diff --git a/.github/ISSUE_TEMPLATE/integration_feature_request.yml b/.github/ISSUE_TEMPLATE/integration_feature_request.yml new file mode 100644 index 00000000000..274735c732b --- /dev/null +++ b/.github/ISSUE_TEMPLATE/integration_feature_request.yml @@ -0,0 +1,391 @@ +name: Integration Feature Request +description: Request a new feature for an existing Elastic integration. +title: "[Integration Name]: Brief description of the feature" +labels: ["needs:triage"] +body: + - type: markdown + attributes: + value: | + Thanks for taking the time to fill out this issue report! + - type: dropdown + id: integration_name + attributes: + label: Integration Name + description: Which integration package is the request for? + options: + - 1Password [1password] + - Abnormal Security [abnormal_security] + - ActiveMQ [activemq] + - Airflow [airflow] + - Akamai [akamai] + - Amazon Security Lake [amazon_security_lake] + - Apache HTTP Server [apache] + - Apache Spark [apache_spark] + - Apache Tomcat [apache_tomcat] + - Elastic APM [apm] + - Arista NG Firewall [arista_ngfw] + - Atlassian Bitbucket [atlassian_bitbucket] + - Atlassian Confluence [atlassian_confluence] + - Atlassian Jira [atlassian_jira] + - Auditd Logs [auditd] + - Auditd Manager [auditd_manager] + - Auth0 [auth0] + - authentik [authentik] + - AWS [aws] + - Amazon Bedrock [aws_bedrock] + - Custom AWS Logs [aws_logs] + - AWS Fargate (for ECS clusters) [awsfargate] + - Amazon Data Firehose [awsfirehose] + - Azure Logs [azure] + - Azure App Service [azure_app_service] + - Azure Application Insights Metrics Overview [azure_application_insights] + - Azure Billing Metrics [azure_billing] + - Custom Azure Blob Storage Input [azure_blob_storage] + - Azure Frontdoor [azure_frontdoor] + - Azure Functions [azure_functions] + - Custom Azure Logs [azure_logs] + - Azure Resource Metrics [azure_metrics] + - Azure Network Watcher NSG [azure_network_watcher_nsg] + - Azure Network Watcher VNet [azure_network_watcher_vnet] + - Azure OpenAI [azure_openai] + - Barracuda Web Application Firewall [barracuda] + - Barracuda CloudGen Firewall Logs [barracuda_cloudgen_firewall] + - BBOT (Bighuge BLS OSINT Tool) [bbot] + - Network Beaconing Identification [beaconing] + - Beat [beat] + - BitDefender [bitdefender] + - Bitwarden [bitwarden] + - blacklens.io [blacklens] + - Blue Coat Director Logs (Deprecated) [bluecoat] + - Box Events [box_events] + - Canva [canva] + - VMware Carbon Black Cloud [carbon_black_cloud] + - VMware Carbon Black EDR [carbonblack_edr] + - Cassandra [cassandra] + - Common Event Format (CEF) [cef] + - Custom API using Common Expression Language [cel] + - Ceph [ceph] + - Check Point [checkpoint] + - Check Point Harmony Email & Collaboration [checkpoint_email] + - Check Point Harmony Endpoint [checkpoint_harmony_endpoint] + - CISA Known Exploited Vulnerabilities [cisa_kevs] + - Cisco Aironet [cisco_aironet] + - Cisco ASA [cisco_asa] + - Cisco Duo [cisco_duo] + - Cisco FTD [cisco_ftd] + - Cisco IOS [cisco_ios] + - Cisco ISE [cisco_ise] + - Cisco Meraki [cisco_meraki] + - Cisco Meraki Metrics [cisco_meraki_metrics] + - Cisco Nexus [cisco_nexus] + - Cisco Secure Email Gateway [cisco_secure_email_gateway] + - Cisco Secure Endpoint [cisco_secure_endpoint] + - Cisco Umbrella [cisco_umbrella] + - Citrix ADC [citrix_adc] + - Citrix Web App Firewall [citrix_waf] + - Claroty CTD [claroty_ctd] + - Cloud Asset Inventory [cloud_asset_inventory] + - Defend for Containers [cloud_defend] + - Security Posture Management [cloud_security_posture] + - Cloudflare [cloudflare] + - Cloudflare Logpush [cloudflare_logpush] + - CockroachDB Metrics [cockroachdb] + - Containerd [containerd] + - CoreDNS [coredns] + - Corelight [corelight] + - Couchbase [couchbase] + - CouchDB [couchdb] + - Cribl [cribl] + - CrowdStrike [crowdstrike] + - Cyberark Privileged Threat Analytics [cyberark_pta] + - CyberArk Privileged Access Security [cyberarkpas] + - Cybereason [cybereason] + - CylanceProtect Logs [cylance] + - Darktrace [darktrace] + - Data Exfiltration Detection [ded] + - Domain Generation Algorithm Detection [dga] + - Digital Guardian [digital_guardian] + - Docker [docker] + - Elastic Agent [elastic_agent] + - Elastic Connectors [elastic_connectors] + - Elastic Package Registry [elastic_package_registry] + - Elasticsearch [elasticsearch] + - Enterprise Search [enterprisesearch] + - Active Directory Entity Analytics [entityanalytics_ad] + - Microsoft Entra ID Entity Analytics [entityanalytics_entra_id] + - Okta Entity Analytics [entityanalytics_okta] + - ESET PROTECT [eset_protect] + - etcd [etcd] + - F5 Logs (Deprecated) [f5] + - F5 BIG-IP [f5_bigip] + - Falco [falco] + - Custom Filestream Logs [filestream] + - File Integrity Monitoring [fim] + - FireEye Network Security [fireeye] + - First EPSS [first_epss] + - Fleet Server [fleet_server] + - Forcepoint Web Security [forcepoint_web] + - ForgeRock [forgerock] + - Fortinet FortiClient Logs [fortinet_forticlient] + - Fortinet FortiEDR Logs [fortinet_fortiedr] + - Fortinet FortiGate Firewall Logs [fortinet_fortigate] + - Fortinet FortiMail [fortinet_fortimail] + - Fortinet FortiManager Logs [fortinet_fortimanager] + - Fortinet FortiProxy [fortinet_fortiproxy] + - Google Cloud Platform [gcp] + - GCP Metrics Input [gcp_metrics] + - Custom Google Pub/Sub Logs [gcp_pubsub] + - GCP Vertex AI [gcp_vertexai] + - Gigamon [gigamon] + - GitHub [github] + - GitLab [gitlab] + - GoFlow2 logs [goflow2] + - Golang [golang] + - Custom GCS (Google Cloud Storage) Input [google_cloud_storage] + - Google Security Command Center [google_scc] + - Google Workspace [google_workspace] + - Hadoop [hadoop] + - HAProxy [haproxy] + - Hashicorp Vault [hashicorp_vault] + - Bravura Monitor [hid_bravura_monitor] + - Custom HTTP Endpoint Logs [http_endpoint] + - Custom API [httpjson] + - IBM MQ [ibmmq] + - IIS [iis] + - Imperva [imperva] + - Imperva Cloud WAF [imperva_cloud_waf] + - InfluxDb [influxdb] + - Infoblox BloxOne DDI [infoblox_bloxone_ddi] + - Infoblox NIOS [infoblox_nios] + - Iptables [iptables] + - Istio [istio] + - Jamf Compliance Reporter [jamf_compliance_reporter] + - Jamf Pro [jamf_pro] + - Jamf Protect [jamf_protect] + - Jolokia Input [jolokia_input] + - Custom Journald logs [journald] + - JumpCloud [jumpcloud] + - Juniper JunOS (Deprecated) [juniper_junos] + - Juniper NetScreen (Deprecated) [juniper_netscreen] + - Juniper SRX [juniper_srx] + - Kafka [kafka] + - Custom Kafka Logs [kafka_log] + - Keycloak [keycloak] + - Kibana [kibana] + - Kubernetes [kubernetes] + - Kubernetes OpenTelemetry Assets [kubernetes_otel] + - LastPass [lastpass] + - Linux Metrics [linux] + - Lateral Movement Detection [lmd] + - Custom Logs [log] + - Logstash [logstash] + - Lumos [lumos] + - Lyve Cloud [lyve_cloud] + - Microsoft M365 Defender [m365_defender] + - Mattermost [mattermost] + - Memcached [memcached] + - Menlo Security [menlo] + - Microsoft Defender for Cloud [microsoft_defender_cloud] + - Microsoft Defender for Endpoint [microsoft_defender_endpoint] + - Microsoft DHCP [microsoft_dhcp] + - Microsoft DNS Server [microsoft_dnsserver] + - Microsoft Exchange Online Message Trace [microsoft_exchange_online_message_trace] + - Microsoft Exchange Server [microsoft_exchange_server] + - Microsoft Sentinel [microsoft_sentinel] + - Microsoft SQL Server [microsoft_sqlserver] + - Mimecast [mimecast] + - ModSecurity Audit [modsecurity] + - MongoDB [mongodb] + - MongoDB Atlas [mongodb_atlas] + - MySQL [mysql] + - MySQL Enterprise [mysql_enterprise] + - Nagios XI [nagios_xi] + - NATS [nats] + - NetFlow Records [netflow] + - Arbor Peakflow SP Logs (Deprecated) [netscout] + - Netskope [netskope] + - Network Packet Capture [network_traffic] + - Nginx [nginx] + - Nginx Ingress Controller Logs [nginx_ingress_controller] + - Nginx Ingress Controller OpenTelemetry Logs [nginx_ingress_controller_otel] + - Microsoft Office 365 [o365] + - Okta [okta] + - OpenCanary [opencanary] + - Oracle [oracle] + - Oracle WebLogic [oracle_weblogic] + - Osquery Logs [osquery] + - Osquery Manager [osquery_manager] + - Palo Alto Next-Gen Firewall [panw] + - Palo Alto Cortex XDR [panw_cortex_xdr] + - Palo Alto Networks Metrics [panw_metrics] + - pfSense [pfsense] + - PHP-FPM [php_fpm] + - PingOne [ping_one] + - Platform Observability [platform_observability] + - PostgreSQL [postgresql] + - Pleasant Password Server [pps] + - Palo Alto Prisma Access [prisma_access] + - Palo Alto Prisma Cloud [prisma_cloud] + - Living off the Land Attack Detection [problemchild] + - Prometheus [prometheus] + - Prometheus Input [prometheus_input] + - Proofpoint On Demand [proofpoint_on_demand] + - Proofpoint TAP [proofpoint_tap] + - Broadcom ProxySG [proxysg] + - Pulse Connect Secure [pulse_connect_secure] + - QNAP NAS [qnap_nas] + - Qualys VMDR [qualys_vmdr] + - RabbitMQ Logs and Metrics [rabbitmq] + - Radware DefensePro Logs (Deprecated) [radware] + - Rapid7 InsightVM [rapid7_insightvm] + - Redis [redis] + - Redis Enterprise [redisenterprise] + - Salesforce [salesforce] + - Google Santa [santa] + - Prebuilt Security Detection Rules [security_detection_engine] + - SentinelOne [sentinel_one] + - SentinelOne Cloud Funnel [sentinel_one_cloud_funnel] + - ServiceNow [servicenow] + - Slack Logs [slack] + - Snort [snort] + - Snyk [snyk] + - SonicWall Firewall [sonicwall_firewall] + - Sophos [sophos] + - Sophos Central [sophos_central] + - Spring Boot [spring_boot] + - SpyCloud Enterprise Protection [spycloud] + - SQL Input [sql_input] + - Squid Proxy [squid] + - STAN [stan] + - StatsD Input [statsd_input] + - StormShield SNS [stormshield] + - Sublime Security [sublime_security] + - Suricata [suricata] + - Symantec EDR Cloud (Deprecated) [symantec_edr_cloud] + - Symantec Endpoint Protection [symantec_endpoint] + - Symantec Endpoint Security [symantec_endpoint_security] + - Elastic Synthetics [synthetics] + - Elastic Synthetics Dashboards [synthetics_dashboards] + - Sysdig [sysdig] + - Sysmon for Linux [sysmon_linux] + - System [system] + - System Audit [system_audit] + - Tanium [tanium] + - Custom TCP Logs [tcp] + - Teleport [teleport] + - Tenable Vulnerability Management [tenable_io] + - Tenable.sc [tenable_sc] + - Cilium Tetragon [tetragon] + - Threat Map [threat_map] + - Thycotic Secret Server [thycotic_ss] + - AbuseCH [ti_abusech] + - Anomali [ti_anomali] + - Collective Intelligence Framework v3 [ti_cif3] + - CrowdStrike Falcon Intelligence [ti_crowdstrike] + - Custom Threat Intelligence [ti_custom] + - Cybersixgill [ti_cybersixgill] + - EclecticIQ [ti_eclecticiq] + - ESET Threat Intelligence [ti_eset] + - Maltiverse [ti_maltiverse] + - Mandiant Advantage [ti_mandiant_advantage] + - MISP [ti_misp] + - OpenCTI [ti_opencti] + - AlienVault OTX [ti_otx] + - Rapid7 Threat Command [ti_rapid7_threat_command] + - Recorded Future [ti_recordedfuture] + - ThreatConnect [ti_threatconnect] + - ThreatQuotient [ti_threatq] + - Threat Intelligence Utilities [ti_util] + - Tines [tines] + - Tomcat NetWitness Logs [tomcat] + - Traefik [traefik] + - Trellix EDR Cloud [trellix_edr_cloud] + - Trellix ePO Cloud [trellix_epo_cloud] + - Trend Micro Vision One [trend_micro_vision_one] + - Trend Micro Deep Security [trendmicro] + - TYCHON Agentless [tychon] + - Custom UDP Logs [udp] + - Universal Profiling Agent [universal_profiling_agent] + - Universal Profiling Collector [universal_profiling_collector] + - Universal Profiling Symbolizer [universal_profiling_symbolizer] + - Vectra Detect [vectra_detect] + - VMware vSphere [vsphere] + - WatchGuard Firebox [watchguard_firebox] + - Custom Websocket logs [websocket] + - WebSphere Application Server [websphere_application_server] + - Windows [windows] + - Custom Windows ETW logs [windows_etw] + - Custom Windows Event Logs [winlog] + - Wiz [wiz] + - Zeek [zeek] + - ZeroFox [zerofox] + - Zero Networks [zeronetworks] + - ZooKeeper Metrics [zookeeper] + - Zoom [zoom] + - Zscaler Internet Access [zscaler_zia] + - Zscaler Private Access [zscaler_zpa] + validations: + required: true + - type: input + id: data_stream_dataset_name + attributes: + label: Dataset Name + description: Which [dataset](https://www.elastic.co/guide/en/fleet/current/data-streams.html) in the integration package is the request for? If it is a new data stream, suggest a name. + placeholder: ex. nginx.access + - type: input + id: integration_version + attributes: + label: Integration Version + description: What version of the integration are you using? + placeholder: ex. 1.2.3 + validations: + required: true + - type: input + id: agent_version + attributes: + label: Agent Version + description: What version of the Elastic Agent are you using? + placeholder: ex. 8.7.0 + validations: + required: true + - type: input + id: os_version + attributes: + label: OS Version and Architecture + description: What operating system and architecture are you using? + placeholder: ex. Ubuntu 20.04 LTS (x86_64) + validations: + required: true + - type: textarea + id: user_goal + attributes: + label: User Goal + description: What are you trying to do? + validations: + required: true + - type: textarea + id: user_tried + attributes: + label: Existing Features + description: Why does the current feature set not satisfy your needs? + validations: + required: true + - type: textarea + id: what_did_you_see + attributes: + label: What did you see? + description: Please provide the ingested document, relevant logging or dashboard screen shot that shows the issue behavior. + placeholder: Paste the sanitized details here. + validations: + required: true + - type: textarea + id: anything_else + attributes: + label: Anything else? + description: Anything else that we should know about your request that will help us understand and implement the feature. Links to any relevant documentation are greatly appreciated. + validations: + required: false + - type: markdown + attributes: + value: | + Thanks for completing our form! We'll look into your request and get back to you as soon as possible. diff --git a/.github/workflows/updatecli/updatecli.d/sync-packages-to-bug-issue-template.yml b/.github/workflows/updatecli/updatecli.d/sync-packages-to-bug-issue-template.yml index 2638cf93026..f73e5a0c379 100644 --- a/.github/workflows/updatecli/updatecli.d/sync-packages-to-bug-issue-template.yml +++ b/.github/workflows/updatecli/updatecli.d/sync-packages-to-bug-issue-template.yml @@ -15,8 +15,8 @@ scms: branch: main targets: - integration_bug_yml: - name: update pkgs in .github/ISSUE_TEMPLATE/integration_bug.yml + integration_issue_templates_yml: + name: update pkgs in .github/ISSUE_TEMPLATE/integration_*.yml kind: shell scmid: default spec: @@ -38,12 +38,13 @@ targets: done | yq -o json .) yq eval ".body[1].attributes.options = $pkgs" -i '.github/ISSUE_TEMPLATE/integration_bug.yml' + #yq eval ".body[1].attributes.options = $pkgs" -i '.github/ISSUE_TEMPLATE/integration_feature_request.yml' git diff --name-only HEAD actions: openPullRequest: - title: '[automation] Update packages in .github/ISSUE_TEMPLATE/integration_bug.yml' + title: '[automation] Update packages in .github/ISSUE_TEMPLATE/integration_*.yml' kind: github/pullrequest scmid: default spec: