Merge branch 'master' into stefnestor-patch-1

Author: stefnestor

.buildkite/pipeline.schedule-daily.yml

@@ -86,13 +86,13 @@ steps:
     if: |
       build.env('TEST_PACKAGES_BASIC_SUBSCRIPTION') == "true"
 
-  - label: "Check integrations local stacks - Stack Version v9.1"
+  - label: "Check integrations local stacks - Stack Version v9.2"
     trigger: "integrations"
     build:
       env:
         SERVERLESS: "false"
         FORCE_CHECK_ALL: "true"
-        STACK_VERSION: 9.1.0-SNAPSHOT
+        STACK_VERSION: 9.2.0-SNAPSHOT
         PUBLISH_COVERAGE_REPORTS: "false"
     depends_on:
       - step: "check"

.buildkite/pipeline.schedule-weekly.yml

@@ -28,13 +28,13 @@ steps:
       - step: "check"
         allow_failure: false
 
-  - label: "Check integrations local stacks and non-wolfi images for Elastic Agent - Stack Version v9.1"
+  - label: "Check integrations local stacks and non-wolfi images for Elastic Agent - Stack Version v9.2"
     trigger: "integrations"
     build:
       env:
         SERVERLESS: "false"
         FORCE_CHECK_ALL: "true"
-        STACK_VERSION: 9.1.0-SNAPSHOT
+        STACK_VERSION: 9.2.0-SNAPSHOT
         PUBLISH_COVERAGE_REPORTS: "false"
         ELASTIC_PACKAGE_DISABLE_ELASTIC_AGENT_WOLFI: "true"
     depends_on:

.buildkite/pull-requests.json

@@ -13,7 +13,17 @@
       "always_trigger_comment_regex": "^(?:(?:buildkite\\W+)?(?:build|test)\\W+(?:this|it))|^/test$|^/test benchmark fullreport$",
       "skip_ci_labels": [],
       "skip_target_branches": [],
-      "skip_ci_on_only_changed": ["^.github/workflows/", "^.github/dependabot.yml$", "^.github/ISSUE_TEMPLATE/", "^docs/", "^catalog-info.yaml$", "^.buildkite/pull-requests.json$"],
+      "skip_ci_on_only_changed": [
+        "^.github/workflows/",
+        "^.github/dependabot.yml$",
+        "^.github/ISSUE_TEMPLATE/",
+        "^docs/",
+        "^catalog-info.yaml$",
+        "^.buildkite/pipeline.schedule-daily.yml$",
+        "^.buildkite/pipeline.schedule-weekly.yml$",
+        "^.buildkite/pipeline.backport.yml$",
+        "^.buildkite/pull-requests.json$"
+      ],
       "always_require_ci_on_changed": []
     },
     {

.buildkite/scripts/common.sh

@@ -746,7 +746,7 @@ is_pr_affected() {
     # Example:
     # https://buildkite.com/elastic/integrations/builds/25606
     # https://github.com/elastic/integrations/pull/13810
-    if git diff --name-only "${commit_merge}" "${to}" | grep -E -v '^(packages/|\.github/(CODEOWNERS|ISSUE_TEMPLATE|PULL_REQUEST_TEMPLATE)|README\.md|docs/|catalog-info\.yaml|\.buildkite/pull-requests\.json)' > /dev/null; then
+    if git diff --name-only "${commit_merge}" "${to}" | grep -E -v '^(packages/|\.github/(CODEOWNERS|ISSUE_TEMPLATE|PULL_REQUEST_TEMPLATE)|README\.md|docs/|catalog-info\.yaml|\.buildkite/(pull-requests\.json|pipeline\.schedule-daily\.yml|pipeline\.schedule-weekly\.yml|pipeline\.backport\.yml))' > /dev/null; then
         echo "[${package}] PR is affected: found non-package files"
         return 0
     fi

go.mod

@@ -3,7 +3,7 @@ module github.com/elastic/integrations
 go 1.24.2
 
 require (
-	github.com/Masterminds/semver/v3 v3.3.1
+	github.com/Masterminds/semver/v3 v3.4.0
 	github.com/blang/semver v3.5.1+incompatible
 	github.com/cli/go-gh/v2 v2.12.1
 	github.com/elastic/elastic-package v0.112.0
@@ -91,7 +91,7 @@ require (
 	github.com/go-openapi/jsonreference v0.21.0 // indirect
 	github.com/go-openapi/strfmt v0.23.0 // indirect
 	github.com/go-openapi/swag v0.23.0 // indirect
-	github.com/go-viper/mapstructure/v2 v2.2.1 // indirect
+	github.com/go-viper/mapstructure/v2 v2.3.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/google/btree v1.1.3 // indirect

go.sum

@@ -61,8 +61,8 @@ github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ
 github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE=
 github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
 github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
-github.com/Masterminds/semver/v3 v3.3.1 h1:QtNSWtVZ3nBfk8mAOu/B6v7FMJ+NHTIgUPi7rj+4nv4=
-github.com/Masterminds/semver/v3 v3.3.1/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM=
+github.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0=
+github.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM=
 github.com/Masterminds/sprig/v3 v3.3.0 h1:mQh0Yrg1XPo6vjYXgtf5OtijNAKJRNcTdOOGZe3tPhs=
 github.com/Masterminds/sprig/v3 v3.3.0/go.mod h1:Zy1iXRYNqNLUolqCpL4uhk6SHUMAOSCzdgBfDb35Lz0=
 github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2 h1:+vx7roKuyA63nhn5WAunQHLTznkw5W8b1Xc0dNjp83s=
@@ -232,8 +232,8 @@ github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+Gr
 github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ=
 github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
 github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
-github.com/go-viper/mapstructure/v2 v2.2.1 h1:ZAaOCxANMuZx5RCeg0mBdEZk7DZasvvZIxtHqx8aGss=
-github.com/go-viper/mapstructure/v2 v2.2.1/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
+github.com/go-viper/mapstructure/v2 v2.3.0 h1:27XbWsHIqhbdR5TIC911OfYvgSaW93HM+dX7970Q7jk=
+github.com/go-viper/mapstructure/v2 v2.3.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
 github.com/goccy/go-json v0.10.5 h1:Fq85nIqj+gXn/S5ahsiTlK3TmC85qgirsdTP/+DeaC4=
 github.com/goccy/go-json v0.10.5/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=

packages/abnormal_security/_dev/build/docs/README.md

@@ -1,12 +1,12 @@
-# Abnormal Security
+# Abnormal AI
 
-Abnormal Security is a behavioral AI-based email security platform that learns the behavior of every identity in a cloud email environment and analyzes the risk of every event to block even the most sophisticated attacks.
+Abnormal AI is a behavioral AI-based email security platform that learns the behavior of every identity in a cloud email environment and analyzes the risk of every event to block even the most sophisticated attacks.
 
-The Abnormal Security integration collects data for AI Security Mailbox (formerly known as Abuse Mailbox), Audit, Case, and Threat logs using REST API.
+The Abnormal AI integration collects data for AI Security Mailbox (formerly known as Abuse Mailbox), Audit, Case, and Threat logs using REST API.
 
 ## Data streams
 
-The Abnormal Security integration collects six types of logs:
+The Abnormal AI integration collects six types of logs:
 
 - **[AI Security Mailbox](https://app.swaggerhub.com/apis-docs/abnormal-security/abx/1.4.3#/AI%20Security%20Mailbox%20(formerly%20known%20as%20Abuse%20Mailbox))** - Get details of AI Security Mailbox.
 
@@ -26,31 +26,31 @@ Elastic Agent must be installed. For more details, check the Elastic Agent [inst
 
 ## Setup
 
-### To collect data from the Abnormal Security Client API:
+### To collect data from the Abnormal AI Client API:
 
 #### Step 1: Go to Portal
-* Visit the [Abnormal Security Portal](https://portal.abnormalsecurity.com/home/settings/integrations) and click on the `Abnormal REST API` setting.
+* Visit the [Abnormal AI Portal](https://portal.abnormalsecurity.com/home/settings/integrations) and click on the `Abnormal REST API` setting.
 
 #### Step 2: Generating the authentication token
-* Retrieve your authentication token. This token will be used further in the Elastic integration setup to authenticate and access different Abnormal Security Logs.
+* Retrieve your authentication token. This token will be used further in the Elastic integration setup to authenticate and access different Abnormal AI Logs.
 
 #### Step 3: IP allowlisting
-* Abnormal Security requires you to restrict API access based on source IP. So in order for the integration to work, user needs to update the IP allowlisting to include the external source IP of the endpoint running the integration via Elastic Agent.
+* Abnormal AI requires you to restrict API access based on source IP. So in order for the integration to work, user needs to update the IP allowlisting to include the external source IP of the endpoint running the integration via Elastic Agent.
 
 ### Enabling the integration in Elastic:
 
 1. In Kibana navigate to Management > Integrations.
-2. In "Search for integrations" top bar, search for `Abnormal Security`.
-3. Select the "Abnormal Security" integration from the search results.
-4. Select "Add Abnormal Security" to add the integration.
+2. In "Search for integrations" top bar, search for `Abnormal AI`.
+3. Select the "Abnormal AI" integration from the search results.
+4. Select "Add Abnormal AI" to add the integration.
 5. Add all the required integration configuration parameters, including Access Token, Interval, Initial Interval and Page Size to enable data collection.
 6. Select "Save and continue" to save the integration.
 
-**Note**: By default, the URL is set to `https://api.abnormalplatform.com`. We have observed that Abnormal Security Base URL changes based on location so find your own base URL.
+**Note**: By default, the URL is set to `https://api.abnormalplatform.com`. We have observed that Abnormal AI Base URL changes based on location so find your own base URL.
 
 ### Enabling enrichment for Threat events
 
-Introduced in version 1.8.0, the Abnormal Security integration includes a new option called `Enable Attachments and Links enrichment` for the Threat data stream. When enabled, this feature enriches incoming threat events with additional details about any attachments and links included in the original message.
+Introduced in version 1.8.0, the Abnormal AI integration includes a new option called `Enable Attachments and Links enrichment` for the Threat data stream. When enabled, this feature enriches incoming threat events with additional details about any attachments and links included in the original message.
 
 ## Logs reference
 

packages/abnormal_security/changelog.yml

@@ -1,4 +1,11 @@
 # newer versions go on top
+- version: "1.9.0"
+  changes:
+    - description: |
+        Rebrand integration to Abnormal AI to align with the current vendor's branding.
+        This is a superficial branding update only and does not affect existing functionalities.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/14357
 - version: "1.8.1"
   changes:
     - description: Prevent loss of recent unprocessed messages by the `ai_security_mailbox_not_analyzed` data stream.

packages/abnormal_security/data_stream/ai_security_mailbox/manifest.yml

@@ -13,11 +13,11 @@ streams:
         required: true
         show_user: true
         default: 24h
-        description: How far back to pull the AI Security Mailbox logs from Abnormal Security API. Supported units for this parameter are h/m/s.
+        description: How far back to pull the AI Security Mailbox logs from Abnormal AI API. Supported units for this parameter are h/m/s.
       - name: interval
         type: text
         title: Interval
-        description: Duration between requests to the Abnormal Security API. Supported units for this parameter are h/m/s.
+        description: Duration between requests to the Abnormal AI API. Supported units for this parameter are h/m/s.
         default: 5m
         multi: false
         required: true
@@ -28,7 +28,7 @@ streams:
         multi: false
         required: true
         show_user: false
-        description: Page size for the response of the Abnormal Security API.
+        description: Page size for the response of the Abnormal AI API.
         default: 100
       - name: http_client_timeout
         type: text

packages/abnormal_security/data_stream/ai_security_mailbox_not_analyzed/manifest.yml

@@ -13,18 +13,18 @@ streams:
         required: true
         show_user: true
         default: 2160h
-        description: How far back to pull the AI Security Mailbox Not Analyzed messages from Abnormal Security API. Defaults to 90 days (2160h) before end. Supported units for this parameter are h/m/s.
+        description: How far back to pull the AI Security Mailbox Not Analyzed messages from Abnormal AI API. Defaults to 90 days (2160h) before end. Supported units for this parameter are h/m/s.
       - name: wait_interval
         type: text
         title: Recent Message Grace Interval 
         multi: false
         required: true
         show_user: true
-        description: How long to wait before attempting to collect recent messages. This option allows the Abnormal Security API to complete analysis of messages before the agent attempts to collect them. This should not be greater than the initial interval. Supported units for this parameter are h/m/s.
+        description: How long to wait before attempting to collect recent messages. This option allows the Abnormal AI API to complete analysis of messages before the agent attempts to collect them. This should not be greater than the initial interval. Supported units for this parameter are h/m/s.
       - name: interval
         type: text
         title: Interval
-        description: Duration between requests to the Abnormal Security API. Defaults to 1 hour. Supported units for this parameter are h/m/s.
+        description: Duration between requests to the Abnormal AI API. Defaults to 1 hour. Supported units for this parameter are h/m/s.
         default: 1h
         multi: false
         required: true