From 7a56911871d4f8f673426af4d810438db85d3e8e Mon Sep 17 00:00:00 2001 From: cherryleaf-ellis Date: Thu, 21 Apr 2022 16:01:24 +0100 Subject: [PATCH 1/6] update Anomoli readme added links to Anomoli documentation --- packages/ti_anomali/_dev/build/docs/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/ti_anomali/_dev/build/docs/README.md b/packages/ti_anomali/_dev/build/docs/README.md index 92bf94865bf..91066e1c013 100644 --- a/packages/ti_anomali/_dev/build/docs/README.md +++ b/packages/ti_anomali/_dev/build/docs/README.md @@ -2,8 +2,8 @@ The Anomali integration supports the following datasets. -- `limo` dataset: Support for Anomali Limo, a freely available Threat Intelligence service -- `threatstream` dataset: Support for Anomali ThreatStream, a commercial Threat Intelligence service. +- `limo` dataset: Support for [Anomali Limo](https://www.anomali.com/resources/limo), a freely available Threat Intelligence service +- `threatstream` dataset: Support for [Anomali ThreatStream](https://www.anomali.com/products/threatstream), a commercial Threat Intelligence service. ## Logs @@ -11,7 +11,7 @@ The Anomali integration supports the following datasets. Anomali Limo offers multiple sources called collections. Each collection has a specific ID, which then fits into the url used in this configuration. A list of different -collections can be found using the default guest/guest credentials at https://limo.anomali.com/api/v1/taxii2/feeds/collections/[Limo Collections]. +collections can be found using the default guest/guest credentials at [Limo Collections](https://limo.anomali.com/api/v1/taxii2/feeds/collections) An example if you want to use the feed with ID 42, the URL to configure would end up like this: `https://limo.anomali.com/api/v1/taxii2/feeds/collections/41/objects` From af6c3623059ced9b73639df267e69f9574cffaf1 Mon Sep 17 00:00:00 2001 From: cherryleaf-ellis Date: Thu, 21 Apr 2022 16:05:36 +0100 Subject: [PATCH 2/6] update changelog --- packages/ti_anomali/changelog.yml | 5 +++++ packages/ti_anomali/docs/README.md | 6 +++--- packages/ti_anomali/manifest.yml | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/packages/ti_anomali/changelog.yml b/packages/ti_anomali/changelog.yml index 4dc68d72e12..0828836231f 100644 --- a/packages/ti_anomali/changelog.yml +++ b/packages/ti_anomali/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.4" + changes: + - description: added links to Anomoli documentation in readme + type: enhancement + link: https://github.com/elastic/integrations/pull/167 - version: "1.2.3" changes: - description: Add mapping for event.created diff --git a/packages/ti_anomali/docs/README.md b/packages/ti_anomali/docs/README.md index 1ecaf4bb7d7..43eac1a022b 100644 --- a/packages/ti_anomali/docs/README.md +++ b/packages/ti_anomali/docs/README.md @@ -2,8 +2,8 @@ The Anomali integration supports the following datasets. -- `limo` dataset: Support for Anomali Limo, a freely available Threat Intelligence service -- `threatstream` dataset: Support for Anomali ThreatStream, a commercial Threat Intelligence service. +- `limo` dataset: Support for [Anomali Limo](https://www.anomali.com/resources/limo), a freely available Threat Intelligence service +- `threatstream` dataset: Support for [Anomali ThreatStream](https://www.anomali.com/products/threatstream), a commercial Threat Intelligence service. ## Logs @@ -11,7 +11,7 @@ The Anomali integration supports the following datasets. Anomali Limo offers multiple sources called collections. Each collection has a specific ID, which then fits into the url used in this configuration. A list of different -collections can be found using the default guest/guest credentials at https://limo.anomali.com/api/v1/taxii2/feeds/collections/[Limo Collections]. +collections can be found using the default guest/guest credentials at [Limo Collections](https://limo.anomali.com/api/v1/taxii2/feeds/collections) An example if you want to use the feed with ID 42, the URL to configure would end up like this: `https://limo.anomali.com/api/v1/taxii2/feeds/collections/41/objects` diff --git a/packages/ti_anomali/manifest.yml b/packages/ti_anomali/manifest.yml index 8c637677b84..819c94e01ab 100644 --- a/packages/ti_anomali/manifest.yml +++ b/packages/ti_anomali/manifest.yml @@ -1,6 +1,6 @@ name: ti_anomali title: Anomali -version: 1.2.3 +version: 1.2.4 release: ga description: Collect threat intelligence from Anomali APIs with Elastic Agent. type: integration From 64e9645e14ecd1d9ed877ab68f89bf985f15e813 Mon Sep 17 00:00:00 2001 From: cherryleaf-ellis Date: Wed, 27 Apr 2022 16:03:26 +0100 Subject: [PATCH 3/6] update changelog --- packages/ti_anomali/changelog.yml | 7 ++++++- packages/ti_anomali/manifest.yml | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/packages/ti_anomali/changelog.yml b/packages/ti_anomali/changelog.yml index 0828836231f..859b9435231 100644 --- a/packages/ti_anomali/changelog.yml +++ b/packages/ti_anomali/changelog.yml @@ -1,7 +1,12 @@ # newer versions go on top +- version: "1.3.0" + changes: + - description: Update to ECS 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/2781 - version: "1.2.4" changes: - - description: added links to Anomoli documentation in readme + - description: added links to Anomoli documentation in readme type: enhancement link: https://github.com/elastic/integrations/pull/167 - version: "1.2.3" diff --git a/packages/ti_anomali/manifest.yml b/packages/ti_anomali/manifest.yml index 819c94e01ab..a1232ff9fec 100644 --- a/packages/ti_anomali/manifest.yml +++ b/packages/ti_anomali/manifest.yml @@ -1,6 +1,6 @@ name: ti_anomali title: Anomali -version: 1.2.4 +version: 1.3.0 release: ga description: Collect threat intelligence from Anomali APIs with Elastic Agent. type: integration From ba1c48d12d32308c1037f6f21581ee1482294a97 Mon Sep 17 00:00:00 2001 From: Brandon Morelli Date: Wed, 27 Apr 2022 12:51:00 -0700 Subject: [PATCH 4/6] Update changelog.yml --- packages/ti_anomali/changelog.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/packages/ti_anomali/changelog.yml b/packages/ti_anomali/changelog.yml index 859b9435231..ccabd43abb4 100644 --- a/packages/ti_anomali/changelog.yml +++ b/packages/ti_anomali/changelog.yml @@ -1,14 +1,14 @@ # newer versions go on top +- version: "1.3.1" + changes: + - description: added links to Anomoli documentation in readme + type: enhancement + link: https://github.com/elastic/integrations/pull/3167 - version: "1.3.0" changes: - description: Update to ECS 8.2 type: enhancement link: https://github.com/elastic/integrations/pull/2781 -- version: "1.2.4" - changes: - - description: added links to Anomoli documentation in readme - type: enhancement - link: https://github.com/elastic/integrations/pull/167 - version: "1.2.3" changes: - description: Add mapping for event.created From 06add5ec7977edabd36631fa21e6e2667f8c5afa Mon Sep 17 00:00:00 2001 From: Brandon Morelli Date: Wed, 27 Apr 2022 12:51:35 -0700 Subject: [PATCH 5/6] Update manifest.yml --- packages/ti_anomali/manifest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/ti_anomali/manifest.yml b/packages/ti_anomali/manifest.yml index a1232ff9fec..6516b221d23 100644 --- a/packages/ti_anomali/manifest.yml +++ b/packages/ti_anomali/manifest.yml @@ -1,6 +1,6 @@ name: ti_anomali title: Anomali -version: 1.3.0 +version: 1.3.1 release: ga description: Collect threat intelligence from Anomali APIs with Elastic Agent. type: integration From ad1f1f25f372a26ab32e1ca637be2e0aba230cb6 Mon Sep 17 00:00:00 2001 From: cherryleaf-ellis Date: Thu, 9 Jun 2022 14:15:24 +0100 Subject: [PATCH 6/6] fixed link and updated changelog --- packages/ti_anomali/_dev/build/docs/README.md | 4 ++-- packages/ti_anomali/changelog.yml | 12 +++++++++++- packages/ti_anomali/docs/README.md | 3 ++- packages/ti_anomali/manifest.yml | 2 +- 4 files changed, 16 insertions(+), 5 deletions(-) diff --git a/packages/ti_anomali/_dev/build/docs/README.md b/packages/ti_anomali/_dev/build/docs/README.md index 91066e1c013..888c244ee75 100644 --- a/packages/ti_anomali/_dev/build/docs/README.md +++ b/packages/ti_anomali/_dev/build/docs/README.md @@ -11,7 +11,7 @@ The Anomali integration supports the following datasets. Anomali Limo offers multiple sources called collections. Each collection has a specific ID, which then fits into the url used in this configuration. A list of different -collections can be found using the default guest/guest credentials at [Limo Collections](https://limo.anomali.com/api/v1/taxii2/feeds/collections) +collections can be found using the default guest/guest credentials at [Limo Collections](https://limo.anomali.com/api/v1/taxii2/feeds/collections/) An example if you want to use the feed with ID 42, the URL to configure would end up like this: `https://limo.anomali.com/api/v1/taxii2/feeds/collections/41/objects` @@ -41,4 +41,4 @@ Configure an Integrator output with the following settings: {{event "threatstream"}} -{{fields "threatstream"}} \ No newline at end of file +{{fields "threatstream"}} diff --git a/packages/ti_anomali/changelog.yml b/packages/ti_anomali/changelog.yml index ccabd43abb4..4405fd27c60 100644 --- a/packages/ti_anomali/changelog.yml +++ b/packages/ti_anomali/changelog.yml @@ -1,9 +1,19 @@ # newer versions go on top -- version: "1.3.1" +- version: "1.3.3" changes: - description: added links to Anomoli documentation in readme type: enhancement link: https://github.com/elastic/integrations/pull/3167 +- version: "1.3.2" + changes: + - description: Fix threatstream + type: bugfix + link: https://github.com/elastic/integrations/pull/3437 +- version: "1.3.1" + changes: + - description: Update package descriptions + type: enhancement + link: https://github.com/elastic/integrations/pull/3398 - version: "1.3.0" changes: - description: Update to ECS 8.2 diff --git a/packages/ti_anomali/docs/README.md b/packages/ti_anomali/docs/README.md index dc260b9b9ca..390bff8aa11 100644 --- a/packages/ti_anomali/docs/README.md +++ b/packages/ti_anomali/docs/README.md @@ -11,7 +11,7 @@ The Anomali integration supports the following datasets. Anomali Limo offers multiple sources called collections. Each collection has a specific ID, which then fits into the url used in this configuration. A list of different -collections can be found using the default guest/guest credentials at [Limo Collections](https://limo.anomali.com/api/v1/taxii2/feeds/collections) +collections can be found using the default guest/guest credentials at [Limo Collections](https://limo.anomali.com/api/v1/taxii2/feeds/collections/) An example if you want to use the feed with ID 42, the URL to configure would end up like this: `https://limo.anomali.com/api/v1/taxii2/feeds/collections/41/objects` @@ -367,3 +367,4 @@ An example event for `threatstream` looks as following: | threat.indicator.url.port | Port of the request, such as 443. | long | | threat.indicator.url.query | The query field describes the query string of the request, such as "q=elasticsearch". The `?` is excluded from the query string. If a URL contains no `?`, there is no query field. If there is a `?` but no query, the query field exists with an empty string. The `exists` query can be used to differentiate between the two cases. | keyword | | threat.indicator.url.scheme | Scheme of the request, such as "https". Note: The `:` is not part of the scheme. | keyword | + diff --git a/packages/ti_anomali/manifest.yml b/packages/ti_anomali/manifest.yml index 6516b221d23..d4043a87490 100644 --- a/packages/ti_anomali/manifest.yml +++ b/packages/ti_anomali/manifest.yml @@ -1,6 +1,6 @@ name: ti_anomali title: Anomali -version: 1.3.1 +version: 1.3.3 release: ga description: Collect threat intelligence from Anomali APIs with Elastic Agent. type: integration