Merge branch 'main' into add_mssql_alerts

Author: muthu-mps

.buildkite/pipeline.publish.yml

@@ -1,7 +1,7 @@
 # yaml-language-server: $schema=https://raw.githubusercontent.com/buildkite/pipeline-schema/main/schema.json
 
 env:
-  SETUP_GVM_VERSION: "v0.5.2"
+  SETUP_GVM_VERSION: "v0.6.0"
   LINUX_AGENT_IMAGE: "golang:${GO_VERSION}"
   DOCKER_COMPOSE_VERSION: "v2.24.1"
   DOCKER_VERSION: "false"

.buildkite/pipeline.schedule-daily.yml

@@ -2,7 +2,7 @@
 name: integrations-schedule-daily
 
 env:
-  SETUP_GVM_VERSION: "v0.5.2"
+  SETUP_GVM_VERSION: "v0.6.0"
   LINUX_AGENT_IMAGE: "golang:${GO_VERSION}"
 
 # The pipeline is triggered by the scheduler every day
@@ -34,7 +34,7 @@ steps:
       env:
         SERVERLESS: "false"
         FORCE_CHECK_ALL: "true"
-        STACK_VERSION: 8.19.4-SNAPSHOT
+        STACK_VERSION: 8.19.8-SNAPSHOT
         PUBLISH_COVERAGE_REPORTS: "true"
     depends_on:
       - step: "check"
@@ -48,7 +48,7 @@ steps:
       env:
         SERVERLESS: "false"
         FORCE_CHECK_ALL: "true"
-        STACK_VERSION: 8.19.4-SNAPSHOT
+        STACK_VERSION: 8.19.8-SNAPSHOT
         STACK_LOGSDB_ENABLED: "true"
         PUBLISH_COVERAGE_REPORTS: "false"
     depends_on:
@@ -86,13 +86,13 @@ steps:
     if: |
       build.env('TEST_PACKAGES_BASIC_SUBSCRIPTION') == "true"
 
-  - label: "Check integrations local stacks - Stack Version v9.2"
+  - label: "Check integrations local stacks - Stack Version v9.3"
     trigger: "integrations"
     build:
       env:
         SERVERLESS: "false"
         FORCE_CHECK_ALL: "true"
-        STACK_VERSION: 9.2.0-SNAPSHOT
+        STACK_VERSION: 9.3.0-SNAPSHOT
         PUBLISH_COVERAGE_REPORTS: "false"
     depends_on:
       - step: "check"

.buildkite/pipeline.schedule-weekly.yml

@@ -2,7 +2,7 @@
 name: integrations-schedule-weekly
 
 env:
-  SETUP_GVM_VERSION: "v0.5.2"
+  SETUP_GVM_VERSION: "v0.6.0"
   LINUX_AGENT_IMAGE: "golang:${GO_VERSION}"
 
 # The pipeline is triggered by the scheduler every week
@@ -21,20 +21,20 @@ steps:
       env:
         SERVERLESS: "false"
         FORCE_CHECK_ALL: "true"
-        STACK_VERSION: 8.19.4-SNAPSHOT
+        STACK_VERSION: 8.19.8-SNAPSHOT
         PUBLISH_COVERAGE_REPORTS: "false"
         ELASTIC_PACKAGE_DISABLE_ELASTIC_AGENT_WOLFI: "true"
     depends_on:
       - step: "check"
         allow_failure: false
 
-  - label: "Check integrations local stacks and non-wolfi images for Elastic Agent - Stack Version v9.2"
+  - label: "Check integrations local stacks and non-wolfi images for Elastic Agent - Stack Version v9.3"
     trigger: "integrations"
     build:
       env:
         SERVERLESS: "false"
         FORCE_CHECK_ALL: "true"
-        STACK_VERSION: 9.2.0-SNAPSHOT
+        STACK_VERSION: 9.3.0-SNAPSHOT
         PUBLISH_COVERAGE_REPORTS: "false"
         ELASTIC_PACKAGE_DISABLE_ELASTIC_AGENT_WOLFI: "true"
     depends_on:

.buildkite/pipeline.serverless.yml

@@ -1,7 +1,7 @@
 # yaml-language-server: $schema=https://raw.githubusercontent.com/buildkite/pipeline-schema/main/schema.json
 
 env:
-  SETUP_GVM_VERSION: "v0.5.2"
+  SETUP_GVM_VERSION: "v0.6.0"
   LINUX_AGENT_IMAGE: "golang:${GO_VERSION}"
   DOCKER_COMPOSE_VERSION: "v2.24.1"
   DOCKER_VERSION: "false" # not required to set since system tests are not running yet
@@ -109,6 +109,8 @@ steps:
   - label: ":github: Report failed tests"
     key: report-failed-tests
     command: ".buildkite/scripts/report_issues.sh"
+    env:
+      CI_MAX_TESTS_REPORTED: 30
     agents:
       image: "${LINUX_AGENT_IMAGE}"
       cpu: "8"

.buildkite/pipeline.yml

@@ -1,6 +1,6 @@
 # yaml-language-server: $schema=https://raw.githubusercontent.com/buildkite/pipeline-schema/main/schema.json
 env:
-  SETUP_GVM_VERSION: "v0.5.2"
+  SETUP_GVM_VERSION: "v0.6.0"
   DOCKER_COMPOSE_VERSION: "v2.24.1"
   DOCKER_VERSION: "26.1.2"
   KIND_VERSION: 'v0.27.0'
@@ -103,21 +103,6 @@ steps:
       build.env('BUILDKITE_PULL_REQUEST') != "false" &&
       build.env('BUILDKITE_PIPELINE_SLUG') == "integrations"
 
-  - label: ":sonarqube: Continuous Code Inspection"
-    soft_fail: true # FIXME: Coverage is failing, remove this after solving the issue
-    timeout_in_minutes: 120
-    env:
-      VAULT_SONAR_TOKEN_PATH: "kv/ci-shared/platform-ingest/elastic/integrations/sonar-analyze-token"
-    agents:
-      image: "docker.elastic.co/cloud-ci/sonarqube/buildkite-scanner:latest"
-      cpu: "8"
-      memory: "4G"
-    command: ".buildkite/scripts/run_sonar_scanner.sh"
-    artifact_paths:
-      - build/test-coverage/coverage_merged.xml
-    if: |
-      build.env('BUILDKITE_PIPELINE_SLUG') == "integrations"
-
   - label: ":junit: Junit annotate"
     agents:
       # requires at least "bash", "curl" and "git"

.buildkite/scripts/run_sonar_scanner.sh

@@ -13,7 +13,9 @@
 /packages/abnormal_security @elastic/security-service-integrations
 /packages/activemq @elastic/obs-infraobs-integrations
 /packages/admin_by_request_epm @elastic/security-service-integrations
+/packages/agentless_hello_world @elastic/agentless-team
 /packages/airflow @elastic/obs-infraobs-integrations
+/packages/airlock_digital @elastic/security-service-integrations
 /packages/akamai @elastic/security-service-integrations
 /packages/amazon_security_lake @elastic/security-service-integrations
 /packages/apache @elastic/obs-infraobs-integrations
@@ -84,8 +86,11 @@
 /packages/aws_bedrock/data_stream/invocation @elastic/security-service-integrations
 /packages/aws_bedrock/data_stream/runtime @elastic/obs-infraobs-integrations
 /packages/aws_billing @elastic/obs-infraobs-integrations 
+/packages/aws_cloudtrail_otel @elastic/obs-infraobs-integrations
 /packages/aws_logs @elastic/obs-ds-hosted-services
 /packages/aws_mq @elastic/obs-infraobs-integrations
+/packages/aws_bedrock_agentcore @elastic/obs-infraobs-integrations
+/packages/aws_vpcflow_otel @elastic/obs-infraobs-integrations
 /packages/awsfargate @elastic/obs-infraobs-integrations
 /packages/awsfirehose @elastic/obs-ds-hosted-services
 /packages/azure @elastic/obs-infraobs-integrations @elastic/obs-ds-hosted-services @elastic/security-service-integrations
@@ -173,9 +178,9 @@
 /packages/citrix_waf @elastic/integration-experience
 /packages/claroty_ctd @elastic/security-service-integrations
 /packages/claroty_xdome @elastic/security-service-integrations
-/packages/cloud_asset_inventory @elastic/cloud-security-posture
+/packages/cloud_asset_inventory @elastic/contextual-security
 /packages/cloud_defend @elastic/sec-linux-platform
-/packages/cloud_security_posture @elastic/cloud-security-posture
+/packages/cloud_security_posture @elastic/contextual-security
 /packages/cloudflare @elastic/security-service-integrations
 /packages/cloudflare_logpush @elastic/security-service-integrations
 /packages/cockroachdb @elastic/obs-infraobs-integrations
@@ -190,6 +195,7 @@
 /packages/cyberark_pta @elastic/security-service-integrations
 /packages/cyberarkpas @elastic/security-service-integrations
 /packages/cybereason @elastic/security-service-integrations
+/packages/cyera @elastic/security-service-integrations
 /packages/cylance @elastic/security-service-integrations
 /packages/darktrace @elastic/security-service-integrations
 /packages/ded @elastic/ml-ui @elastic/sec-applied-ml
@@ -202,6 +208,7 @@
 /packages/elastic_package_registry @elastic/ecosystem
 /packages/elastic_security @elastic/security-service-integrations
 /packages/elasticsearch @elastic/stack-monitoring
+/packages/aws_elb_otel @elastic/obs-infraobs-integrations
 /packages/endace @elastic/integration-experience @elastic/sec-linux-platform
 /packages/endace/data_stream/flow @elastic/sec-linux-platform
 /packages/endace/data_stream/log @elastic/integration-experience
@@ -212,7 +219,7 @@
 /packages/entro @elastic/security-service-integrations
 /packages/envoyproxy @elastic/obs-infraobs-integrations
 /packages/eset_protect @elastic/security-service-integrations
-/packages/ess_billing @elastic/customer-architects
+/packages/ess_billing @elastic/customer-architects @elastic/obs-infraobs-integrations
 /packages/etcd @elastic/obs-infraobs-integrations
 /packages/extrahop @elastic/security-service-integrations
 /packages/f5_bigip @elastic/security-service-integrations
@@ -269,6 +276,7 @@
 /packages/hta @elastic/sec-applied-ml
 /packages/http_endpoint @elastic/security-service-integrations
 /packages/httpjson @elastic/security-service-integrations
+/packages/ibm_qradar @elastic/security-service-integrations
 /packages/ibmmq @elastic/obs-infraobs-integrations
 /packages/iis @elastic/obs-infraobs-integrations
 /packages/iis_otel @elastic/obs-infraobs-integrations
@@ -293,6 +301,7 @@
 /packages/juniper_srx @elastic/integration-experience
 /packages/kafka @elastic/obs-infraobs-integrations
 /packages/kafka_log @elastic/obs-infraobs-integrations
+/packages/keeper_security_siem_integration @elastic/security-service-integrations
 /packages/keycloak @elastic/security-service-integrations
 /packages/kibana @elastic/stack-monitoring
 /packages/kubernetes @elastic/obs-ds-hosted-services
@@ -327,6 +336,7 @@
 /packages/mysql_otel @elastic/obs-infraobs-integrations
 /packages/nagios_xi @elastic/obs-infraobs-integrations
 /packages/nats @elastic/obs-infraobs-integrations
+/packages/neon_cyber @elastic/security-service-integrations
 /packages/netflow @elastic/integration-experience
 /packages/netscout @elastic/integration-experience
 /packages/netskope @elastic/security-service-integrations
@@ -425,6 +435,7 @@
 /packages/system/data_stream/load @elastic/obs-infraobs-integrations
 /packages/system/data_stream/memory @elastic/obs-infraobs-integrations
 /packages/system/data_stream/network @elastic/obs-infraobs-integrations
+/packages/system/data_stream/ntp @elastic/obs-infraobs-integrations
 /packages/system/data_stream/process @elastic/obs-infraobs-integrations
 /packages/system/data_stream/process_summary @elastic/obs-infraobs-integrations
 /packages/system/data_stream/security @elastic/sec-windows-platform

.github/CODEOWNERS

@@ -19,9 +19,12 @@ body:
         - Active Directory Entity Analytics [entityanalytics_ad]
         - ActiveMQ [activemq]
         - Admin By Request EPM [admin_by_request_epm]
+        - Agentless Hello World [agentless_hello_world]
         - Airflow [airflow]
+        - Airlock Digital [airlock_digital]
         - Akamai [akamai]
         - AlienVault OTX [ti_otx]
+        - Amazon Bedrock AgentCore [aws_bedrock_agentcore]
         - Amazon Bedrock [aws_bedrock]
         - Amazon Data Firehose [awsfirehose]
         - Amazon MQ [aws_mq]
@@ -41,8 +44,11 @@ body:
         - Auditd Manager [auditd_manager]
         - Auth0 [auth0]
         - authentik [authentik]
+        - AWS CloudTrail Logs OpenTelemetry Assets [aws_cloudtrail_otel]
         - AWS Cost and Usage Report (CUR 2.0) [aws_billing]
+        - AWS ELB OpenTelemetry Assets [aws_elb_otel]
         - AWS Fargate (for ECS clusters) [awsfargate]
+        - AWS VPC Flow Logs OpenTelemetry Assets [aws_vpcflow_otel]
         - AWS [aws]
         - Azure AI Foundry [azure_ai_foundry]
         - Azure App Service [azure_app_service]
@@ -132,6 +138,7 @@ body:
         - Cyberark Privileged Threat Analytics [cyberark_pta]
         - Cybereason [cybereason]
         - Cybersixgill [ti_cybersixgill]
+        - Cyera [cyera]
         - CylanceProtect Logs (Deprecated) [cylance]
         - Cyware Intel Exchange [ti_cyware_intel_exchange]
         - Darktrace [darktrace]
@@ -194,6 +201,7 @@ body:
         - Host Traffic Anomalies [hta]
         - HPE Aruba CX [hpe_aruba_cx]
         - IBM MQ [ibmmq]
+        - IBM QRadar [ibm_qradar]
         - IIS OpenTelemetry assets [iis_otel]
         - IIS [iis]
         - Imperva Cloud WAF [imperva_cloud_waf]
@@ -214,6 +222,7 @@ body:
         - Juniper NetScreen (Deprecated) [juniper_netscreen]
         - Juniper SRX [juniper_srx]
         - Kafka [kafka]
+        - Keeper Security [keeper_security_siem_integration]
         - Keycloak [keycloak]
         - Kibana [kibana]
         - Kubernetes OpenTelemetry Assets [kubernetes_otel]
@@ -253,6 +262,7 @@ body:
         - MySQL [mysql]
         - Nagios XI [nagios_xi]
         - NATS [nats]
+        - Neon Cyber [neon_cyber]
         - NetFlow Records [netflow]
         - Netskope [netskope]
         - Network Beaconing Identification [beaconing]

.github/ISSUE_TEMPLATE/integration_bug.yml

@@ -19,9 +19,12 @@ body:
         - Active Directory Entity Analytics [entityanalytics_ad]
         - ActiveMQ [activemq]
         - Admin By Request EPM [admin_by_request_epm]
+        - Agentless Hello World [agentless_hello_world]
         - Airflow [airflow]
+        - Airlock Digital [airlock_digital]
         - Akamai [akamai]
         - AlienVault OTX [ti_otx]
+        - Amazon Bedrock AgentCore [aws_bedrock_agentcore]
         - Amazon Bedrock [aws_bedrock]
         - Amazon Data Firehose [awsfirehose]
         - Amazon MQ [aws_mq]
@@ -41,8 +44,11 @@ body:
         - Auditd Manager [auditd_manager]
         - Auth0 [auth0]
         - authentik [authentik]
+        - AWS CloudTrail Logs OpenTelemetry Assets [aws_cloudtrail_otel]
         - AWS Cost and Usage Report (CUR 2.0) [aws_billing]
+        - AWS ELB OpenTelemetry Assets [aws_elb_otel]
         - AWS Fargate (for ECS clusters) [awsfargate]
+        - AWS VPC Flow Logs OpenTelemetry Assets [aws_vpcflow_otel]
         - AWS [aws]
         - Azure AI Foundry [azure_ai_foundry]
         - Azure App Service [azure_app_service]
@@ -132,6 +138,7 @@ body:
         - Cyberark Privileged Threat Analytics [cyberark_pta]
         - Cybereason [cybereason]
         - Cybersixgill [ti_cybersixgill]
+        - Cyera [cyera]
         - CylanceProtect Logs (Deprecated) [cylance]
         - Cyware Intel Exchange [ti_cyware_intel_exchange]
         - Darktrace [darktrace]
@@ -194,6 +201,7 @@ body:
         - Host Traffic Anomalies [hta]
         - HPE Aruba CX [hpe_aruba_cx]
         - IBM MQ [ibmmq]
+        - IBM QRadar [ibm_qradar]
         - IIS OpenTelemetry assets [iis_otel]
         - IIS [iis]
         - Imperva Cloud WAF [imperva_cloud_waf]
@@ -214,6 +222,7 @@ body:
         - Juniper NetScreen (Deprecated) [juniper_netscreen]
         - Juniper SRX [juniper_srx]
         - Kafka [kafka]
+        - Keeper Security [keeper_security_siem_integration]
         - Keycloak [keycloak]
         - Kibana [kibana]
         - Kubernetes OpenTelemetry Assets [kubernetes_otel]
@@ -253,6 +262,7 @@ body:
         - MySQL [mysql]
         - Nagios XI [nagios_xi]
         - NATS [nats]
+        - Neon Cyber [neon_cyber]
         - NetFlow Records [netflow]
         - Netskope [netskope]
         - Network Beaconing Identification [beaconing]

.github/ISSUE_TEMPLATE/integration_feature_request.yml

@@ -25,7 +25,7 @@ jobs:
       - uses: actions/checkout@v5
 
       - name: Install Updatecli in the runner
-        uses: updatecli/updatecli-action@0224b21c3687ac1a7510298d58c9a42db84e5814 #v2.92.0
+        uses: updatecli/updatecli-action@5ca36367fadc6ad94d590984fd9c696e783ec635 #v2.96.0
 
       - name: Select diff action
         if: ${{ github.event_name == 'pull_request' }}