diff --git a/packages/abnormal_security/data_stream/ai_security_mailbox_not_analyzed/manifest.yml b/packages/abnormal_security/data_stream/ai_security_mailbox_not_analyzed/manifest.yml index 6a948623eff..4b1efc93b6f 100644 --- a/packages/abnormal_security/data_stream/ai_security_mailbox_not_analyzed/manifest.yml +++ b/packages/abnormal_security/data_stream/ai_security_mailbox_not_analyzed/manifest.yml @@ -18,7 +18,7 @@ streams: type: text title: Recent Message Grace Interval multi: false - required: true + required: false show_user: true description: How long to wait before attempting to collect recent messages. This option allows the Abnormal AI API to complete analysis of messages before the agent attempts to collect them. This should not be greater than the initial interval. Supported units for this parameter are h/m/s. - name: interval diff --git a/packages/abnormal_security/data_stream/ai_security_mailbox_not_analyzed/sample_event.json b/packages/abnormal_security/data_stream/ai_security_mailbox_not_analyzed/sample_event.json index 4f9c3f7d985..b6ddd2f2551 100644 --- a/packages/abnormal_security/data_stream/ai_security_mailbox_not_analyzed/sample_event.json +++ b/packages/abnormal_security/data_stream/ai_security_mailbox_not_analyzed/sample_event.json @@ -17,22 +17,22 @@ } }, "agent": { - "ephemeral_id": "835b49c2-b5f8-4cd3-9915-0257c60f59ad", - "id": "129fb3a1-34d7-4b0f-8248-d13d3a7d46f6", - "name": "elastic-agent-18300", + "ephemeral_id": "ea5725c7-abdf-4082-aa3f-38a44243aced", + "id": "bde1501c-c6c1-49fe-9125-c805f917c934", + "name": "elastic-agent-45073", "type": "filebeat", "version": "8.19.0" }, "data_stream": { "dataset": "abnormal_security.ai_security_mailbox_not_analyzed", - "namespace": "26882", + "namespace": "98484", "type": "logs" }, "ecs": { "version": "8.11.0" }, "elastic_agent": { - "id": "129fb3a1-34d7-4b0f-8248-d13d3a7d46f6", + "id": "bde1501c-c6c1-49fe-9125-c805f917c934", "snapshot": false, "version": "8.19.0" }, @@ -51,7 +51,7 @@ ], "dataset": "abnormal_security.ai_security_mailbox_not_analyzed", "id": "-1234567891234567891", - "ingested": "2025-09-16T10:25:44Z", + "ingested": "2025-10-30T07:35:02Z", "kind": "event", "original": "{\"abx_message_id\":-1234567891234567891,\"not_analyzed_reason\":\"PHISHING_SIMULATION\",\"recipient\":{\"email\":\"phishing@test.com\",\"name\":\"Phishing Test\"},\"reported_datetime\":\"2025-03-04T17:03:55Z\",\"reporter\":{\"email\":\"info@test.com\",\"name\":\"Info Test\"},\"subject\":\"Fwd: Forwarded email\"}", "reason": "PHISHING_SIMULATION", diff --git a/packages/abnormal_security/docs/README.md b/packages/abnormal_security/docs/README.md index d7516b08144..a604c425817 100644 --- a/packages/abnormal_security/docs/README.md +++ b/packages/abnormal_security/docs/README.md @@ -219,22 +219,22 @@ An example event for `ai_security_mailbox_not_analyzed` looks as following: } }, "agent": { - "ephemeral_id": "835b49c2-b5f8-4cd3-9915-0257c60f59ad", - "id": "129fb3a1-34d7-4b0f-8248-d13d3a7d46f6", - "name": "elastic-agent-18300", + "ephemeral_id": "ea5725c7-abdf-4082-aa3f-38a44243aced", + "id": "bde1501c-c6c1-49fe-9125-c805f917c934", + "name": "elastic-agent-45073", "type": "filebeat", "version": "8.19.0" }, "data_stream": { "dataset": "abnormal_security.ai_security_mailbox_not_analyzed", - "namespace": "26882", + "namespace": "98484", "type": "logs" }, "ecs": { "version": "8.11.0" }, "elastic_agent": { - "id": "129fb3a1-34d7-4b0f-8248-d13d3a7d46f6", + "id": "bde1501c-c6c1-49fe-9125-c805f917c934", "snapshot": false, "version": "8.19.0" }, @@ -253,7 +253,7 @@ An example event for `ai_security_mailbox_not_analyzed` looks as following: ], "dataset": "abnormal_security.ai_security_mailbox_not_analyzed", "id": "-1234567891234567891", - "ingested": "2025-09-16T10:25:44Z", + "ingested": "2025-10-30T07:35:02Z", "kind": "event", "original": "{\"abx_message_id\":-1234567891234567891,\"not_analyzed_reason\":\"PHISHING_SIMULATION\",\"recipient\":{\"email\":\"phishing@test.com\",\"name\":\"Phishing Test\"},\"reported_datetime\":\"2025-03-04T17:03:55Z\",\"reporter\":{\"email\":\"info@test.com\",\"name\":\"Info Test\"},\"subject\":\"Fwd: Forwarded email\"}", "reason": "PHISHING_SIMULATION", diff --git a/packages/aws_bedrock/data_stream/invocation/_dev/test/system/test-default-config.yml b/packages/aws_bedrock/data_stream/invocation/_dev/test/system/test-default-config.yml index 7bc9c47aa0a..2ea31b472a3 100644 --- a/packages/aws_bedrock/data_stream/invocation/_dev/test/system/test-default-config.yml +++ b/packages/aws_bedrock/data_stream/invocation/_dev/test/system/test-default-config.yml @@ -12,5 +12,6 @@ data_stream: queue_url: '{{TF_OUTPUT_queue_url}}' preserve_original_event: true preserve_duplicate_custom_fields: true + file_selectors: [] assert: hit_count: 348 diff --git a/packages/aws_bedrock/data_stream/invocation/sample_event.json b/packages/aws_bedrock/data_stream/invocation/sample_event.json index 6b44a5e7e18..e116ae8fcd7 100644 --- a/packages/aws_bedrock/data_stream/invocation/sample_event.json +++ b/packages/aws_bedrock/data_stream/invocation/sample_event.json @@ -1,17 +1,17 @@ { "@timestamp": "2024-04-18T22:54:57.000Z", "agent": { - "ephemeral_id": "d4469df0-eb1e-4d38-8a8a-6151ec12adff", - "id": "dac9fd53-f482-4758-943d-5d958670ef90", - "name": "docker-fleet-agent", + "ephemeral_id": "b11cb8ea-58f3-4b99-b8b0-cd42c6e08f0a", + "id": "7ba40e4e-4055-4882-a671-66a33594c9c1", + "name": "elastic-agent-33671", "type": "filebeat", - "version": "8.13.0" + "version": "8.16.5" }, "aws": { "s3": { "bucket": { - "arn": "arn:aws:s3:::elastic-package-aws-logs-bucket-23787", - "name": "elastic-package-aws-logs-bucket-23787" + "arn": "arn:aws:s3:::elastic-package-aws-logs-bucket-56082", + "name": "elastic-package-aws-logs-bucket-56082" }, "object": { "key": "BedrockModelInvocationLogs" @@ -43,10 +43,14 @@ "top_p": 0.999 }, "input_content_type": "application/json", - "input_token_count": 571 + "input_token_count": 571, + "messages_content_kinds": [ + "text" + ] }, "model_id": "anthropic.claude-3-haiku-20240307-v1:0", "output": { + "completion_text": "The text provided is about a bug in the Elastic Fleet's Windows data stream forwarded integration. Specifically, the text discusses an issue with the `security.yml` ingest pipeline that can turn valid IPv6 addresses into invalid ones.\n\nThe bug occurs in the following code:\n\n```yaml\n- gsub:\n field: source.ip\n pattern: \"::ffff:(\\d+\\.\\d+\\.\\d+\\.\\d+)\"\n replacement: \"\\1\"\n ignore_missing: true\n```\n\nThe issue is that the pattern `::ffff:(\\d+\\.\\d+\\.\\d+\\.\\d+)` is not anchored at the beginning of the string, which can lead to unintended transformations of valid IPv6 addresses.\n\nThe text suggests a fix by using the pattern `^::ffff:` to anchor the pattern at the beginning of the string, which would correctly transform `::ffff:192.168.1.1` into `192.168.1.1` while leaving `fe80::ffff:ffff:fffe` untouched.\n\nIn summary, this is a bug report for the Elastic Fleet's Windows data stream forwarded integration, and the text provides a suggested fix for the issue.", "output_body_json": [ { "message": { @@ -2222,22 +2226,22 @@ }, "data_stream": { "dataset": "aws_bedrock.invocation", - "namespace": "ep", + "namespace": "22089", "type": "logs" }, "ecs": { "version": "8.11.0" }, "elastic_agent": { - "id": "dac9fd53-f482-4758-943d-5d958670ef90", + "id": "7ba40e4e-4055-4882-a671-66a33594c9c1", "snapshot": false, - "version": "8.13.0" + "version": "8.16.5" }, "event": { "action": "InvokeModelWithResponseStream", "agent_id_status": "verified", "dataset": "aws_bedrock.invocation", - "ingested": "2024-05-02T04:46:08Z", + "ingested": "2025-10-30T09:53:16Z", "original": "{\"schemaType\":\"ModelInvocationLog\",\"schemaVersion\":\"1.0\",\"timestamp\":\"2024-04-18T22:54:57Z\",\"accountId\":\"144492464627\",\"identity\":{\"arn\":\"arn:aws:iam::144492464627:user/andrew.kroh@elastic.co\"},\"region\":\"us-east-1\",\"requestId\":\"6f9e9644-95a1-4c3c-892f-b51372320d5e\",\"operation\":\"InvokeModelWithResponseStream\",\"modelId\":\"anthropic.claude-3-haiku-20240307-v1:0\",\"input\":{\"inputContentType\":\"application/json\",\"inputBodyJson\":{\"messages\":[{\"role\":\"user\",\"content\":[{\"type\":\"text\",\"text\":\"The following text is from a github issue in the elastic/integrations repository. Please classify what Elastic Fleet integration it is about. This list of can be found at https://docs.elastic.co/integrations/all_integrations. Please indicate it is a bug or enhancement request.\\n\\n\\nThe following processor can turn valid IPv6 address into invalid ones.\\n\\nhttps://github.com/elastic/integrations/blob/4558683307e3a1a10bd0ff946faf045ed014d135/packages/windows/data_stream/forwarded/elasticsearch/ingest_pipeline/security.yml#L2906-L2910\\n\\nExamples:\\n- `fe80::ffff:ffff:fffe` -> `fe80ffff:fffe`\\n- `fe80::ffff:ffff:ffff:ffff` -> `fe80ffff:ffff:ffff`\\n\\nWhich then later causes errors such as `'fe80ffff:ffff:ffff' is not an IP string literal.` in other processors. It also causes other issues.\\n![image](https://github.com/elastic/integrations/assets/1696711/6f189e04-108c-49ec-9c66-ba004c694d57)\\n\\nI believe this processor's intent is to transform IPs such as `::ffff:192.168.1.1` into `192.168.1.1`. In which case, the pattern should be `^::ffff:` to anchor the pattern at the beginning of the string.\\n\\n```\\n - gsub:\\n field: source.ip\\n pattern: \\\"^::ffff:\\\"\\n replacement: \\\"\\\"\\n ignore_missing: true\\n```\\n\\nI tested this in a simulated pipeline using both `fe80::ffff:ffff:fffe` and `::ffff:192.168.1.1` values. It correctly left the former untouched and correctly stripped the prefix from the latter.\\n\\nReferences:\\n- [RFC 5156 Section 2.2](https://www.rfc-editor.org/rfc/rfc5156.html#section-2.2)\\n- [RFC 4291 Section 2.2](https://www.rfc-editor.org/rfc/rfc4291#section-2.2)\\n- https://www.ibm.com/docs/en/i/7.5?topic=concepts-ipv6-address-formats\\n\"}]}],\"anthropic_version\":\"bedrock-2023-05-31\",\"max_tokens\":2000,\"temperature\":1,\"top_k\":250,\"top_p\":0.999,\"stop_sequences\":[\"\\n\\nHuman:\"]},\"inputTokenCount\":571},\"output\":{\"outputContentType\":\"application/json\",\"outputBodyJson\":[{\"type\":\"message_start\",\"message\":{\"id\":\"msg_01L3WcyJkxCgmHpMiLRhSYvf\",\"type\":\"message\",\"role\":\"assistant\",\"content\":[],\"model\":\"claude-3-haiku-48k-20240307\",\"stop_reason\":null,\"stop_sequence\":null,\"usage\":{\"input_tokens\":571,\"output_tokens\":1}}},{\"type\":\"content_block_start\",\"index\":0,\"content_block\":{\"type\":\"text\",\"text\":\"\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"The\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" text\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" provided\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" is\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" about\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" a\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" bug\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" in\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" the\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" Elastic\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" Fleet\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"'s\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" Windows\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" data\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" stream\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" forw\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"arded\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" integration\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\".\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" Specifically\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\",\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" the\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" text\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" discusses\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" an\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" issue\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" with\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" the\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" `\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"security\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\".\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"yml\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"`\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" in\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"gest\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" pipeline\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" that\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" can\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" turn\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" valid\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" IPv\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"6\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" \"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"addresses\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" into\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" invalid\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" ones\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\".\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"\\n\\nThe\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" bug\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" occurs\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" in\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" the\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" following\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" code\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\":\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"\\n\\n```\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"yaml\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"\\n-\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" gs\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"ub\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\":\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"\\n \"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"field\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\":\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" source\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\".\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"ip\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"\\n \"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"pattern\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\":\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" \\\"\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"::\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"ff\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"ff\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\":\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"(\\\\\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"d\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"+\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"\\\\\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\".\\\\\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"d\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"+\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"\\\\\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\".\\\\\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"d\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"+\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"\\\\\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\".\\\\\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"d\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"+\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\")\\\"\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"\\n \"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"replacement\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\":\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" \\\"\\\\\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"1\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"\\\"\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"\\n \"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"ignore\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"_\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"missing\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\":\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" true\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"\\n```\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"\\n\\nThe\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" issue\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" is\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" that\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" the\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" pattern\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" `\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"::\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"ff\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"ff\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\":\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"(\\\\\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"d\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"+\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"\\\\\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\".\\\\\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"d\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"+\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"\\\\\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\".\\\\\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"d\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"+\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"\\\\\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\".\\\\\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"d\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"+\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\")\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"`\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" is\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" not\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" anch\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"ored\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" at\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" the\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" beginning\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" of\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" the\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" string\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\",\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" which\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" can\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" lead\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" to\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" un\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"int\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"ended\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" transform\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"ations\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" of\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" valid\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" IPv\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"6\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" \"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"addresses\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\".\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"\\n\\nThe\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" text\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" suggests\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" a\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" fix\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" by\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" using\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" the\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" pattern\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" `\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"^\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"::\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"ff\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"ff\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\":\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"`\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" to\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" anchor\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" the\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" pattern\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" at\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" the\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" beginning\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" of\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" the\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" string\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\",\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" which\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" would\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" correctly\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" transform\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" `\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"::\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"ff\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"ff\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\":\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"192\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\".\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"168\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\".\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"1\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\".\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"1\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"`\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" into\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" `\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"192\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\".\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"168\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\".\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"1\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\".\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"1\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"`\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" while\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" leaving\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" `\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"fe\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"80\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"::\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"ff\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"ff\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\":\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"ff\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"ff\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\":\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"f\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"ffe\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"`\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" unt\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"ou\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"ched\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\".\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"\\n\\nIn\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" summary\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\",\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" this\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" is\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" a\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" bug\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" report\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" for\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" the\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" Elastic\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" Fleet\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"'s\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" Windows\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" data\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" stream\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" forw\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\"arded\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" integration\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\",\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" and\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" the\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" text\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" provides\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" a\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" suggested\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" fix\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" for\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" the\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\" issue\"}},{\"type\":\"content_block_delta\",\"index\":0,\"delta\":{\"type\":\"text_delta\",\"text\":\".\"}},{\"type\":\"content_block_stop\",\"index\":0},{\"type\":\"message_delta\",\"delta\":{\"stop_reason\":\"end_turn\",\"stop_sequence\":null},\"usage\":{\"output_tokens\":281}},{\"type\":\"message_stop\",\"amazon-bedrock-invocationMetrics\":{\"inputTokenCount\":571,\"outputTokenCount\":281,\"invocationLatency\":3848,\"firstByteLatency\":509}}],\"outputTokenCount\":281}}", "outcome": "success" }, @@ -2281,7 +2285,7 @@ }, "log": { "file": { - "path": "https://elastic-package-aws-logs-bucket-23787.s3.us-east-1.amazonaws.com/BedrockModelInvocationLogs" + "path": "https://elastic-package-aws-logs-bucket-56082.s3.us-east-1.amazonaws.com/BedrockModelInvocationLogs" }, "offset": 7742570 }, @@ -2293,4 +2297,4 @@ "user": { "id": "arn:aws:iam::144492464627:user/andrew.kroh@elastic.co" } -} \ No newline at end of file +} diff --git a/packages/crowdstrike/data_stream/fdr/_dev/test/policy/test-default.expected b/packages/crowdstrike/data_stream/fdr/_dev/test/policy/test-default.expected index fe7acf798ca..ea1547544dd 100644 --- a/packages/crowdstrike/data_stream/fdr/_dev/test/policy/test-default.expected +++ b/packages/crowdstrike/data_stream/fdr/_dev/test/policy/test-default.expected @@ -8,7 +8,6 @@ inputs: streams: - data_stream: dataset: crowdstrike.fdr - type: logs fields: _conf: enable_deduplication: false @@ -83,7 +82,7 @@ inputs: fields: - crowdstrike publisher_pipeline.disable_host: true - queue_url: null + queue_url: "" sqs.notification_parsing_script.source: | function parse(n) { var m = JSON.parse(n); diff --git a/packages/crowdstrike/data_stream/fdr/_dev/test/policy/test-default.yml b/packages/crowdstrike/data_stream/fdr/_dev/test/policy/test-default.yml index 58bbc1f4034..7595be8d1b7 100644 --- a/packages/crowdstrike/data_stream/fdr/_dev/test/policy/test-default.yml +++ b/packages/crowdstrike/data_stream/fdr/_dev/test/policy/test-default.yml @@ -5,5 +5,6 @@ vars: token_url: http://host.tld/oauth2/token data_stream: vars: + queue_url: "" preserve_original_event: true preserve_duplicate_custom_fields: true diff --git a/packages/nvidia_gpu/data_stream/stats/_dev/test/system/test-default-config.yml b/packages/nvidia_gpu/data_stream/stats/_dev/test/system/test-default-config.yml index 0899e4ee88f..8b8224fcb24 100644 --- a/packages/nvidia_gpu/data_stream/stats/_dev/test/system/test-default-config.yml +++ b/packages/nvidia_gpu/data_stream/stats/_dev/test/system/test-default-config.yml @@ -4,5 +4,6 @@ data_stream: preserve_original_event: true hosts: - http://{{Hostname}}:{{Port}}/metrics + ssl: [] assert: hit_count: 3 diff --git a/packages/nvidia_gpu/data_stream/stats/sample_event.json b/packages/nvidia_gpu/data_stream/stats/sample_event.json index 7980ac0214b..6e0d69d381a 100644 --- a/packages/nvidia_gpu/data_stream/stats/sample_event.json +++ b/packages/nvidia_gpu/data_stream/stats/sample_event.json @@ -1,99 +1,54 @@ { - "@timestamp": "2025-06-24T05:16:10.082Z", + "@timestamp": "2025-10-30T09:18:05.475Z", "agent": { - "ephemeral_id": "158b1ab5-1d8f-40df-a960-73d24cffa507", - "id": "c509a40e-38fb-4be5-8e70-ba382ce8eff0", - "name": "elastic-agent-58660", + "ephemeral_id": "54f22388-40a1-419e-91a1-206585ad0aa0", + "id": "74bc8c8b-cd00-4a4e-8457-41b9fc85489e", + "name": "elastic-agent-35074", "type": "metricbeat", - "version": "8.17.0" + "version": "8.16.0" }, "data_stream": { "dataset": "nvidia_gpu.stats", - "namespace": "52265", + "namespace": "46457", "type": "metrics" }, "ecs": { "version": "8.17.0" }, "elastic_agent": { - "id": "c509a40e-38fb-4be5-8e70-ba382ce8eff0", + "id": "74bc8c8b-cd00-4a4e-8457-41b9fc85489e", "snapshot": false, - "version": "8.17.0" + "version": "8.16.0" }, "event": { "agent_id_status": "verified", "dataset": "nvidia_gpu.stats", - "duration": 3737970, - "ingested": "2025-06-24T05:16:13Z", + "duration": 4476867, + "ingested": "2025-10-30T09:18:08Z", "module": "prometheus" }, "gpu": { - "clock": { - "mem_frequency": 405, - "streaming_multiprocessor_frequency": 300 - }, "labels": { - "device": "nvidia0", - "driver_version": "525.105.17", - "gpu": "0", - "hostname": "924e17218b6f", - "job": "prometheus", - "model_name": "Tesla T4", - "pci_bus_id": "00000000:00:04.0", - "uuid": "GPU-2492e3fa-2252-1730-0d1a-8d12ab32cdf0" - }, - "license_vgpu_status": 0, - "memory": { - "framebuffer": { - "free_size": 14923, - "used_size": 5 - } - }, - "nvlink": { - "bandwidth_total": 0 + "job": "prometheus" }, - "pcie": { - "replay": 0 - }, - "power": { - "energy_consumption_total": 27649212030, - "usage": 12.239 - }, - "temperature": { - "gpu": 36, - "memory": 0 - }, - "utilization": { - "decoder": { - "pct": 0 - }, - "encoder": { - "pct": 0 - }, - "gpu": { - "pct": 0 - }, - "memory_copy": { - "pct": 0 - } - } + "up": "1" }, "host": { "architecture": "x86_64", "containerized": true, - "hostname": "elastic-agent-58660", + "hostname": "elastic-agent-35074", "ip": [ - "172.18.0.7", - "192.168.32.2" + "192.168.251.5", + "192.168.252.2" ], "mac": [ - "A6-27-18-C5-0D-F0", - "EA-10-B8-A2-8C-94" + "02-42-C0-A8-FB-05", + "02-42-C0-A8-FC-02" ], - "name": "elastic-agent-58660", + "name": "elastic-agent-35074", "os": { "family": "", - "kernel": "5.15.153.1-microsoft-standard-WSL2", + "kernel": "3.10.0-1160.92.1.el7.x86_64", "name": "Wolfi", "platform": "wolfi", "type": "linux", @@ -111,4 +66,4 @@ "address": "http://svc-nvidia_gpu:9400/metrics", "type": "prometheus" } -} \ No newline at end of file +} diff --git a/packages/nvidia_gpu/docs/README.md b/packages/nvidia_gpu/docs/README.md index 610b1f22df8..4f3b59464ad 100644 --- a/packages/nvidia_gpu/docs/README.md +++ b/packages/nvidia_gpu/docs/README.md @@ -56,101 +56,56 @@ An example event for `stats` looks as following: ```json { - "@timestamp": "2025-06-24T05:16:10.082Z", + "@timestamp": "2025-10-30T09:18:05.475Z", "agent": { - "ephemeral_id": "158b1ab5-1d8f-40df-a960-73d24cffa507", - "id": "c509a40e-38fb-4be5-8e70-ba382ce8eff0", - "name": "elastic-agent-58660", + "ephemeral_id": "54f22388-40a1-419e-91a1-206585ad0aa0", + "id": "74bc8c8b-cd00-4a4e-8457-41b9fc85489e", + "name": "elastic-agent-35074", "type": "metricbeat", - "version": "8.17.0" + "version": "8.16.0" }, "data_stream": { "dataset": "nvidia_gpu.stats", - "namespace": "52265", + "namespace": "46457", "type": "metrics" }, "ecs": { "version": "8.17.0" }, "elastic_agent": { - "id": "c509a40e-38fb-4be5-8e70-ba382ce8eff0", + "id": "74bc8c8b-cd00-4a4e-8457-41b9fc85489e", "snapshot": false, - "version": "8.17.0" + "version": "8.16.0" }, "event": { "agent_id_status": "verified", "dataset": "nvidia_gpu.stats", - "duration": 3737970, - "ingested": "2025-06-24T05:16:13Z", + "duration": 4476867, + "ingested": "2025-10-30T09:18:08Z", "module": "prometheus" }, "gpu": { - "clock": { - "mem_frequency": 405, - "streaming_multiprocessor_frequency": 300 - }, "labels": { - "device": "nvidia0", - "driver_version": "525.105.17", - "gpu": "0", - "hostname": "924e17218b6f", - "job": "prometheus", - "model_name": "Tesla T4", - "pci_bus_id": "00000000:00:04.0", - "uuid": "GPU-2492e3fa-2252-1730-0d1a-8d12ab32cdf0" - }, - "license_vgpu_status": 0, - "memory": { - "framebuffer": { - "free_size": 14923, - "used_size": 5 - } - }, - "nvlink": { - "bandwidth_total": 0 + "job": "prometheus" }, - "pcie": { - "replay": 0 - }, - "power": { - "energy_consumption_total": 27649212030, - "usage": 12.239 - }, - "temperature": { - "gpu": 36, - "memory": 0 - }, - "utilization": { - "decoder": { - "pct": 0 - }, - "encoder": { - "pct": 0 - }, - "gpu": { - "pct": 0 - }, - "memory_copy": { - "pct": 0 - } - } + "up": "1" }, "host": { "architecture": "x86_64", "containerized": true, - "hostname": "elastic-agent-58660", + "hostname": "elastic-agent-35074", "ip": [ - "172.18.0.7", - "192.168.32.2" + "192.168.251.5", + "192.168.252.2" ], "mac": [ - "A6-27-18-C5-0D-F0", - "EA-10-B8-A2-8C-94" + "02-42-C0-A8-FB-05", + "02-42-C0-A8-FC-02" ], - "name": "elastic-agent-58660", + "name": "elastic-agent-35074", "os": { "family": "", - "kernel": "5.15.153.1-microsoft-standard-WSL2", + "kernel": "3.10.0-1160.92.1.el7.x86_64", "name": "Wolfi", "platform": "wolfi", "type": "linux",