Skip to content

[Anomali] agentless deployment support #14547

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 12 commits into from
Nov 25, 2025
Merged

[Anomali] agentless deployment support #14547

merged 12 commits into from
Nov 25, 2025

Conversation

@sholzhauer-es
Copy link
Contributor

@sholzhauer-es sholzhauer-es commented Jul 15, 2025
edited
Loading

Proposed commit message

Adding agentless support for Anomali integration

Checklist

Author's Checklist

  • ensure kibana ui behaves properly

How to test this PR locally

Need credentials for anomali to test.

Related issues

Screenshots

image

@sholzhauer-es sholzhauer-es added the enhancement New feature or request label Jul 15, 2025
@sholzhauer-es sholzhauer-es requested a review from a team as a code owner July 15, 2025 08:24
@narph
Copy link
Contributor

narph commented Jul 15, 2025

@sholzhauer-es , thanks for contributing to the integrations repo, we are slowly introducing integrations to agentless with phase 2 coming up next #14186. ti_anomali is not yet on the list as we need to do further testing and validate agentless is supported. cc @cpascale43

@andrewkroh andrewkroh added documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] labels Jul 15, 2025
@elasticmachine
Copy link

elasticmachine commented Jul 15, 2025

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@botelastic
Copy link

botelastic bot commented Aug 14, 2025

Hi! We just realized that we haven't looked into this PR in a while. We're sorry! We're labeling this issue as Stale to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1. Thank you for your contribution!

@botelastic botelastic bot added the Stalled label Aug 14, 2025
@mohitjha-elastic
Copy link
Collaborator

mohitjha-elastic commented Aug 19, 2025

@sholzhauer-es From the Security Service team’s side, I have tested the ti_anomali agentless deployment support on ECH 8.18.0 and later versions, and it appears to be working as expected.
Testing on the Serverless environment and ECH 9.1.* has not yet been completed due to some issue.

Meanwhile, could you please look into resolving the build issue?

@botelastic botelastic bot removed the Stalled label Aug 19, 2025
@sholzhauer-es
Copy link
Contributor Author

sholzhauer-es commented Aug 19, 2025

@mohitjha-elastic perfect. I'll dive into the build failure and try and resolve it.

@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Aug 19, 2025
edited
Loading

🚀 Benchmarks report

Package ti_anomali 👍(0) 💚(0) 💔(2)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
intelligence 9433.96 6134.97 -3298.99 (-34.97%) 💔
threatstream 8695.65 3861 -4834.65 (-55.6%) 💔

To see the full report comment with /test benchmark fullreport

@sholzhauer-es
Copy link
Contributor Author

sholzhauer-es commented Aug 19, 2025

@mohitjha-elastic the build and merge conflicts have been resolved.

@mohitjha-elastic
Copy link
Collaborator

mohitjha-elastic commented Aug 20, 2025

@elastic/security-service-integrations Could someone from the team please review the PR?

efd6
efd6 reviewed Aug 20, 2025
View reviewed changes
sholzhauer-es and others added 3 commits August 21, 2025 08:46
@sholzhauer-es @efd6
Update packages/ti_anomali/_dev/build/docs/README.md
8972f71 
Co-authored-by: Dan Kortschak <dan.kortschak@elastic.co>
@sholzhauer-es @efd6
Update packages/ti_anomali/changelog.yml
bb972e5 
Co-authored-by: Dan Kortschak <dan.kortschak@elastic.co>
@sholzhauer-es
syncing docs to both readme files
bcc8563
@elastic-sonarqube
Copy link

elastic-sonarqube bot commented Aug 21, 2025

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

efd6
efd6 reviewed Aug 21, 2025
View reviewed changes
Copy link
Contributor

@efd6 efd6 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, but please wait for @alaudazzi for review of the doc change.

@sholzhauer-es
Copy link
Contributor Author

sholzhauer-es commented Sep 10, 2025

@alaudazzi have you had a chance to look at this?

@sholzhauer-es sholzhauer-es mentioned this pull request Oct 1, 2025
Open
5 tasks
@botelastic
Copy link

botelastic bot commented Oct 10, 2025

Hi! We just realized that we haven't looked into this PR in a while. We're sorry! We're labeling this issue as Stale to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1. Thank you for your contribution!

@botelastic botelastic bot added the Stalled label Oct 10, 2025
@efd6 efd6 requested a review from alaudazzi October 14, 2025 22:41
@botelastic botelastic bot removed the Stalled label Oct 14, 2025
@botelastic
Copy link

botelastic bot commented Nov 13, 2025

Hi! We just realized that we haven't looked into this PR in a while. We're sorry! We're labeling this issue as Stale to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1. Thank you for your contribution!

@botelastic botelastic bot added the Stalled label Nov 13, 2025
alaudazzi
alaudazzi approved these changes Nov 14, 2025
View reviewed changes
Copy link
Contributor

@alaudazzi alaudazzi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@botelastic botelastic bot removed the Stalled label Nov 14, 2025
@mohitjha-elastic
Copy link
Collaborator

mohitjha-elastic commented Nov 14, 2025

@sholzhauer-es Can you please resolve the conflicts to proceed with this PR?

@sholzhauer-es
Copy link
Contributor Author

sholzhauer-es commented Nov 20, 2025
edited
Loading

@mohitjha-elastic and @elastic/security-service-integrations I fixed the conflict.

@elasticmachine
Copy link

elasticmachine commented Nov 24, 2025

💚 Build Succeeded

History

@sholzhauer-es
Copy link
Contributor Author

sholzhauer-es commented Nov 24, 2025

@mohitjha-elastic Am i good to merge?

@mohitjha-elastic mohitjha-elastic merged commit 911c74c into elastic:main Nov 25, 2025
8 checks passed
@mohitjha-elastic
Copy link
Collaborator

mohitjha-elastic commented Nov 25, 2025

@sholzhauer-es I merged the PR. Thanks!

@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Nov 25, 2025

Package ti_anomali - 2.2.0 containing this change is available at https://epr.elastic.co/package/ti_anomali/2.2.0/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@efd6 efd6 efd6 approved these changes

@alaudazzi alaudazzi Awaiting requested review from alaudazzi

Assignees

No one assigned

Labels

documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. enhancement New feature or request Integration:ti_anomali Anomali Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@sholzhauer-es @narph @elasticmachine @mohitjha-elastic @alaudazzi @efd6 @andrewkroh