/manifest.yml | 2 ++ packages/kubernetes_otel/manifest.yml | 2 ++ packages/menlo/manifest.yml | 2 ++ packages/miniflux/manifest.yml | 2 ++ packages/squid/manifest.yml | 2 ++ packages/sysdig/manifest.yml | 2 ++ packages/teleport/manifest.yml | 2 ++ packages/tetragon/manifest.yml | 2 ++ 15 files changed, 33 insertions(+), 1 deletion(-) diff --git a/packages/apm/manifest.yml b/packages/apm/manifest.yml index 598d1a8bb04..3418c52616e 100644 --- a/packages/apm/manifest.yml +++ b/packages/apm/manifest.yml @@ -4,7 +4,11 @@ title: Elastic APM version: 9.1.0-preview-1747764883 description: Monitor, detect, and diagnose complex application performance issues. type: integration -categories: ["elastic_stack", "monitoring"] +categories: + - elastic_stack + - monitoring + # Observability is a parent category for monitoring + - observability conditions: elastic: capabilities: diff --git a/packages/azure_frontdoor/manifest.yml b/packages/azure_frontdoor/manifest.yml index 6a287449f78..32c7a5cc58b 100644 --- a/packages/azure_frontdoor/manifest.yml +++ b/packages/azure_frontdoor/manifest.yml @@ -8,6 +8,8 @@ categories: - azure - cloud - network + # Observability is a parent category for web + - observability - security - web conditions: diff --git a/packages/cloud_defend/manifest.yml b/packages/cloud_defend/manifest.yml index e51941b4378..dc4b558be84 100644 --- a/packages/cloud_defend/manifest.yml +++ b/packages/cloud_defend/manifest.yml @@ -9,6 +9,8 @@ type: integration categories: - containers - kubernetes + # Observability is a parent category for kubernetes + - observability - security conditions: kibana: diff --git a/packages/docker_otel/manifest.yml b/packages/docker_otel/manifest.yml index 61fd2268245..802409c3bb0 100644 --- a/packages/docker_otel/manifest.yml +++ b/packages/docker_otel/manifest.yml @@ -9,6 +9,8 @@ type: content categories: - containers - monitoring + # Observability is a parent category for monitoring + - observability conditions: kibana: version: "^8.17.2 || ^9.0.0" diff --git a/packages/elastic_connectors/manifest.yml b/packages/elastic_connectors/manifest.yml index d0f3abc2d17..4e600f55f4c 100644 --- a/packages/elastic_connectors/manifest.yml +++ b/packages/elastic_connectors/manifest.yml @@ -8,6 +8,8 @@ description: "Sync data from source to the Elasticsearch index." type: integration categories: - connector + # Enterprise Search is a parent category for connector + - enterprise_search conditions: kibana: version: "^9.0.0" diff --git a/packages/falco/manifest.yml b/packages/falco/manifest.yml index ed5b4ccc331..2a6271e826c 100644 --- a/packages/falco/manifest.yml +++ b/packages/falco/manifest.yml @@ -8,6 +8,8 @@ categories: - containers - kubernetes - monitoring + # Observability is a parent category for kubernetes and monitoring + - observability - security conditions: kibana: diff --git a/packages/fortinet_fortiproxy/manifest.yml b/packages/fortinet_fortiproxy/manifest.yml index 91fac184973..71da0252d06 100644 --- a/packages/fortinet_fortiproxy/manifest.yml +++ b/packages/fortinet_fortiproxy/manifest.yml @@ -6,6 +6,8 @@ description: "Collect logs from Fortinet FortiProxy with Elastic Agent." type: integration categories: - network + # Observability is a parent category for web + - observability - proxy_security - security - web diff --git a/packages/gigamon/manifest.yml b/packages/gigamon/manifest.yml index 5cd63c7beab..7560eb3f1f0 100644 --- a/packages/gigamon/manifest.yml +++ b/packages/gigamon/manifest.yml @@ -9,6 +9,8 @@ categories: - security - network - application_observability + # Observability is a parent category for application_observability + - observability conditions: kibana: version: "^8.13.0 || ^9.0.0" diff --git a/packages/kubernetes_otel/manifest.yml b/packages/kubernetes_otel/manifest.yml index 164cd53aa08..2c36f69d64d 100644 --- a/packages/kubernetes_otel/manifest.yml +++ b/packages/kubernetes_otel/manifest.yml @@ -6,6 +6,8 @@ description: "Utilise the pre-built dashboard for OTel-native metrics and events type: content categories: - kubernetes + # Observability is a parent category for kubernetes + - observability conditions: kibana: version: "^8.18.0 || ^9.0.0" diff --git a/packages/menlo/manifest.yml b/packages/menlo/manifest.yml index a05180ea1e2..6446bf9a908 100644 --- a/packages/menlo/manifest.yml +++ b/packages/menlo/manifest.yml @@ -9,6 +9,8 @@ type: integration categories: - monitoring - network + # Observability is a parent category for monitoring + - observability - security conditions: kibana: diff --git a/packages/miniflux/manifest.yml b/packages/miniflux/manifest.yml index ddc09e2cd9a..3c005e2a625 100644 --- a/packages/miniflux/manifest.yml +++ b/packages/miniflux/manifest.yml @@ -7,6 +7,8 @@ source: description: Collect RSS feed content from the Miniflux API with Elastic Agent. type: integration categories: + # Observability is a parent category for web + - observability - web conditions: kibana: diff --git a/packages/squid/manifest.yml b/packages/squid/manifest.yml index 1256b5cc49c..68fed30c4ed 100644 --- a/packages/squid/manifest.yml +++ b/packages/squid/manifest.yml @@ -4,6 +4,8 @@ title: Squid Proxy version: "1.3.0" description: Collect and parse logs from Squid devices with Elastic Agent. categories: + # Observability is a parent category for web + - observability - network - security - proxy_security diff --git a/packages/sysdig/manifest.yml b/packages/sysdig/manifest.yml index fc1e83d43e8..a8c4f1e886a 100644 --- a/packages/sysdig/manifest.yml +++ b/packages/sysdig/manifest.yml @@ -8,6 +8,8 @@ categories: - containers - kubernetes - monitoring + # Observability is a parent category for kubernetes and monitoring + - observability - security conditions: kibana: diff --git a/packages/teleport/manifest.yml b/packages/teleport/manifest.yml index fa0a1b679e4..0c056935838 100644 --- a/packages/teleport/manifest.yml +++ b/packages/teleport/manifest.yml @@ -9,6 +9,8 @@ type: integration categories: - monitoring - network + # Observability is a parent category for monitoring + - observability - security conditions: kibana: diff --git a/packages/tetragon/manifest.yml b/packages/tetragon/manifest.yml index d55fc51de8c..8cb80a2320a 100644 --- a/packages/tetragon/manifest.yml +++ b/packages/tetragon/manifest.yml @@ -12,6 +12,8 @@ categories: - cloud - cloudsecurity_cdr - kubernetes + # Observability is a parent category for kubernetes + - observability conditions: kibana: version: "^8.13.0 || ^9.0.0" From 7d674e75447adfb201ab501723192473b8e4475d Mon Sep 17 00:00:00 2001 From: Alexandra Konrad Date: Tue, 5 Aug 2025 17:14:10 +0200 Subject: [PATCH 6/7] add observability to another package --- packages/aws/manifest.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/packages/aws/manifest.yml b/packages/aws/manifest.yml index e2e2313a7bf..2f91f4dcf38 100644 --- a/packages/aws/manifest.yml +++ b/packages/aws/manifest.yml @@ -7,6 +7,8 @@ type: integration categories: - aws - cloud + # Added observability category as AWS integration collects metrics and logs from various AWS services, which are essential for monitoring and observability. + - observability # Added security category as AWS integration collects security-relevant data like CloudTrail logs, GuardDuty findings, and other security monitoring data - security conditions: From 079d5eaed63ce9c4e58b2c959a79606f30c28134 Mon Sep 17 00:00:00 2001 From: Alexandra Konrad Date: Fri, 12 Sep 2025 12:47:28 +0200 Subject: [PATCH 7/7] introduce final comments --- packages/miniflux/manifest.yml | 2 ++ packages/mysql_enterprise/manifest.yml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/packages/miniflux/manifest.yml b/packages/miniflux/manifest.yml index 3c005e2a625..0a18988df44 100644 --- a/packages/miniflux/manifest.yml +++ b/packages/miniflux/manifest.yml @@ -9,6 +9,8 @@ type: integration categories: # Observability is a parent category for web - observability + # Added security category as Miniflux integration is assigned to security team + - security - web conditions: kibana: diff --git a/packages/mysql_enterprise/manifest.yml b/packages/mysql_enterprise/manifest.yml index c72f75e4199..8a4e5c6a5b4 100644 --- a/packages/mysql_enterprise/manifest.yml +++ b/packages/mysql_enterprise/manifest.yml @@ -6,6 +6,8 @@ description: Collect audit logs from MySQL Enterprise with Elastic Agent. type: integration categories: - security + # Added observability category as MySQL Enterprise integration collects audit logs which are essential for monitoring and observability + - observability - datastore # Added database_security category as it specifically collects MySQL Enterprise Audit logs which are critical for database security monitoring - database_security