From ad005d21f837163f8c57132f5bd21dac8474bbbd Mon Sep 17 00:00:00 2001 From: Chris Berkhout Date: Wed, 8 May 2024 17:22:48 +1000 Subject: [PATCH] Set 'ignore_empty_value: true' for many integrations owned by @elastic/security-service-integrations. --- .../data_stream/audit_events/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/item_usages/agent/stream/httpjson.yml.hbs | 1 + .../signin_attempts/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/audit/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/collection/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/event/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/group/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/member/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/policy/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/alert/agent/stream/httpjson.yml.hbs | 1 + .../agent/stream/httpjson.yml.hbs | 1 + .../data_stream/audit/agent/stream/httpjson.yml.hbs | 1 + .../vulnerability/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/audit/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/am_access/agent/stream/httpjson.yml.hbs | 3 ++- .../data_stream/am_activity/agent/stream/httpjson.yml.hbs | 3 ++- .../am_authentication/agent/stream/httpjson.yml.hbs | 3 ++- .../data_stream/am_config/agent/stream/httpjson.yml.hbs | 3 ++- .../data_stream/am_core/agent/stream/httpjson.yml.hbs | 3 ++- .../data_stream/idm_access/agent/stream/httpjson.yml.hbs | 3 ++- .../data_stream/idm_activity/agent/stream/httpjson.yml.hbs | 3 ++- .../idm_authentication/agent/stream/httpjson.yml.hbs | 3 ++- .../data_stream/idm_config/agent/stream/httpjson.yml.hbs | 3 ++- .../data_stream/idm_core/agent/stream/httpjson.yml.hbs | 3 ++- .../data_stream/idm_sync/agent/stream/httpjson.yml.hbs | 3 ++- .../data_stream/asset/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/finding/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/source/agent/stream/httpjson.yml.hbs | 1 + .../access_transparency/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/admin/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/alert/agent/stream/httpjson.yml.hbs | 3 ++- .../context_aware_access/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/device/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/drive/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/gcp/agent/stream/httpjson.yml.hbs | 1 + .../group_enterprise/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/groups/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/login/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/rules/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/saml/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/token/agent/stream/httpjson.yml.hbs | 1 + .../user_accounts/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/dhcp_lease/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/dns_config/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/dns_data/agent/stream/httpjson.yml.hbs | 1 + .../activity_logs/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/alert/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/log/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/siem_logs/agent/stream/httpjson.yml.hbs | 7 ++++--- .../data_stream/alerts/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/incidents/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/audit/agent/stream/httpjson.yml.hbs | 1 + .../clicks_blocked/agent/stream/httpjson.yml.hbs | 1 + .../clicks_permitted/agent/stream/httpjson.yml.hbs | 1 + .../message_blocked/agent/stream/httpjson.yml.hbs | 1 + .../message_delivered/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/asset/agent/stream/httpjson.yml.hbs | 1 + .../vulnerability/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/activity/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/agent/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/alert/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/group/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/threat/agent/stream/httpjson.yml.hbs | 1 + .../slack/data_stream/audit/agent/stream/httpjson.yml.hbs | 1 + .../vulnerabilities/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/asset/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/plugin/agent/stream/httpjson.yml.hbs | 1 + .../vulnerability/agent/stream/httpjson.yml.hbs | 1 + .../ti_cif3/data_stream/feed/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/threat/agent/stream/httpjson.yml.hbs | 1 + .../ti_eset/data_stream/apt/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/botnet/agent/stream/httpjson.yml.hbs | 1 + .../ti_eset/data_stream/cc/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/domains/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/files/agent/stream/httpjson.yml.hbs | 1 + .../ti_eset/data_stream/ip/agent/stream/httpjson.yml.hbs | 1 + .../ti_eset/data_stream/url/agent/stream/httpjson.yml.hbs | 1 + .../threat_intelligence/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/threat/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/ioc/agent/stream/httpjson.yml.hbs | 1 + .../vulnerability/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/threat/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/alert/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/audit/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/detection/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/alerts/agent/stream/httpjson.yml.hbs | 1 + .../data_stream/audit/agent/stream/httpjson.yml.hbs | 1 + 87 files changed, 102 insertions(+), 15 deletions(-) diff --git a/packages/1password/data_stream/audit_events/agent/stream/httpjson.yml.hbs b/packages/1password/data_stream/audit_events/agent/stream/httpjson.yml.hbs index 600146e6711e..8113023e2248 100644 --- a/packages/1password/data_stream/audit_events/agent/stream/httpjson.yml.hbs +++ b/packages/1password/data_stream/audit_events/agent/stream/httpjson.yml.hbs @@ -38,6 +38,7 @@ cursor: response.decode_as: application/json response.split: target: body.items + ignore_empty_value: true response.pagination: - set: target: body.cursor diff --git a/packages/1password/data_stream/item_usages/agent/stream/httpjson.yml.hbs b/packages/1password/data_stream/item_usages/agent/stream/httpjson.yml.hbs index f0f8eb0002a4..c3ffe14ce497 100644 --- a/packages/1password/data_stream/item_usages/agent/stream/httpjson.yml.hbs +++ b/packages/1password/data_stream/item_usages/agent/stream/httpjson.yml.hbs @@ -39,6 +39,7 @@ cursor: response.decode_as: application/json response.split: target: body.items + ignore_empty_value: true response.pagination: - set: target: body.cursor diff --git a/packages/1password/data_stream/signin_attempts/agent/stream/httpjson.yml.hbs b/packages/1password/data_stream/signin_attempts/agent/stream/httpjson.yml.hbs index ded184235931..affb2dcd1429 100644 --- a/packages/1password/data_stream/signin_attempts/agent/stream/httpjson.yml.hbs +++ b/packages/1password/data_stream/signin_attempts/agent/stream/httpjson.yml.hbs @@ -39,6 +39,7 @@ cursor: response.decode_as: application/json response.split: target: body.items + ignore_empty_value: true response.pagination: - set: target: body.cursor diff --git a/packages/atlassian_jira/data_stream/audit/agent/stream/httpjson.yml.hbs b/packages/atlassian_jira/data_stream/audit/agent/stream/httpjson.yml.hbs index 33c12fba087d..8b754697094c 100644 --- a/packages/atlassian_jira/data_stream/audit/agent/stream/httpjson.yml.hbs +++ b/packages/atlassian_jira/data_stream/audit/agent/stream/httpjson.yml.hbs @@ -82,6 +82,7 @@ cursor: value: '[[formatDate now]]' response.split: target: body.entities + ignore_empty_value: true response.pagination: - set: target: url.value diff --git a/packages/bitwarden/data_stream/collection/agent/stream/httpjson.yml.hbs b/packages/bitwarden/data_stream/collection/agent/stream/httpjson.yml.hbs index 2131ff8540d4..bf09dae77c84 100644 --- a/packages/bitwarden/data_stream/collection/agent/stream/httpjson.yml.hbs +++ b/packages/bitwarden/data_stream/collection/agent/stream/httpjson.yml.hbs @@ -32,6 +32,7 @@ response.pagination: fail_on_template_error: true response.split: target: body.data + ignore_empty_value: true tags: {{#if preserve_original_event}} - preserve_original_event diff --git a/packages/bitwarden/data_stream/event/agent/stream/httpjson.yml.hbs b/packages/bitwarden/data_stream/event/agent/stream/httpjson.yml.hbs index 0fbe0f041bbd..76141c096d71 100644 --- a/packages/bitwarden/data_stream/event/agent/stream/httpjson.yml.hbs +++ b/packages/bitwarden/data_stream/event/agent/stream/httpjson.yml.hbs @@ -51,6 +51,7 @@ cursor: value: '[[if (eq .last_response.body.continuationToken nil)]][[.first_event.date]][[end]]' response.split: target: body.data + ignore_empty_value: true tags: {{#if preserve_original_event}} - preserve_original_event diff --git a/packages/bitwarden/data_stream/group/agent/stream/httpjson.yml.hbs b/packages/bitwarden/data_stream/group/agent/stream/httpjson.yml.hbs index c736e443b95a..b7cbb11d4ccd 100644 --- a/packages/bitwarden/data_stream/group/agent/stream/httpjson.yml.hbs +++ b/packages/bitwarden/data_stream/group/agent/stream/httpjson.yml.hbs @@ -32,6 +32,7 @@ response.pagination: fail_on_template_error: true response.split: target: body.data + ignore_empty_value: true tags: {{#if preserve_original_event}} - preserve_original_event diff --git a/packages/bitwarden/data_stream/member/agent/stream/httpjson.yml.hbs b/packages/bitwarden/data_stream/member/agent/stream/httpjson.yml.hbs index 5c15a21da592..f79900b05ba5 100644 --- a/packages/bitwarden/data_stream/member/agent/stream/httpjson.yml.hbs +++ b/packages/bitwarden/data_stream/member/agent/stream/httpjson.yml.hbs @@ -32,6 +32,7 @@ response.pagination: fail_on_template_error: true response.split: target: body.data + ignore_empty_value: true tags: {{#if preserve_original_event}} - preserve_original_event diff --git a/packages/bitwarden/data_stream/policy/agent/stream/httpjson.yml.hbs b/packages/bitwarden/data_stream/policy/agent/stream/httpjson.yml.hbs index a6f311e74f7a..8bbcaebb0780 100644 --- a/packages/bitwarden/data_stream/policy/agent/stream/httpjson.yml.hbs +++ b/packages/bitwarden/data_stream/policy/agent/stream/httpjson.yml.hbs @@ -32,6 +32,7 @@ response.pagination: fail_on_template_error: true response.split: target: body.data + ignore_empty_value: true tags: {{#if preserve_original_event}} - preserve_original_event diff --git a/packages/carbon_black_cloud/data_stream/alert/agent/stream/httpjson.yml.hbs b/packages/carbon_black_cloud/data_stream/alert/agent/stream/httpjson.yml.hbs index 235d7824cecf..429eac862908 100644 --- a/packages/carbon_black_cloud/data_stream/alert/agent/stream/httpjson.yml.hbs +++ b/packages/carbon_black_cloud/data_stream/alert/agent/stream/httpjson.yml.hbs @@ -42,6 +42,7 @@ cursor: value: '[[.last_event.last_update_time]]' response.split: target: body.results + ignore_empty_value: true tags: {{#if preserve_original_event}} - preserve_original_event diff --git a/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/agent/stream/httpjson.yml.hbs b/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/agent/stream/httpjson.yml.hbs index d01ab8df6cef..c5924891f534 100644 --- a/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/agent/stream/httpjson.yml.hbs +++ b/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/agent/stream/httpjson.yml.hbs @@ -35,6 +35,7 @@ response.pagination: fail_on_template_error: true response.split: target: body.results + ignore_empty_value: true tags: {{#if preserve_original_event}} - preserve_original_event diff --git a/packages/carbon_black_cloud/data_stream/audit/agent/stream/httpjson.yml.hbs b/packages/carbon_black_cloud/data_stream/audit/agent/stream/httpjson.yml.hbs index a9f0227c16bd..c31753fe141e 100644 --- a/packages/carbon_black_cloud/data_stream/audit/agent/stream/httpjson.yml.hbs +++ b/packages/carbon_black_cloud/data_stream/audit/agent/stream/httpjson.yml.hbs @@ -20,6 +20,7 @@ request.transforms: value: {{api_secret_key}}/{{api_id}} response.split: target: body.notifications + ignore_empty_value: true tags: {{#if preserve_original_event}} - preserve_original_event diff --git a/packages/cisa_kevs/data_stream/vulnerability/agent/stream/httpjson.yml.hbs b/packages/cisa_kevs/data_stream/vulnerability/agent/stream/httpjson.yml.hbs index 35ba14679323..311885ac1461 100644 --- a/packages/cisa_kevs/data_stream/vulnerability/agent/stream/httpjson.yml.hbs +++ b/packages/cisa_kevs/data_stream/vulnerability/agent/stream/httpjson.yml.hbs @@ -25,6 +25,7 @@ request.transforms: response.split: target: body.vulnerabilities + ignore_empty_value: true tags: {{#if preserve_original_event}} diff --git a/packages/cloudflare/data_stream/audit/agent/stream/httpjson.yml.hbs b/packages/cloudflare/data_stream/audit/agent/stream/httpjson.yml.hbs index 65718086ed1f..35a18f592eba 100644 --- a/packages/cloudflare/data_stream/audit/agent/stream/httpjson.yml.hbs +++ b/packages/cloudflare/data_stream/audit/agent/stream/httpjson.yml.hbs @@ -34,6 +34,7 @@ request.transforms: response.split: target: body.result + ignore_empty_value: true response.pagination: - set: target: url.params.page diff --git a/packages/forgerock/data_stream/am_access/agent/stream/httpjson.yml.hbs b/packages/forgerock/data_stream/am_access/agent/stream/httpjson.yml.hbs index ab8b38a7720e..6d415c35daed 100644 --- a/packages/forgerock/data_stream/am_access/agent/stream/httpjson.yml.hbs +++ b/packages/forgerock/data_stream/am_access/agent/stream/httpjson.yml.hbs @@ -39,8 +39,9 @@ request.transforms: target: url.params.endTime value: '[[formatDate (now) "2006-01-02T15:04:05-07:00"]]' -response.split: +response.split: target: body.result + ignore_empty_value: true response.pagination: - set: diff --git a/packages/forgerock/data_stream/am_activity/agent/stream/httpjson.yml.hbs b/packages/forgerock/data_stream/am_activity/agent/stream/httpjson.yml.hbs index fa894a77e5dc..634c22edae55 100644 --- a/packages/forgerock/data_stream/am_activity/agent/stream/httpjson.yml.hbs +++ b/packages/forgerock/data_stream/am_activity/agent/stream/httpjson.yml.hbs @@ -39,8 +39,9 @@ request.transforms: target: url.params.endTime value: '[[formatDate (now) "2006-01-02T15:04:05-07:00"]]' -response.split: +response.split: target: body.result + ignore_empty_value: true response.pagination: - set: diff --git a/packages/forgerock/data_stream/am_authentication/agent/stream/httpjson.yml.hbs b/packages/forgerock/data_stream/am_authentication/agent/stream/httpjson.yml.hbs index 46b519d5ba1f..3368d952c312 100644 --- a/packages/forgerock/data_stream/am_authentication/agent/stream/httpjson.yml.hbs +++ b/packages/forgerock/data_stream/am_authentication/agent/stream/httpjson.yml.hbs @@ -39,8 +39,9 @@ request.transforms: target: url.params.endTime value: '[[formatDate (now) "2006-01-02T15:04:05-07:00"]]' -response.split: +response.split: target: body.result + ignore_empty_value: true response.pagination: - set: diff --git a/packages/forgerock/data_stream/am_config/agent/stream/httpjson.yml.hbs b/packages/forgerock/data_stream/am_config/agent/stream/httpjson.yml.hbs index 2d61bf388674..5f095f7cc1a5 100644 --- a/packages/forgerock/data_stream/am_config/agent/stream/httpjson.yml.hbs +++ b/packages/forgerock/data_stream/am_config/agent/stream/httpjson.yml.hbs @@ -39,8 +39,9 @@ request.transforms: target: url.params.endTime value: '[[formatDate (now) "2006-01-02T15:04:05-07:00"]]' -response.split: +response.split: target: body.result + ignore_empty_value: true response.pagination: - set: diff --git a/packages/forgerock/data_stream/am_core/agent/stream/httpjson.yml.hbs b/packages/forgerock/data_stream/am_core/agent/stream/httpjson.yml.hbs index 2be8867af5f6..6b198e2486d4 100644 --- a/packages/forgerock/data_stream/am_core/agent/stream/httpjson.yml.hbs +++ b/packages/forgerock/data_stream/am_core/agent/stream/httpjson.yml.hbs @@ -39,8 +39,9 @@ request.transforms: target: url.params.endTime value: '[[formatDate (now) "2006-01-02T15:04:05-07:00"]]' -response.split: +response.split: target: body.result + ignore_empty_value: true response.pagination: - set: diff --git a/packages/forgerock/data_stream/idm_access/agent/stream/httpjson.yml.hbs b/packages/forgerock/data_stream/idm_access/agent/stream/httpjson.yml.hbs index e20ff6b37159..be3bfd50101b 100644 --- a/packages/forgerock/data_stream/idm_access/agent/stream/httpjson.yml.hbs +++ b/packages/forgerock/data_stream/idm_access/agent/stream/httpjson.yml.hbs @@ -39,8 +39,9 @@ request.transforms: target: url.params.endTime value: '[[formatDate (now) "2006-01-02T15:04:05-07:00"]]' -response.split: +response.split: target: body.result + ignore_empty_value: true response.pagination: - set: diff --git a/packages/forgerock/data_stream/idm_activity/agent/stream/httpjson.yml.hbs b/packages/forgerock/data_stream/idm_activity/agent/stream/httpjson.yml.hbs index 273e7370ff31..b7218c8d4252 100644 --- a/packages/forgerock/data_stream/idm_activity/agent/stream/httpjson.yml.hbs +++ b/packages/forgerock/data_stream/idm_activity/agent/stream/httpjson.yml.hbs @@ -39,8 +39,9 @@ request.transforms: target: url.params.endTime value: '[[formatDate (now) "2006-01-02T15:04:05-07:00"]]' -response.split: +response.split: target: body.result + ignore_empty_value: true response.pagination: - set: diff --git a/packages/forgerock/data_stream/idm_authentication/agent/stream/httpjson.yml.hbs b/packages/forgerock/data_stream/idm_authentication/agent/stream/httpjson.yml.hbs index 68ee6843cca7..94003185a8a0 100644 --- a/packages/forgerock/data_stream/idm_authentication/agent/stream/httpjson.yml.hbs +++ b/packages/forgerock/data_stream/idm_authentication/agent/stream/httpjson.yml.hbs @@ -39,8 +39,9 @@ request.transforms: target: url.params.endTime value: '[[formatDate (now) "2006-01-02T15:04:05-07:00"]]' -response.split: +response.split: target: body.result + ignore_empty_value: true response.pagination: - set: diff --git a/packages/forgerock/data_stream/idm_config/agent/stream/httpjson.yml.hbs b/packages/forgerock/data_stream/idm_config/agent/stream/httpjson.yml.hbs index c7203846adc0..cb920c2ccb3d 100644 --- a/packages/forgerock/data_stream/idm_config/agent/stream/httpjson.yml.hbs +++ b/packages/forgerock/data_stream/idm_config/agent/stream/httpjson.yml.hbs @@ -39,8 +39,9 @@ request.transforms: target: url.params.endTime value: '[[formatDate (now) "2006-01-02T15:04:05-07:00"]]' -response.split: +response.split: target: body.result + ignore_empty_value: true response.pagination: - set: diff --git a/packages/forgerock/data_stream/idm_core/agent/stream/httpjson.yml.hbs b/packages/forgerock/data_stream/idm_core/agent/stream/httpjson.yml.hbs index 579b0b0dc015..de4e221fc6ee 100644 --- a/packages/forgerock/data_stream/idm_core/agent/stream/httpjson.yml.hbs +++ b/packages/forgerock/data_stream/idm_core/agent/stream/httpjson.yml.hbs @@ -39,8 +39,9 @@ request.transforms: target: url.params.endTime value: '[[formatDate (now) "2006-01-02T15:04:05-07:00"]]' -response.split: +response.split: target: body.result + ignore_empty_value: true response.pagination: - set: diff --git a/packages/forgerock/data_stream/idm_sync/agent/stream/httpjson.yml.hbs b/packages/forgerock/data_stream/idm_sync/agent/stream/httpjson.yml.hbs index 5049dd325ae3..9f771e416e9b 100644 --- a/packages/forgerock/data_stream/idm_sync/agent/stream/httpjson.yml.hbs +++ b/packages/forgerock/data_stream/idm_sync/agent/stream/httpjson.yml.hbs @@ -39,8 +39,9 @@ request.transforms: target: url.params.endTime value: '[[formatDate (now) "2006-01-02T15:04:05-07:00"]]' -response.split: +response.split: target: body.result + ignore_empty_value: true response.pagination: - set: diff --git a/packages/google_scc/data_stream/asset/agent/stream/httpjson.yml.hbs b/packages/google_scc/data_stream/asset/agent/stream/httpjson.yml.hbs index ccdbb52c9010..5eb977832fd9 100644 --- a/packages/google_scc/data_stream/asset/agent/stream/httpjson.yml.hbs +++ b/packages/google_scc/data_stream/asset/agent/stream/httpjson.yml.hbs @@ -41,6 +41,7 @@ response.pagination: fail_on_template_error: true response.split: target: body.assets + ignore_empty_value: true tags: {{#if preserve_original_event}} - preserve_original_event diff --git a/packages/google_scc/data_stream/finding/agent/stream/httpjson.yml.hbs b/packages/google_scc/data_stream/finding/agent/stream/httpjson.yml.hbs index 8f72336b53be..5282fc2887cb 100644 --- a/packages/google_scc/data_stream/finding/agent/stream/httpjson.yml.hbs +++ b/packages/google_scc/data_stream/finding/agent/stream/httpjson.yml.hbs @@ -45,6 +45,7 @@ cursor: value: '[[.last_event.finding.eventTime]]' response.split: target: body.listFindingsResults + ignore_empty_value: true tags: {{#if preserve_original_event}} - preserve_original_event diff --git a/packages/google_scc/data_stream/source/agent/stream/httpjson.yml.hbs b/packages/google_scc/data_stream/source/agent/stream/httpjson.yml.hbs index 6c2b8e7af11a..eb44056b0f60 100644 --- a/packages/google_scc/data_stream/source/agent/stream/httpjson.yml.hbs +++ b/packages/google_scc/data_stream/source/agent/stream/httpjson.yml.hbs @@ -31,6 +31,7 @@ response.pagination: fail_on_template_error: true response.split: target: body.sources + ignore_empty_value: true tags: {{#if preserve_original_event}} - preserve_original_event diff --git a/packages/google_workspace/data_stream/access_transparency/agent/stream/httpjson.yml.hbs b/packages/google_workspace/data_stream/access_transparency/agent/stream/httpjson.yml.hbs index edc86eea0a96..ff462423156a 100644 --- a/packages/google_workspace/data_stream/access_transparency/agent/stream/httpjson.yml.hbs +++ b/packages/google_workspace/data_stream/access_transparency/agent/stream/httpjson.yml.hbs @@ -37,6 +37,7 @@ request.transforms: default: '[[formatDate (now (parseDuration "-{{initial_interval}}"))]]' response.split: target: body.items + ignore_empty_value: true split: target: body.events keep_parent: true diff --git a/packages/google_workspace/data_stream/admin/agent/stream/httpjson.yml.hbs b/packages/google_workspace/data_stream/admin/agent/stream/httpjson.yml.hbs index 88a37b304d79..2a62aa1f9cc1 100644 --- a/packages/google_workspace/data_stream/admin/agent/stream/httpjson.yml.hbs +++ b/packages/google_workspace/data_stream/admin/agent/stream/httpjson.yml.hbs @@ -31,6 +31,7 @@ request.transforms: default: '[[formatDate (now (parseDuration "-{{initial_interval}}"))]]' response.split: target: body.items + ignore_empty_value: true split: target: body.events keep_parent: true diff --git a/packages/google_workspace/data_stream/alert/agent/stream/httpjson.yml.hbs b/packages/google_workspace/data_stream/alert/agent/stream/httpjson.yml.hbs index dfe78d9d7cce..5ca2b4f9ebb2 100644 --- a/packages/google_workspace/data_stream/alert/agent/stream/httpjson.yml.hbs +++ b/packages/google_workspace/data_stream/alert/agent/stream/httpjson.yml.hbs @@ -44,7 +44,8 @@ cursor: last_create_time: value: '[[.last_event.createTime]]' response.split: - target: body.alerts + target: body.alerts + ignore_empty_value: true tags: {{#if preserve_original_event}} - preserve_original_event diff --git a/packages/google_workspace/data_stream/context_aware_access/agent/stream/httpjson.yml.hbs b/packages/google_workspace/data_stream/context_aware_access/agent/stream/httpjson.yml.hbs index aa8686ef8761..fde5b5e7da93 100644 --- a/packages/google_workspace/data_stream/context_aware_access/agent/stream/httpjson.yml.hbs +++ b/packages/google_workspace/data_stream/context_aware_access/agent/stream/httpjson.yml.hbs @@ -37,6 +37,7 @@ request.transforms: default: '[[formatDate (now (parseDuration "-{{initial_interval}}"))]]' response.split: target: body.items + ignore_empty_value: true split: target: body.events keep_parent: true diff --git a/packages/google_workspace/data_stream/device/agent/stream/httpjson.yml.hbs b/packages/google_workspace/data_stream/device/agent/stream/httpjson.yml.hbs index 5b148f233907..95ffc2f7a374 100644 --- a/packages/google_workspace/data_stream/device/agent/stream/httpjson.yml.hbs +++ b/packages/google_workspace/data_stream/device/agent/stream/httpjson.yml.hbs @@ -37,6 +37,7 @@ request.transforms: default: '[[formatDate (now (parseDuration "-{{initial_interval}}"))]]' response.split: target: body.items + ignore_empty_value: true split: target: body.events keep_parent: true diff --git a/packages/google_workspace/data_stream/drive/agent/stream/httpjson.yml.hbs b/packages/google_workspace/data_stream/drive/agent/stream/httpjson.yml.hbs index f6e705a09416..c079e7238d6b 100644 --- a/packages/google_workspace/data_stream/drive/agent/stream/httpjson.yml.hbs +++ b/packages/google_workspace/data_stream/drive/agent/stream/httpjson.yml.hbs @@ -31,6 +31,7 @@ request.transforms: default: '[[formatDate (now (parseDuration "-{{initial_interval}}"))]]' response.split: target: body.items + ignore_empty_value: true split: target: body.events keep_parent: true diff --git a/packages/google_workspace/data_stream/gcp/agent/stream/httpjson.yml.hbs b/packages/google_workspace/data_stream/gcp/agent/stream/httpjson.yml.hbs index 7f8a5acfd590..63477cd3c105 100644 --- a/packages/google_workspace/data_stream/gcp/agent/stream/httpjson.yml.hbs +++ b/packages/google_workspace/data_stream/gcp/agent/stream/httpjson.yml.hbs @@ -37,6 +37,7 @@ request.transforms: default: '[[formatDate (now (parseDuration "-{{initial_interval}}"))]]' response.split: target: body.items + ignore_empty_value: true split: target: body.events keep_parent: true diff --git a/packages/google_workspace/data_stream/group_enterprise/agent/stream/httpjson.yml.hbs b/packages/google_workspace/data_stream/group_enterprise/agent/stream/httpjson.yml.hbs index e3a9f978f44d..144c5f02a6ef 100644 --- a/packages/google_workspace/data_stream/group_enterprise/agent/stream/httpjson.yml.hbs +++ b/packages/google_workspace/data_stream/group_enterprise/agent/stream/httpjson.yml.hbs @@ -37,6 +37,7 @@ request.transforms: default: '[[formatDate (now (parseDuration "-{{initial_interval}}"))]]' response.split: target: body.items + ignore_empty_value: true split: target: body.events keep_parent: true diff --git a/packages/google_workspace/data_stream/groups/agent/stream/httpjson.yml.hbs b/packages/google_workspace/data_stream/groups/agent/stream/httpjson.yml.hbs index 35f8f9987adc..df70c362406d 100644 --- a/packages/google_workspace/data_stream/groups/agent/stream/httpjson.yml.hbs +++ b/packages/google_workspace/data_stream/groups/agent/stream/httpjson.yml.hbs @@ -31,6 +31,7 @@ request.transforms: default: '[[formatDate (now (parseDuration "-{{initial_interval}}"))]]' response.split: target: body.items + ignore_empty_value: true split: target: body.events keep_parent: true diff --git a/packages/google_workspace/data_stream/login/agent/stream/httpjson.yml.hbs b/packages/google_workspace/data_stream/login/agent/stream/httpjson.yml.hbs index 297b5258b154..25fde70330e8 100644 --- a/packages/google_workspace/data_stream/login/agent/stream/httpjson.yml.hbs +++ b/packages/google_workspace/data_stream/login/agent/stream/httpjson.yml.hbs @@ -31,6 +31,7 @@ request.transforms: default: '[[formatDate (now (parseDuration "-{{initial_interval}}"))]]' response.split: target: body.items + ignore_empty_value: true split: target: body.events keep_parent: true diff --git a/packages/google_workspace/data_stream/rules/agent/stream/httpjson.yml.hbs b/packages/google_workspace/data_stream/rules/agent/stream/httpjson.yml.hbs index edb5f1923dd7..fe765a273658 100644 --- a/packages/google_workspace/data_stream/rules/agent/stream/httpjson.yml.hbs +++ b/packages/google_workspace/data_stream/rules/agent/stream/httpjson.yml.hbs @@ -37,6 +37,7 @@ request.transforms: default: '[[formatDate (now (parseDuration "-{{initial_interval}}"))]]' response.split: target: body.items + ignore_empty_value: true split: target: body.events keep_parent: true diff --git a/packages/google_workspace/data_stream/saml/agent/stream/httpjson.yml.hbs b/packages/google_workspace/data_stream/saml/agent/stream/httpjson.yml.hbs index a5ec3e1bf3ff..c98f6d12d4f0 100644 --- a/packages/google_workspace/data_stream/saml/agent/stream/httpjson.yml.hbs +++ b/packages/google_workspace/data_stream/saml/agent/stream/httpjson.yml.hbs @@ -31,6 +31,7 @@ request.transforms: default: '[[formatDate (now (parseDuration "-{{initial_interval}}"))]]' response.split: target: body.items + ignore_empty_value: true split: target: body.events keep_parent: true diff --git a/packages/google_workspace/data_stream/token/agent/stream/httpjson.yml.hbs b/packages/google_workspace/data_stream/token/agent/stream/httpjson.yml.hbs index 9dc10c3dee34..c71180f098f2 100644 --- a/packages/google_workspace/data_stream/token/agent/stream/httpjson.yml.hbs +++ b/packages/google_workspace/data_stream/token/agent/stream/httpjson.yml.hbs @@ -37,6 +37,7 @@ request.transforms: default: '[[formatDate (now (parseDuration "-{{initial_interval}}"))]]' response.split: target: body.items + ignore_empty_value: true split: target: body.events keep_parent: true diff --git a/packages/google_workspace/data_stream/user_accounts/agent/stream/httpjson.yml.hbs b/packages/google_workspace/data_stream/user_accounts/agent/stream/httpjson.yml.hbs index 368f6644895c..4b05bc5f6f8c 100644 --- a/packages/google_workspace/data_stream/user_accounts/agent/stream/httpjson.yml.hbs +++ b/packages/google_workspace/data_stream/user_accounts/agent/stream/httpjson.yml.hbs @@ -31,6 +31,7 @@ request.transforms: default: '[[formatDate (now (parseDuration "-{{initial_interval}}"))]]' response.split: target: body.items + ignore_empty_value: true split: target: body.events keep_parent: true diff --git a/packages/infoblox_bloxone_ddi/data_stream/dhcp_lease/agent/stream/httpjson.yml.hbs b/packages/infoblox_bloxone_ddi/data_stream/dhcp_lease/agent/stream/httpjson.yml.hbs index a1cb6e13e6a6..f99804e9156b 100644 --- a/packages/infoblox_bloxone_ddi/data_stream/dhcp_lease/agent/stream/httpjson.yml.hbs +++ b/packages/infoblox_bloxone_ddi/data_stream/dhcp_lease/agent/stream/httpjson.yml.hbs @@ -42,6 +42,7 @@ cursor: value: '[[.last_event.last_updated]]' response.split: target: body.results + ignore_empty_value: true tags: {{#if preserve_original_event}} - preserve_original_event diff --git a/packages/infoblox_bloxone_ddi/data_stream/dns_config/agent/stream/httpjson.yml.hbs b/packages/infoblox_bloxone_ddi/data_stream/dns_config/agent/stream/httpjson.yml.hbs index 5c491054dd03..5257f21e17d4 100644 --- a/packages/infoblox_bloxone_ddi/data_stream/dns_config/agent/stream/httpjson.yml.hbs +++ b/packages/infoblox_bloxone_ddi/data_stream/dns_config/agent/stream/httpjson.yml.hbs @@ -42,6 +42,7 @@ cursor: value: '[[.last_event.updated_at]]' response.split: target: body.results + ignore_empty_value: true tags: {{#if preserve_original_event}} - preserve_original_event diff --git a/packages/infoblox_bloxone_ddi/data_stream/dns_data/agent/stream/httpjson.yml.hbs b/packages/infoblox_bloxone_ddi/data_stream/dns_data/agent/stream/httpjson.yml.hbs index c89675a18830..abe10d019ddc 100644 --- a/packages/infoblox_bloxone_ddi/data_stream/dns_data/agent/stream/httpjson.yml.hbs +++ b/packages/infoblox_bloxone_ddi/data_stream/dns_data/agent/stream/httpjson.yml.hbs @@ -42,6 +42,7 @@ cursor: value: '[[.last_event.updated_at]]' response.split: target: body.results + ignore_empty_value: true tags: {{#if preserve_original_event}} - preserve_original_event diff --git a/packages/lumos/data_stream/activity_logs/agent/stream/httpjson.yml.hbs b/packages/lumos/data_stream/activity_logs/agent/stream/httpjson.yml.hbs index 57fffa6cfed2..2a4e3286cbec 100644 --- a/packages/lumos/data_stream/activity_logs/agent/stream/httpjson.yml.hbs +++ b/packages/lumos/data_stream/activity_logs/agent/stream/httpjson.yml.hbs @@ -20,6 +20,7 @@ response.pagination: response.split: target: body.items + ignore_empty_value: true cursor: since: diff --git a/packages/m365_defender/data_stream/alert/agent/stream/httpjson.yml.hbs b/packages/m365_defender/data_stream/alert/agent/stream/httpjson.yml.hbs index 3c18301e8fd6..254fc8e09d90 100644 --- a/packages/m365_defender/data_stream/alert/agent/stream/httpjson.yml.hbs +++ b/packages/m365_defender/data_stream/alert/agent/stream/httpjson.yml.hbs @@ -43,6 +43,7 @@ response.pagination: fail_on_template_error: true response.split: target: body.value + ignore_empty_value: true cursor: last_update_time: value: '[[.last_event.lastUpdateDateTime]]' diff --git a/packages/microsoft_exchange_online_message_trace/data_stream/log/agent/stream/httpjson.yml.hbs b/packages/microsoft_exchange_online_message_trace/data_stream/log/agent/stream/httpjson.yml.hbs index 309a22d5f40b..ce2e183e5bf1 100644 --- a/packages/microsoft_exchange_online_message_trace/data_stream/log/agent/stream/httpjson.yml.hbs +++ b/packages/microsoft_exchange_online_message_trace/data_stream/log/agent/stream/httpjson.yml.hbs @@ -56,6 +56,7 @@ publisher_pipeline.disable_host: true {{/contains}} response.split: target: body.value + ignore_empty_value: true response.pagination: - set: target: url.params.$filter diff --git a/packages/mimecast/data_stream/siem_logs/agent/stream/httpjson.yml.hbs b/packages/mimecast/data_stream/siem_logs/agent/stream/httpjson.yml.hbs index 4bfa1de1581c..0d30be225dc0 100644 --- a/packages/mimecast/data_stream/siem_logs/agent/stream/httpjson.yml.hbs +++ b/packages/mimecast/data_stream/siem_logs/agent/stream/httpjson.yml.hbs @@ -30,11 +30,12 @@ request.transforms: value: '*/*' response.decode_as: application/zip response.split: - transforms: - - set: + transforms: + - set: target: body.Content-Disposition value: '[[.last_response.header.Get "Content-Disposition"]]' - target: body.data + target: body.data + ignore_empty_value: true cursor: next_token: value: '[[.last_response.header.Get "mc-siem-token"]]' diff --git a/packages/panw_cortex_xdr/data_stream/alerts/agent/stream/httpjson.yml.hbs b/packages/panw_cortex_xdr/data_stream/alerts/agent/stream/httpjson.yml.hbs index 7ccc30d9f084..1027cd4b6875 100644 --- a/packages/panw_cortex_xdr/data_stream/alerts/agent/stream/httpjson.yml.hbs +++ b/packages/panw_cortex_xdr/data_stream/alerts/agent/stream/httpjson.yml.hbs @@ -64,6 +64,7 @@ request.transforms: value_type: json response.split: target: body.reply.alerts + ignore_empty_value: true split: target: body.events keep_parent: true diff --git a/packages/panw_cortex_xdr/data_stream/incidents/agent/stream/httpjson.yml.hbs b/packages/panw_cortex_xdr/data_stream/incidents/agent/stream/httpjson.yml.hbs index fa85a48bfe30..06c9787d85ec 100644 --- a/packages/panw_cortex_xdr/data_stream/incidents/agent/stream/httpjson.yml.hbs +++ b/packages/panw_cortex_xdr/data_stream/incidents/agent/stream/httpjson.yml.hbs @@ -64,6 +64,7 @@ request.transforms: value_type: json response.split: target: body.reply.incidents + ignore_empty_value: true split: target: body.events keep_parent: true diff --git a/packages/ping_one/data_stream/audit/agent/stream/httpjson.yml.hbs b/packages/ping_one/data_stream/audit/agent/stream/httpjson.yml.hbs index 08d7eb580260..908cfb819db1 100644 --- a/packages/ping_one/data_stream/audit/agent/stream/httpjson.yml.hbs +++ b/packages/ping_one/data_stream/audit/agent/stream/httpjson.yml.hbs @@ -39,6 +39,7 @@ cursor: value: '[[if (eq .last_response.page 1)]][[.first_event.recordedAt]][[end]]' response.split: target: body._embedded.activities + ignore_empty_value: true tags: {{#if preserve_original_event}} - preserve_original_event diff --git a/packages/proofpoint_tap/data_stream/clicks_blocked/agent/stream/httpjson.yml.hbs b/packages/proofpoint_tap/data_stream/clicks_blocked/agent/stream/httpjson.yml.hbs index 70a83e97329d..113b2902d6e9 100644 --- a/packages/proofpoint_tap/data_stream/clicks_blocked/agent/stream/httpjson.yml.hbs +++ b/packages/proofpoint_tap/data_stream/clicks_blocked/agent/stream/httpjson.yml.hbs @@ -32,6 +32,7 @@ cursor: value: '[[.last_response.body.queryEndTime]]' response.split: target: body.clicksBlocked + ignore_empty_value: true tags: {{#if preserve_original_event}} - preserve_original_event diff --git a/packages/proofpoint_tap/data_stream/clicks_permitted/agent/stream/httpjson.yml.hbs b/packages/proofpoint_tap/data_stream/clicks_permitted/agent/stream/httpjson.yml.hbs index af92dadc2728..20a2347e23e3 100644 --- a/packages/proofpoint_tap/data_stream/clicks_permitted/agent/stream/httpjson.yml.hbs +++ b/packages/proofpoint_tap/data_stream/clicks_permitted/agent/stream/httpjson.yml.hbs @@ -32,6 +32,7 @@ cursor: value: '[[.last_response.body.queryEndTime]]' response.split: target: body.clicksPermitted + ignore_empty_value: true tags: {{#if preserve_original_event}} - preserve_original_event diff --git a/packages/proofpoint_tap/data_stream/message_blocked/agent/stream/httpjson.yml.hbs b/packages/proofpoint_tap/data_stream/message_blocked/agent/stream/httpjson.yml.hbs index c095d5e6f93e..03d10fa9cf5d 100644 --- a/packages/proofpoint_tap/data_stream/message_blocked/agent/stream/httpjson.yml.hbs +++ b/packages/proofpoint_tap/data_stream/message_blocked/agent/stream/httpjson.yml.hbs @@ -32,6 +32,7 @@ cursor: value: '[[.last_response.body.queryEndTime]]' response.split: target: body.messagesBlocked + ignore_empty_value: true tags: {{#if preserve_original_event}} - preserve_original_event diff --git a/packages/proofpoint_tap/data_stream/message_delivered/agent/stream/httpjson.yml.hbs b/packages/proofpoint_tap/data_stream/message_delivered/agent/stream/httpjson.yml.hbs index c216b8974217..647f33f46f0a 100644 --- a/packages/proofpoint_tap/data_stream/message_delivered/agent/stream/httpjson.yml.hbs +++ b/packages/proofpoint_tap/data_stream/message_delivered/agent/stream/httpjson.yml.hbs @@ -32,6 +32,7 @@ cursor: value: '[[.last_response.body.queryEndTime]]' response.split: target: body.messagesDelivered + ignore_empty_value: true tags: {{#if preserve_original_event}} - preserve_original_event diff --git a/packages/rapid7_insightvm/data_stream/asset/agent/stream/httpjson.yml.hbs b/packages/rapid7_insightvm/data_stream/asset/agent/stream/httpjson.yml.hbs index 1d4ac86bf8f7..ce81332d6495 100644 --- a/packages/rapid7_insightvm/data_stream/asset/agent/stream/httpjson.yml.hbs +++ b/packages/rapid7_insightvm/data_stream/asset/agent/stream/httpjson.yml.hbs @@ -42,6 +42,7 @@ response.pagination: fail_on_template_error: true response.split: target: body.data + ignore_empty_value: true tags: {{#if preserve_original_event}} - preserve_original_event diff --git a/packages/rapid7_insightvm/data_stream/vulnerability/agent/stream/httpjson.yml.hbs b/packages/rapid7_insightvm/data_stream/vulnerability/agent/stream/httpjson.yml.hbs index df7374ca8849..38e35b93bf2a 100644 --- a/packages/rapid7_insightvm/data_stream/vulnerability/agent/stream/httpjson.yml.hbs +++ b/packages/rapid7_insightvm/data_stream/vulnerability/agent/stream/httpjson.yml.hbs @@ -36,6 +36,7 @@ response.pagination: fail_on_template_error: true response.split: target: body.data + ignore_empty_value: true cursor: last_update_time: value: '[[.last_event.modified]]' diff --git a/packages/sentinel_one/data_stream/activity/agent/stream/httpjson.yml.hbs b/packages/sentinel_one/data_stream/activity/agent/stream/httpjson.yml.hbs index 461b2aaa2e6d..7820e4e4847b 100644 --- a/packages/sentinel_one/data_stream/activity/agent/stream/httpjson.yml.hbs +++ b/packages/sentinel_one/data_stream/activity/agent/stream/httpjson.yml.hbs @@ -39,6 +39,7 @@ cursor: value: '[[.last_event.createdAt]]' response.split: target: body.data + ignore_empty_value: true tags: {{#if preserve_original_event}} - preserve_original_event diff --git a/packages/sentinel_one/data_stream/agent/agent/stream/httpjson.yml.hbs b/packages/sentinel_one/data_stream/agent/agent/stream/httpjson.yml.hbs index 3ef5309fe5f1..d4412f4382a4 100644 --- a/packages/sentinel_one/data_stream/agent/agent/stream/httpjson.yml.hbs +++ b/packages/sentinel_one/data_stream/agent/agent/stream/httpjson.yml.hbs @@ -39,6 +39,7 @@ cursor: value: '[[.last_event.updatedAt]]' response.split: target: body.data + ignore_empty_value: true tags: {{#if preserve_original_event}} - preserve_original_event diff --git a/packages/sentinel_one/data_stream/alert/agent/stream/httpjson.yml.hbs b/packages/sentinel_one/data_stream/alert/agent/stream/httpjson.yml.hbs index 08dfa4260d56..851c6fa437b3 100644 --- a/packages/sentinel_one/data_stream/alert/agent/stream/httpjson.yml.hbs +++ b/packages/sentinel_one/data_stream/alert/agent/stream/httpjson.yml.hbs @@ -39,6 +39,7 @@ cursor: value: '[[.last_event.alertInfo.createdAt]]' response.split: target: body.data + ignore_empty_value: true tags: {{#if preserve_original_event}} - preserve_original_event diff --git a/packages/sentinel_one/data_stream/group/agent/stream/httpjson.yml.hbs b/packages/sentinel_one/data_stream/group/agent/stream/httpjson.yml.hbs index 3c5a37cc343d..8a03f1325101 100644 --- a/packages/sentinel_one/data_stream/group/agent/stream/httpjson.yml.hbs +++ b/packages/sentinel_one/data_stream/group/agent/stream/httpjson.yml.hbs @@ -39,6 +39,7 @@ cursor: value: '[[.last_event.updatedAt]]' response.split: target: body.data + ignore_empty_value: true tags: {{#if preserve_original_event}} - preserve_original_event diff --git a/packages/sentinel_one/data_stream/threat/agent/stream/httpjson.yml.hbs b/packages/sentinel_one/data_stream/threat/agent/stream/httpjson.yml.hbs index e890abbfb16c..ffda9ae15d66 100644 --- a/packages/sentinel_one/data_stream/threat/agent/stream/httpjson.yml.hbs +++ b/packages/sentinel_one/data_stream/threat/agent/stream/httpjson.yml.hbs @@ -39,6 +39,7 @@ cursor: value: '[[.last_event.threatInfo.updatedAt]]' response.split: target: body.data + ignore_empty_value: true tags: {{#if preserve_original_event}} - preserve_original_event diff --git a/packages/slack/data_stream/audit/agent/stream/httpjson.yml.hbs b/packages/slack/data_stream/audit/agent/stream/httpjson.yml.hbs index eb37d7d5c66b..f5cff345e293 100644 --- a/packages/slack/data_stream/audit/agent/stream/httpjson.yml.hbs +++ b/packages/slack/data_stream/audit/agent/stream/httpjson.yml.hbs @@ -41,6 +41,7 @@ request.rate_limit.remaining: '0' # hardcoded to 0 since slack doesn't return re response.split: target: body.entries + ignore_empty_value: true response.pagination: - set: diff --git a/packages/snyk/data_stream/vulnerabilities/agent/stream/httpjson.yml.hbs b/packages/snyk/data_stream/vulnerabilities/agent/stream/httpjson.yml.hbs index 61dc1b35ca74..85dcf44729ef 100644 --- a/packages/snyk/data_stream/vulnerabilities/agent/stream/httpjson.yml.hbs +++ b/packages/snyk/data_stream/vulnerabilities/agent/stream/httpjson.yml.hbs @@ -78,6 +78,7 @@ response.pagination: response.split: target: body.results + ignore_empty_value: true tags: diff --git a/packages/tenable_sc/data_stream/asset/agent/stream/httpjson.yml.hbs b/packages/tenable_sc/data_stream/asset/agent/stream/httpjson.yml.hbs index 3745a57a4f64..f9e799c92362 100644 --- a/packages/tenable_sc/data_stream/asset/agent/stream/httpjson.yml.hbs +++ b/packages/tenable_sc/data_stream/asset/agent/stream/httpjson.yml.hbs @@ -59,6 +59,7 @@ request.transforms: value: 'accesskey={{access_key}}; secretkey={{secret_key}}' response.split: target: body.response.results + ignore_empty_value: true response.pagination: - set: target: body.startOffset diff --git a/packages/tenable_sc/data_stream/plugin/agent/stream/httpjson.yml.hbs b/packages/tenable_sc/data_stream/plugin/agent/stream/httpjson.yml.hbs index ef39e060371d..474c3f727cfd 100644 --- a/packages/tenable_sc/data_stream/plugin/agent/stream/httpjson.yml.hbs +++ b/packages/tenable_sc/data_stream/plugin/agent/stream/httpjson.yml.hbs @@ -60,6 +60,7 @@ response.pagination: fail_on_template_error: true response.split: target: body.response + ignore_empty_value: true cursor: last_event_ts: value: '[[if (lt (len .last_response.body.response) {{batch_size}})]][[.last_event.pluginModDate]][[end]]' diff --git a/packages/tenable_sc/data_stream/vulnerability/agent/stream/httpjson.yml.hbs b/packages/tenable_sc/data_stream/vulnerability/agent/stream/httpjson.yml.hbs index 04cd8624f325..162473a2d2c9 100644 --- a/packages/tenable_sc/data_stream/vulnerability/agent/stream/httpjson.yml.hbs +++ b/packages/tenable_sc/data_stream/vulnerability/agent/stream/httpjson.yml.hbs @@ -65,6 +65,7 @@ request.transforms: value: 'accesskey={{access_key}}; secretkey={{secret_key}}' response.split: target: body.response.results + ignore_empty_value: true response.pagination: - set: target: body.startOffset diff --git a/packages/ti_cif3/data_stream/feed/agent/stream/httpjson.yml.hbs b/packages/ti_cif3/data_stream/feed/agent/stream/httpjson.yml.hbs index 25d6a5ffd9f2..065447d804f9 100644 --- a/packages/ti_cif3/data_stream/feed/agent/stream/httpjson.yml.hbs +++ b/packages/ti_cif3/data_stream/feed/agent/stream/httpjson.yml.hbs @@ -70,6 +70,7 @@ request.transforms: response.split: target: body.data + ignore_empty_value: true cursor: last_requested_at: diff --git a/packages/ti_cybersixgill/data_stream/threat/agent/stream/httpjson.yml.hbs b/packages/ti_cybersixgill/data_stream/threat/agent/stream/httpjson.yml.hbs index 96dc61241747..6ef7a51adacd 100644 --- a/packages/ti_cybersixgill/data_stream/threat/agent/stream/httpjson.yml.hbs +++ b/packages/ti_cybersixgill/data_stream/threat/agent/stream/httpjson.yml.hbs @@ -45,6 +45,7 @@ response.pagination: response.split: target: body.objects + ignore_empty_value: true cursor: timestamp: diff --git a/packages/ti_eset/data_stream/apt/agent/stream/httpjson.yml.hbs b/packages/ti_eset/data_stream/apt/agent/stream/httpjson.yml.hbs index 41117cedade5..5037e0838d22 100644 --- a/packages/ti_eset/data_stream/apt/agent/stream/httpjson.yml.hbs +++ b/packages/ti_eset/data_stream/apt/agent/stream/httpjson.yml.hbs @@ -49,6 +49,7 @@ response.pagination: response.split: target: body.objects + ignore_empty_value: true cursor: timestamp: diff --git a/packages/ti_eset/data_stream/botnet/agent/stream/httpjson.yml.hbs b/packages/ti_eset/data_stream/botnet/agent/stream/httpjson.yml.hbs index 41117cedade5..5037e0838d22 100644 --- a/packages/ti_eset/data_stream/botnet/agent/stream/httpjson.yml.hbs +++ b/packages/ti_eset/data_stream/botnet/agent/stream/httpjson.yml.hbs @@ -49,6 +49,7 @@ response.pagination: response.split: target: body.objects + ignore_empty_value: true cursor: timestamp: diff --git a/packages/ti_eset/data_stream/cc/agent/stream/httpjson.yml.hbs b/packages/ti_eset/data_stream/cc/agent/stream/httpjson.yml.hbs index 41117cedade5..5037e0838d22 100644 --- a/packages/ti_eset/data_stream/cc/agent/stream/httpjson.yml.hbs +++ b/packages/ti_eset/data_stream/cc/agent/stream/httpjson.yml.hbs @@ -49,6 +49,7 @@ response.pagination: response.split: target: body.objects + ignore_empty_value: true cursor: timestamp: diff --git a/packages/ti_eset/data_stream/domains/agent/stream/httpjson.yml.hbs b/packages/ti_eset/data_stream/domains/agent/stream/httpjson.yml.hbs index 41117cedade5..5037e0838d22 100644 --- a/packages/ti_eset/data_stream/domains/agent/stream/httpjson.yml.hbs +++ b/packages/ti_eset/data_stream/domains/agent/stream/httpjson.yml.hbs @@ -49,6 +49,7 @@ response.pagination: response.split: target: body.objects + ignore_empty_value: true cursor: timestamp: diff --git a/packages/ti_eset/data_stream/files/agent/stream/httpjson.yml.hbs b/packages/ti_eset/data_stream/files/agent/stream/httpjson.yml.hbs index 41117cedade5..5037e0838d22 100644 --- a/packages/ti_eset/data_stream/files/agent/stream/httpjson.yml.hbs +++ b/packages/ti_eset/data_stream/files/agent/stream/httpjson.yml.hbs @@ -49,6 +49,7 @@ response.pagination: response.split: target: body.objects + ignore_empty_value: true cursor: timestamp: diff --git a/packages/ti_eset/data_stream/ip/agent/stream/httpjson.yml.hbs b/packages/ti_eset/data_stream/ip/agent/stream/httpjson.yml.hbs index 41117cedade5..5037e0838d22 100644 --- a/packages/ti_eset/data_stream/ip/agent/stream/httpjson.yml.hbs +++ b/packages/ti_eset/data_stream/ip/agent/stream/httpjson.yml.hbs @@ -49,6 +49,7 @@ response.pagination: response.split: target: body.objects + ignore_empty_value: true cursor: timestamp: diff --git a/packages/ti_eset/data_stream/url/agent/stream/httpjson.yml.hbs b/packages/ti_eset/data_stream/url/agent/stream/httpjson.yml.hbs index 41117cedade5..5037e0838d22 100644 --- a/packages/ti_eset/data_stream/url/agent/stream/httpjson.yml.hbs +++ b/packages/ti_eset/data_stream/url/agent/stream/httpjson.yml.hbs @@ -49,6 +49,7 @@ response.pagination: response.split: target: body.objects + ignore_empty_value: true cursor: timestamp: diff --git a/packages/ti_mandiant_advantage/data_stream/threat_intelligence/agent/stream/httpjson.yml.hbs b/packages/ti_mandiant_advantage/data_stream/threat_intelligence/agent/stream/httpjson.yml.hbs index c4bb80fcd177..4e074cf6e77c 100644 --- a/packages/ti_mandiant_advantage/data_stream/threat_intelligence/agent/stream/httpjson.yml.hbs +++ b/packages/ti_mandiant_advantage/data_stream/threat_intelligence/agent/stream/httpjson.yml.hbs @@ -47,6 +47,7 @@ cursor: response.split: target: body.indicators + ignore_empty_value: true tags: {{#if preserve_original_event}} diff --git a/packages/ti_misp/data_stream/threat/agent/stream/httpjson.yml.hbs b/packages/ti_misp/data_stream/threat/agent/stream/httpjson.yml.hbs index 816476e4ce61..48fab42f4d6a 100644 --- a/packages/ti_misp/data_stream/threat/agent/stream/httpjson.yml.hbs +++ b/packages/ti_misp/data_stream/threat/agent/stream/httpjson.yml.hbs @@ -55,6 +55,7 @@ request.transforms: response.split: target: body.response + ignore_empty_value: true split: target: body.Event.Attribute ignore_empty_value: true diff --git a/packages/ti_rapid7_threat_command/data_stream/ioc/agent/stream/httpjson.yml.hbs b/packages/ti_rapid7_threat_command/data_stream/ioc/agent/stream/httpjson.yml.hbs index ea545bd839e0..ea32b3dffcc4 100644 --- a/packages/ti_rapid7_threat_command/data_stream/ioc/agent/stream/httpjson.yml.hbs +++ b/packages/ti_rapid7_threat_command/data_stream/ioc/agent/stream/httpjson.yml.hbs @@ -60,6 +60,7 @@ cursor: response.split: target: body.content + ignore_empty_value: true tags: {{#if preserve_original_event}} diff --git a/packages/ti_rapid7_threat_command/data_stream/vulnerability/agent/stream/httpjson.yml.hbs b/packages/ti_rapid7_threat_command/data_stream/vulnerability/agent/stream/httpjson.yml.hbs index f706394a0936..0554c68c873e 100644 --- a/packages/ti_rapid7_threat_command/data_stream/vulnerability/agent/stream/httpjson.yml.hbs +++ b/packages/ti_rapid7_threat_command/data_stream/vulnerability/agent/stream/httpjson.yml.hbs @@ -46,6 +46,7 @@ cursor: value: '[[.last_event.updateDate]]' response.split: target: body.content + ignore_empty_value: true tags: {{#if preserve_original_event}} - preserve_original_event diff --git a/packages/ti_threatq/data_stream/threat/agent/stream/httpjson.yml.hbs b/packages/ti_threatq/data_stream/threat/agent/stream/httpjson.yml.hbs index 155959d9f368..9b97c2b7a172 100644 --- a/packages/ti_threatq/data_stream/threat/agent/stream/httpjson.yml.hbs +++ b/packages/ti_threatq/data_stream/threat/agent/stream/httpjson.yml.hbs @@ -42,6 +42,7 @@ response.request_body_on_pagination: true response.split: target: body.data + ignore_empty_value: true fail_on_template_error: true {{#if ioc_expiration_duration}} diff --git a/packages/trend_micro_vision_one/data_stream/alert/agent/stream/httpjson.yml.hbs b/packages/trend_micro_vision_one/data_stream/alert/agent/stream/httpjson.yml.hbs index 313d26f3b753..c83baef382fe 100644 --- a/packages/trend_micro_vision_one/data_stream/alert/agent/stream/httpjson.yml.hbs +++ b/packages/trend_micro_vision_one/data_stream/alert/agent/stream/httpjson.yml.hbs @@ -42,6 +42,7 @@ cursor: value: '[[.last_response.url.params.Get "endDateTime"]]' response.split: target: body.items + ignore_empty_value: true tags: {{#if preserve_original_event}} - preserve_original_event diff --git a/packages/trend_micro_vision_one/data_stream/audit/agent/stream/httpjson.yml.hbs b/packages/trend_micro_vision_one/data_stream/audit/agent/stream/httpjson.yml.hbs index 4d1924b3ff0d..bed0822cfa0b 100644 --- a/packages/trend_micro_vision_one/data_stream/audit/agent/stream/httpjson.yml.hbs +++ b/packages/trend_micro_vision_one/data_stream/audit/agent/stream/httpjson.yml.hbs @@ -45,6 +45,7 @@ cursor: value: '[[.last_response.url.params.Get "endDateTime"]]' response.split: target: body.items + ignore_empty_value: true tags: {{#if preserve_original_event}} - preserve_original_event diff --git a/packages/trend_micro_vision_one/data_stream/detection/agent/stream/httpjson.yml.hbs b/packages/trend_micro_vision_one/data_stream/detection/agent/stream/httpjson.yml.hbs index a0f5804a771d..e73bc5e155b1 100644 --- a/packages/trend_micro_vision_one/data_stream/detection/agent/stream/httpjson.yml.hbs +++ b/packages/trend_micro_vision_one/data_stream/detection/agent/stream/httpjson.yml.hbs @@ -45,6 +45,7 @@ cursor: value: '[[.last_response.url.params.Get "endDateTime"]]' response.split: target: body.items + ignore_empty_value: true split: target: body.requests ignore_empty_value: true diff --git a/packages/zerofox/data_stream/alerts/agent/stream/httpjson.yml.hbs b/packages/zerofox/data_stream/alerts/agent/stream/httpjson.yml.hbs index 5e0319fba2e9..37bf94365b9e 100644 --- a/packages/zerofox/data_stream/alerts/agent/stream/httpjson.yml.hbs +++ b/packages/zerofox/data_stream/alerts/agent/stream/httpjson.yml.hbs @@ -23,6 +23,7 @@ request.transforms: default: '[[formatDate (now (parseDuration "-{{initial_interval}}"))]]' response.split: target: body.alerts + ignore_empty_value: true response.pagination: - set: target: url.value diff --git a/packages/zeronetworks/data_stream/audit/agent/stream/httpjson.yml.hbs b/packages/zeronetworks/data_stream/audit/agent/stream/httpjson.yml.hbs index ac53a2ca5d27..66cca1c5db84 100644 --- a/packages/zeronetworks/data_stream/audit/agent/stream/httpjson.yml.hbs +++ b/packages/zeronetworks/data_stream/audit/agent/stream/httpjson.yml.hbs @@ -33,6 +33,7 @@ request.transforms: response.split: target: body.items + ignore_empty_value: true response.pagination: - set: