Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions packages/ti_threatq/changelog.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "1.39.2"
changes:
- description: Restores `sources` & `attributes` fields after recent updates to the ThreatQ Platform's API.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- description: Restores `sources` & `attributes` fields after recent updates to the ThreatQ Platform's API.
- description: Restores `sources` and `attributes` fields after recent updates to the ThreatQ Platform's API.

type: bugfix
link: https://github.com/elastic/integrations/pull/20042
- version: "1.39.1"
changes:
- description: Fix transform destination to use keyword for data_stream.namespace, allowing multi-namespace deployments.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,9 @@ request.transforms:
- set:
target: url.params.limit
value: {{page_size}}
- set:
target: url.params.fields
value: '{{threat_library_fields}}'
- set:
target: url.params.cursorMark
value: '[[.cursor.cursor_mark]]'
Expand Down
11 changes: 11 additions & 0 deletions packages/ti_threatq/data_stream/threat/manifest.yml
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,17 @@ streams:
show_user: false
title: Page size
description: Maximum number of records to pull in one request. The maximum supported page size value is 1000.
- name: threat_library_fields
type: text
title: Threat Library Fields
multi: false
required: true
show_user: true
default: "*,sources,attributes,attributes.name,attributes.value"
description: >-
Comma-separated list of fields to retrieve from the Threat Library.
An asterisk (*) can be used to retrieve all default fields. In ThreatQ v6.12 and later,
sources & attributes are no longer part of the default fields and must be explicitly requested.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
sources & attributes are no longer part of the default fields and must be explicitly requested.
sources and attributes are no longer part of the default fields and must be explicitly requested.

- name: ssl
type: yaml
title: SSL Configuration
Expand Down
2 changes: 1 addition & 1 deletion packages/ti_threatq/manifest.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
name: ti_threatq
title: ThreatQuotient
version: "1.39.1"
version: "1.39.2"
description: Ingest threat intelligence indicators from ThreatQuotient with Elastic Agent.
type: integration
format_version: "3.3.1"
Expand Down
Loading