[meta] Upgrade integrations to ECS 8.7 #5763
Description
This is a meta issue to track ECS 8.7 updates to Fleet integrations maintained by the elastic/security-external-integrations team.
ECS 8.7 Changes :
This is a summary of the changes in ECS 8.7. You can view the official changelog here.
Added :
No features added to ECS in 8.7 required changes in SEI packages.
- added name field to threat.indicator Introduce threat.indicator.name field ecs#2121
- added api option to event.category Add the
apivalue toevent.categoryecs#2147 - added library option to event.category Adding library category to the schema ecs#2154
SEI owned Integrations
All SEI integrations are updated in #5765
Integrations SEI contributes to
Currently the following integrations are being reviewed to check if the api option for event.category has any impact on the following packages (any inputs appreciated) :
- aws.cloudtrail
- aws.vpcflow
- system.application
- system.auth
- system.security
- system.system
- windows.forwarded
- windows.powershell
- windows.powershell_operational
- windows.sysmon_operational
SEI Integrations Checklist :
elastic/security-external-integrations:
- 1password
- akamai
- atlassian_bitbucket
- atlassian_confluence
- atlassian_jira
- auditd
- auditd_manager
- auth0
- azure_blob_storage
- azure_frontdoor
- barracuda
- barracuda_cloudgen_firewall
- bluecoat
- box_events
- carbon_black_cloud
- carbonblack_edr
- cef
- checkpoint
- cisco_aironet
- cisco_asa
- cisco_duo
- cisco_ftd
- cisco_ios
- cisco_ise
- cisco_meraki
- cisco_nexus
- cisco_secure_email_gateway
- cisco_secure_endpoint
- cisco_umbrella
- citrix_waf
- cloudflare
- cloudflare_logpush
- crowdstrike
- cyberark_pta
- cyberarkpas
- cylance
- darktrace
- f5
- f5_bigip
- fim
- fireeye
- forcepoint_web
- forgerock
- fortinet_forticlient
- fortinet_fortiedr
- fortinet_fortigate
- fortinet_fortimail
- fortinet_fortimanager
- gcp
- gcp_pubsub
- github
- google_cloud_storage
- google_workspace
- hashicorp_vault
- hid_bravura_monitor
- http_endpoint
- httpjson
- imperva
- infoblox_bloxone_ddi
- infoblox_nios
- iptables
- jamf_compliance_reporter
- jumpcloud
- juniper_junos
- juniper_netscreen
- juniper_srx
- keycloak
- lastpass
- lyve_cloud
- m365_defender
- mattermost
- microsoft_defender_endpoint
- microsoft_dhcp
- microsoft_exchange_online_message_trace
- mimecast
- modsecurity
- mysql_enterprise
- netflow
- netscout
- netskope
- network_traffic
- o365
- okta
- osquery
- panw
- panw_cortex_xdr
- pfsense
- ping_one
- proofpoint_tap
- pulse_connect_secure
- qnap_nas
- radware
- santa
- sentinel_one
- slack
- snort
- snyk
- sonicwall_firewall
- sophos
- sophos_central
- squid
- suricata
- symantec_endpoint
- sysmon_linux
- system_audit
- tanium
- tcp
- tenable_io
- tenable_sc
- thycotic_ss
- ti_abusech
- ti_anomali
- ti_cif3
- ti_cybersixgill
- ti_misp
- ti_otx
- ti_rapid7_threat_command
- ti_recordedfuture
- ti_threatq
- ti_util
- tines
- trend_micro_vision_one
- trendmicro
- udp
- winlog
- zeek
- zerofox
- zoom
- zscaler_zia
- zscaler_zpa
Relates to : https://github.com/elastic/security-team/issues/5720