elastic · trisch-me · Jul 16, 2025 · Jul 16, 2025 · Jul 16, 2025 · Jul 17, 2025
@@ -6,6 +6,10 @@ description: Collect logs from Abnormal AI with Elastic Agent.
 type: integration
 categories:
   - security
+  # Added email_security category as this integration focuses on email security and mailbox protection
+  - email_security
+  # Added threat_intel category as it includes threat detection and case management for email security threats
+  - threat_intel
 conditions:
   kibana:
     version: "^8.17.0 || ^9.0.0"

@@ -12,6 +12,10 @@ format_version: "3.0.2"
 categories:
   - message_queue
   - observability
+  # Added monitoring category as this integration collects metrics for monitoring ActiveMQ instances
+  - monitoring
+  # Added infrastructure category as ActiveMQ is part of the infrastructure stack
+  - infrastructure
 conditions:
   kibana:
     version: "^8.13.0 || ^9.0.0"

@@ -8,6 +8,10 @@ description: "Collect logs from Admin By Request EPM with Elastic Agent."
 type: integration
 categories:
   - security
+  # Added iam category as Admin By Request EPM is focused on privilege management and administrative access control
+  - iam
+  # Added credential_management category as it deals with elevated privileges management
+  - credential_management
 conditions:
   kibana:
     version: "^8.15.3 || ^9.0.0"

@@ -6,6 +6,8 @@ type: integration
 format_version: "3.0.0"
 categories:
   - observability
+  # Added process_manager category as Airflow is a workflow management platform that schedules and monitors workflows
+  - process_manager
 conditions:
   kibana:
     version: "^8.13.0 || ^9.0.0"

@@ -4,7 +4,11 @@ title: Amazon Security Lake
 version: "2.6.1"
 description: Collect logs from Amazon Security Lake with Elastic Agent.
 type: integration
-categories: ["aws", "security"]
+categories:
+  - aws
+  - security
+  # Added siem category as it functions as a security information and event management system for AWS resources
+  - siem
 conditions:
   kibana:
     version: "^8.16.5 || ^9.0.0"

@@ -7,6 +7,10 @@ type: integration
 categories:
   - observability
   - analytics_engine
+  # Added big_data category as Apache Spark is a unified analytics engine for large-scale data processing
+  - big_data
+  # Added stream_processing category as Spark includes capabilities for stream processing with Spark Streaming
+  - stream_processing
 conditions:
   kibana:
     version: "^8.13.0 || ^9.0.0"

@@ -3,7 +3,11 @@ name: apache_tomcat
 title: Apache Tomcat
 version: "1.11.0"
 description: Collect and parse logs and metrics from Apache Tomcat servers with Elastic Agent.
-categories: ["web", "observability"]
+categories:
+  - web
+  - observability
+  # Added application_observability category as Apache Tomcat is an application server, and this integration provides detailed application-level metrics and logs
+  - application_observability
 type: integration
 conditions:
   kibana:

@@ -8,6 +8,14 @@ description: "Collect logs and metrics from Arista NG Firewall."
 type: integration
 categories:
   - network
+  # Added network_security category as Arista NGFW is primarily a network security device
+  - network_security
+  # Added firewall_security category as it provides firewall capabilities and logs firewall events
+  - firewall_security
+  # Added ids_ips category as it includes intrusion prevention system functionality
+  - ids_ips
+  # Added global security category as this integration collects security-relevant data
+  - security
 conditions:
   kibana:
     version: "^8.11.0 || ^9.0.0"

@@ -6,6 +6,10 @@ description: Collect logs from Armis with Elastic Agent.
 type: integration
 categories:
   - security
+  # Added vulnerability_management category as it detects and manages vulnerabilities across devices
+  - vulnerability_management
+  # Added network_security category as it monitors and protects devices across the network
+  - network_security
 conditions:
   kibana:
     version: "^8.18.0 || ^9.0.0"

@@ -6,6 +6,8 @@ description: Collect logs from authentik with Elastic Agent.
 type: integration
 categories:
   - security
+  # Added iam category as Authentik is an Identity Provider (IdP) and SSO solution
+  - iam
 conditions:
   kibana:
     version: "^8.16.0 || ^9.0.0"

@@ -7,6 +7,8 @@ type: integration
 categories:
   - aws
   - cloud
+  # Added security category as AWS integration collects security-relevant data like CloudTrail logs, GuardDuty findings, and other security monitoring data
+  - security
 conditions:
   elastic:
     subscription: basic

@@ -13,6 +13,8 @@ categories:
   - cloud
   - azure
   - observability
+  # Added security category as it collects security-relevant logs like Microsoft Entra ID sign-in logs, audit logs, and identity protection logs
+  - security
 conditions:
   kibana:
     version: "^8.15.1 || ^9.0.0"

@@ -10,6 +10,8 @@ categories:
   - azure
   - cloud
   - observability
+  # Added security category as it collects audit logs and security-relevant data like content filter results
+  - security
 conditions:
   kibana:
     version: "^9.0.0"

@@ -10,6 +10,8 @@ categories:
   - azure
   - cloud
   - observability
+  # Added security category as it collects audit logs and security-relevant HTTP logs
+  - security
 conditions:
   kibana:
     version: "^8.13.0 || ^9.0.0"

@@ -10,6 +10,8 @@ categories:
   - azure
   - cloud
   - observability
+  # Added security category as it collects audit logs and content filtering data for AI prompts and responses
+  - security
 conditions:
   kibana:
     version: "^8.17.1 || ^9.0.0"

@@ -9,6 +9,8 @@ type: integration
 categories:
   - security
   - advanced_analytics_ueba
+  # Added network_security category as this package identifies beaconing activity in network traffic which is critical for detecting C2 communications
+  - network_security
 conditions:
   kibana:
     version: "^8.10.1 || ^9.0.0"

@@ -7,6 +7,8 @@ type: integration
 categories:
   - network
   - security
+  # Added threat_intel category as Beelzebub is a honeypot framework that collects intelligence about attack techniques and behaviors
+  - threat_intel
 conditions:
   kibana:
     version: "^8.17.1 || ^9.0.0"

@@ -8,6 +8,10 @@ description: Ingest privileged access management (PAM) data from BeyondTrust's B
 type: integration
 categories:
   - security
+  # Added credential_management category as Password Safe is a privileged password management solution
+  - credential_management
+  # Added iam category as this integration provides user audit data and privileged access management functionality
+  - iam
 conditions:
   kibana:
     version: "^8.15.3 || ^9.0.0"

@@ -6,6 +6,10 @@ type: integration
 format_version: 3.4.0
 categories:
   - security
+  # Added iam category as BeyondTrust PRA provides privileged access management functionality
+  - iam
+  # Added network_security category as it secures remote access connections to critical systems
+  - network_security
 conditions:
   kibana:
     version: "^8.18.0 || ^9.0.0"

@@ -8,6 +8,8 @@ description: "Ingest BitDefender GravityZone logs and data"
 type: integration
 categories:
   - security
+  # Added edr_xdr category as BitDefender GravityZone provides endpoint detection and response capabilities
+  - edr_xdr
 conditions:
   kibana:
     version: "^8.14.3 || ^9.0.0"

@@ -8,6 +8,8 @@ description: "Collect logs from blacklens.io with Elastic Agent"
 type: integration
 categories:
   - security
+  # Added vulnerability_management category as Blacklens offers vulnerability scanning and attack surface management
+  - vulnerability_management
 conditions:
   kibana:
     version: "^8.15.2 || ^9.0.0"

@@ -7,6 +7,8 @@ type: integration
 categories:
   - security
   - productivity
+  # Added iam category as Canva integration collects audit logs related to user activities, permissions, and access management
+  - iam
 conditions:
   kibana:
     version: "^8.16.5 || ^9.0.0"

@@ -4,6 +4,10 @@ version: "2.21.1"
 description: Collect logs from CEF Logs with Elastic Agent.
 categories:
   - security
+  # Added custom category as CEF is a standardized log format that can be used by many different products
+  - custom
+  # Added network_security category as CEF is commonly used for network security monitoring and firewall logs
+  - network_security
 conditions:
   kibana:
     version: "^8.15.1 || ^9.0.0"

@@ -6,6 +6,8 @@ description: Collect logs from Check Point Harmony Email & Collaboration with El
 type: integration
 categories:
   - security
+  # Added email_security category as Check Point Harmony Email & Collaboration focuses on monitoring and securing email platforms
+  - email_security
 conditions:
   kibana:
     version: "^8.16.0 || ^9.0.0"

@@ -8,6 +8,8 @@ description: "Collect logs from Check Point Harmony Endpoint"
 type: integration
 categories:
   - security
+  # Added edr_xdr category as Check Point Harmony Endpoint provides endpoint detection and response capabilities with advanced threat prevention
+  - edr_xdr
 conditions:
   kibana:
     version: "^8.14.0 || ^9.0.0"

@@ -6,6 +6,8 @@ description: "This package allows the ingest of known exploited vulnerabilities
 type: integration
 categories:
   - security
+  # Added vulnerability_management category as CISA KEVs provides information about known exploited vulnerabilities for vulnerability tracking and management
+  - vulnerability_management
 conditions:
   kibana:
     version: "^8.13.0 || ^9.0.0"

@@ -7,6 +7,8 @@ type: integration
 categories:
   - security
   - network
+  # Added iam category as Cisco ISE is an identity services engine that provides identity and access management
+  - iam
 conditions:
   kibana:
     version: "^8.11.0 || ^9.0.0"

@@ -7,6 +7,8 @@ type: integration
 categories:
   - network
   - security
+  # Added cloud category as Cisco Meraki is a cloud-managed networking solution
+  - cloud
 conditions:
   kibana:
     version: "^8.13.0 || ^9.0.0"

@@ -4,8 +4,10 @@ title: Microsoft Defender for Endpoint
 version: "2.42.0"
 description: Collect logs from Microsoft Defender for Endpoint with Elastic Agent.
 categories:
-  - "security"
-  - "edr_xdr"
+  - security
+  - edr_xdr
+  # Added siem category as Microsoft Defender for Endpoint provides security event data for monitoring and incident response
+  - siem
 type: integration
 conditions:
   kibana:

@@ -6,6 +6,8 @@ description: Collect logs from Microsoft DHCP with Elastic Agent.
 type: integration
 categories:
   - security
+  # Added network category as it collects DHCP server logs that contain network address assignment information
+  - network
 conditions:
   kibana:
     version: ^8.11.0 || ^9.0.0

@@ -8,6 +8,8 @@ description: Collect logs from Microsoft Exchange Server with Elastic Agent.
 type: integration
 categories:
   - security
+  # Added email_security category as it collects logs from Exchange Server including HTTP proxy, IMAP/POP3, message tracking, and SMTP logs
+  - email_security
 conditions:
   kibana:
     version: "^8.11.0 || ^9.0.0"

@@ -6,6 +6,10 @@ type: integration
 categories:
   - datastore
   - observability
+  # Added database_security category as it collects database logs and metrics including collection statistics, database statistics, and replication status
+  - database_security
+  # Added global security category as this integration collects security-relevant data
+  - security
 icons:
   - src: /img/logo_mongodb.svg
     title: logo mongodb

@@ -10,6 +10,10 @@ categories:
   - cloud
   - datastore
   - observability
+  # Added database_security category as it collects audit logs, alerts, and security-relevant metrics from MongoDB Atlas
+  - database_security
+  # Added global security category as this integration collects security-relevant data
+  - security
 conditions:
   kibana:
     version: "^8.13.0 || ^9.0.0"

@@ -7,6 +7,10 @@ type: integration
 categories:
   - datastore
   - observability
+  # Added database_security category as it collects error logs, slow query logs, and replication status metrics that are relevant for database security monitoring
+  - database_security
+  # Added global security category as this integration collects security-relevant data
+  - security
 conditions:
   kibana:
     version: "^8.15.0 || ^9.0.0"

@@ -7,6 +7,8 @@ type: integration
 categories:
   - security
   - datastore
+  # Added database_security category as it specifically collects MySQL Enterprise Audit logs which are critical for database security monitoring
+  - database_security
 conditions:
   kibana:
     version: "^8.11.0 || ^9.0.0"

@@ -12,6 +12,8 @@ format_version: 3.0.4
 categories:
   - observability
   - message_queue
+  # Added stream_processing category as NATS is commonly used for real-time data streaming and event processing
+  - stream_processing
 conditions:
   kibana:
     version: "^8.13.0 || ^9.0.0"

@@ -3,7 +3,9 @@ name: netscout
 title: Arbor Peakflow SP Logs (Deprecated)
 version: "0.22.0"
 description: Deprecated. Netscout Arbor Peakflow SP is no longer supported.
-categories: ["security", "network"]
+categories:
+  - security
+  - network
 type: integration
 conditions:
   kibana.version: "^8.11.0"

@@ -4,7 +4,13 @@ version: "2.18.7"
 description: Collect logs from Microsoft Office 365 with Elastic Agent.
 type: integration
 format_version: "3.2.3"
-categories: [security, productivity_security]
+categories:
+  - security
+  - productivity_security
+  # Added cloud_security category as it monitors cloud-based Office 365 services, and iam category as it collects Azure AD activity logs related to identity and access management
+  - iam
+  # Added observability category as it provides visibility into user activity, service health, and performance metrics across Office 365 services
+  - observability
 conditions:
   kibana:
     version: "^8.18.0 || ^9.0.0"