From 5ac354bf7e0fc66d721bc8bf337752e999c273f2 Mon Sep 17 00:00:00 2001 From: Janeen Roberts Date: Wed, 18 Mar 2026 17:50:05 -0400 Subject: [PATCH 1/4] docs: add video demos to SentinelOne, CrowdStrike, and Microsoft Defender integrations --- packages/crowdstrike/_dev/build/docs/README.md | 4 ++++ packages/crowdstrike/docs/README.md | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/packages/crowdstrike/_dev/build/docs/README.md b/packages/crowdstrike/_dev/build/docs/README.md index 28ea753bac7..964a2b4d41f 100644 --- a/packages/crowdstrike/_dev/build/docs/README.md +++ b/packages/crowdstrike/_dev/build/docs/README.md @@ -4,6 +4,10 @@ The [CrowdStrike](https://www.crowdstrike.com/) integration allows you to efficiently connect your CrowdStrike Falcon platform to Elastic for seamless onboarding of alerts and telemetry from CrowdStrike Falcon and Falcon Data Replicator. Elastic Security can leverage this data for security analytics including correlation, visualization, and incident response. +For a demo, refer to the following video (click to view). + +[![CrowdStrike integration video](https://play.vidyard.com/VKKWSpg4sDEk1DBXATkyEP.jpg)](https://videos.elastic.co/watch/VKKWSpg4sDEk1DBXATkyEP) + ### Compatibility This integration is compatible with CrowdStrike Falcon SIEM Connector v2.0, REST API, and CrowdStrike Event Streams API. diff --git a/packages/crowdstrike/docs/README.md b/packages/crowdstrike/docs/README.md index 8dbe1368e42..b550fbe5c53 100644 --- a/packages/crowdstrike/docs/README.md +++ b/packages/crowdstrike/docs/README.md @@ -4,6 +4,10 @@ The [CrowdStrike](https://www.crowdstrike.com/) integration allows you to efficiently connect your CrowdStrike Falcon platform to Elastic for seamless onboarding of alerts and telemetry from CrowdStrike Falcon and Falcon Data Replicator. Elastic Security can leverage this data for security analytics including correlation, visualization, and incident response. +For a demo, refer to the following video (click to view). + +[![CrowdStrike integration video](https://play.vidyard.com/VKKWSpg4sDEk1DBXATkyEP.jpg)](https://videos.elastic.co/watch/VKKWSpg4sDEk1DBXATkyEP) + ### Compatibility This integration is compatible with CrowdStrike Falcon SIEM Connector v2.0, REST API, and CrowdStrike Event Streams API. From b48f2cd182f9606a4c58b34739835ce7f7ae2a9b Mon Sep 17 00:00:00 2001 From: Janeen Roberts Date: Wed, 18 Mar 2026 17:54:16 -0400 Subject: [PATCH 2/4] docs: add video demos to SentinelOne and Microsoft Defender integrations --- packages/m365_defender/_dev/build/docs/README.md | 4 ++++ packages/m365_defender/docs/README.md | 4 ++++ .../microsoft_defender_endpoint/_dev/build/docs/README.md | 4 ++++ packages/microsoft_defender_endpoint/docs/README.md | 4 ++++ packages/sentinel_one/_dev/build/docs/README.md | 4 ++++ packages/sentinel_one/docs/README.md | 4 ++++ 6 files changed, 24 insertions(+) diff --git a/packages/m365_defender/_dev/build/docs/README.md b/packages/m365_defender/_dev/build/docs/README.md index 58ffb2bd3d8..6fb96e85f4a 100644 --- a/packages/m365_defender/_dev/build/docs/README.md +++ b/packages/m365_defender/_dev/build/docs/README.md @@ -8,6 +8,10 @@ The [Microsoft Defender XDR](https://learn.microsoft.com/en-us/defender-xdr/) in The integration works by collecting data from the Microsoft Azure Event Hub, Microsoft Graph Security REST API, and the Microsoft Defender Endpoint API. +For a demo, refer to the following video (click to view). + +[![Microsoft Defender XDR integration video](https://play.vidyard.com/fSxgBbf7QArpgX345x28v5.jpg)](https://videos.elastic.co/watch/fSxgBbf7QArpgX345x28v5) + ### Compatibility This integration supports below API versions to collect data. diff --git a/packages/m365_defender/docs/README.md b/packages/m365_defender/docs/README.md index fc52970531b..051eb6404a8 100644 --- a/packages/m365_defender/docs/README.md +++ b/packages/m365_defender/docs/README.md @@ -8,6 +8,10 @@ The [Microsoft Defender XDR](https://learn.microsoft.com/en-us/defender-xdr/) in The integration works by collecting data from the Microsoft Azure Event Hub, Microsoft Graph Security REST API, and the Microsoft Defender Endpoint API. +For a demo, refer to the following video (click to view). + +[![Microsoft Defender XDR integration video](https://play.vidyard.com/fSxgBbf7QArpgX345x28v5.jpg)](https://videos.elastic.co/watch/fSxgBbf7QArpgX345x28v5) + ### Compatibility This integration supports below API versions to collect data. diff --git a/packages/microsoft_defender_endpoint/_dev/build/docs/README.md b/packages/microsoft_defender_endpoint/_dev/build/docs/README.md index 23fb44d13bd..1a568aeba91 100644 --- a/packages/microsoft_defender_endpoint/_dev/build/docs/README.md +++ b/packages/microsoft_defender_endpoint/_dev/build/docs/README.md @@ -4,6 +4,10 @@ This integration is for [Microsoft Defender for Endpoint](https://docs.microsoft Microsoft Defender for Endpoint integration collects data for Alert, Machine, Machine Action, and Vulnerability logs using REST API. +For a demo, refer to the following video (click to view). + +[![Microsoft Defender for Endpoint integration video](https://play.vidyard.com/fSxgBbf7QArpgX345x28v5.jpg)](https://videos.elastic.co/watch/fSxgBbf7QArpgX345x28v5) + ## Data streams This integration collects the following logs: diff --git a/packages/microsoft_defender_endpoint/docs/README.md b/packages/microsoft_defender_endpoint/docs/README.md index dad5b5c2d6b..03dd087170a 100644 --- a/packages/microsoft_defender_endpoint/docs/README.md +++ b/packages/microsoft_defender_endpoint/docs/README.md @@ -4,6 +4,10 @@ This integration is for [Microsoft Defender for Endpoint](https://docs.microsoft Microsoft Defender for Endpoint integration collects data for Alert, Machine, Machine Action, and Vulnerability logs using REST API. +For a demo, refer to the following video (click to view). + +[![Microsoft Defender for Endpoint integration video](https://play.vidyard.com/fSxgBbf7QArpgX345x28v5.jpg)](https://videos.elastic.co/watch/fSxgBbf7QArpgX345x28v5) + ## Data streams This integration collects the following logs: diff --git a/packages/sentinel_one/_dev/build/docs/README.md b/packages/sentinel_one/_dev/build/docs/README.md index c8868c874a3..b4dc75ac177 100644 --- a/packages/sentinel_one/_dev/build/docs/README.md +++ b/packages/sentinel_one/_dev/build/docs/README.md @@ -4,6 +4,10 @@ The [SentinelOne](https://www.sentinelone.com/) integration collects and parses data from SentinelOne REST APIs. This integration also offers the capability to perform response actions on SentinelOne hosts directly through the Elastic Security interface (introduced with v8.12.0). Additional configuration is required; for detailed guidance, refer to [documentation](https://www.elastic.co/guide/en/security/current/response-actions-config.html). +For a demo, refer to the following video (click to view). + +[![SentinelOne integration video](https://play.vidyard.com/gQovyr6REJoU4eotQsnTTB.jpg)](https://videos.elastic.co/watch/gQovyr6REJoU4eotQsnTTB) + ### Compatibility This module has been tested against `SentinelOne Management Console API version 2.1`. diff --git a/packages/sentinel_one/docs/README.md b/packages/sentinel_one/docs/README.md index 153ff7bc590..5b6f7b6bc51 100644 --- a/packages/sentinel_one/docs/README.md +++ b/packages/sentinel_one/docs/README.md @@ -4,6 +4,10 @@ The [SentinelOne](https://www.sentinelone.com/) integration collects and parses data from SentinelOne REST APIs. This integration also offers the capability to perform response actions on SentinelOne hosts directly through the Elastic Security interface (introduced with v8.12.0). Additional configuration is required; for detailed guidance, refer to [documentation](https://www.elastic.co/guide/en/security/current/response-actions-config.html). +For a demo, refer to the following video (click to view). + +[![SentinelOne integration video](https://play.vidyard.com/gQovyr6REJoU4eotQsnTTB.jpg)](https://videos.elastic.co/watch/gQovyr6REJoU4eotQsnTTB) + ### Compatibility This module has been tested against `SentinelOne Management Console API version 2.1`. From 9f25e2d5da125aeb756f209827d58afda7fa9bb7 Mon Sep 17 00:00:00 2001 From: Janeen Roberts Date: Thu, 19 Mar 2026 11:06:27 -0400 Subject: [PATCH 3/4] docs: update changelogs and build documentation --- packages/crowdstrike/changelog.yml | 5 +++++ packages/crowdstrike/manifest.yml | 2 +- packages/m365_defender/changelog.yml | 9 ++++++--- packages/m365_defender/manifest.yml | 2 +- packages/microsoft_defender_endpoint/changelog.yml | 14 +++++++------- packages/microsoft_defender_endpoint/manifest.yml | 2 +- packages/sentinel_one/changelog.yml | 5 +++++ packages/sentinel_one/manifest.yml | 2 +- 8 files changed, 27 insertions(+), 14 deletions(-) diff --git a/packages/crowdstrike/changelog.yml b/packages/crowdstrike/changelog.yml index 3e030e7c00c..d5b02430140 100644 --- a/packages/crowdstrike/changelog.yml +++ b/packages/crowdstrike/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "3.12.0" + changes: + - description: Improve documentation + type: enhancement + link: https://github.com/elastic/integrations/pull/17889 - version: "3.11.0" changes: - description: Append preserve_original_event in pipeline on_failure handlers to support error correction and debugging. diff --git a/packages/crowdstrike/manifest.yml b/packages/crowdstrike/manifest.yml index 15a2fb5bcb2..e405b7bd06e 100644 --- a/packages/crowdstrike/manifest.yml +++ b/packages/crowdstrike/manifest.yml @@ -1,6 +1,6 @@ name: crowdstrike title: CrowdStrike -version: "3.11.0" +version: "3.12.0" description: Collect logs from Crowdstrike with Elastic Agent. type: integration format_version: "3.4.0" diff --git a/packages/m365_defender/changelog.yml b/packages/m365_defender/changelog.yml index 339a7f8eb4c..63b0ed2fabd 100644 --- a/packages/m365_defender/changelog.yml +++ b/packages/m365_defender/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "5.12.0" + changes: + - description: Improve documentation + type: enhancement + link: https://github.com/elastic/integrations/pull/17889 - version: "5.11.1" changes: - description: Fix table formatting in README. @@ -6,9 +11,7 @@ link: https://github.com/elastic/integrations/pull/17797 - version: "5.11.0" changes: - - description: | - Add support for "CloudAuditEvents", "CloudProcessEvents", and - "CloudStorageAggregatedEvents" table in event data stream. + - description: "Add support for \"CloudAuditEvents\", \"CloudProcessEvents\", and \n\"CloudStorageAggregatedEvents\" table in event data stream.\n" type: enhancement link: https://github.com/elastic/integrations/pull/17612 - version: "5.10.1" diff --git a/packages/m365_defender/manifest.yml b/packages/m365_defender/manifest.yml index ea35104716e..128f780b398 100644 --- a/packages/m365_defender/manifest.yml +++ b/packages/m365_defender/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.4.0" name: m365_defender title: Microsoft Defender XDR -version: "5.11.1" +version: "5.12.0" description: Collect logs from Microsoft Defender XDR with Elastic Agent. categories: - "security" diff --git a/packages/microsoft_defender_endpoint/changelog.yml b/packages/microsoft_defender_endpoint/changelog.yml index 34a003d4f68..c4e1ce896dc 100644 --- a/packages/microsoft_defender_endpoint/changelog.yml +++ b/packages/microsoft_defender_endpoint/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "4.5.0" + changes: + - description: Improve documentation + type: enhancement + link: https://github.com/elastic/integrations/pull/17889 - version: "4.4.0" changes: - description: Removed ECS field definitions from CDR transform destinations, now covered by ecs@mappings component template. Renamed overridden ECS fields files to ecs-overridden.yml. @@ -40,10 +45,7 @@ Fetch vulnerability data using SoftwareVulnerabilitiesExport API endpoint. type: enhancement link: https://github.com/elastic/integrations/pull/15603 - - description: | - The following fields are no longer available in the new implementation: "cloud.provider", "cloud.resource_id", - "cloud.instance.id", "host.geo", "host.ip", "host.risk.calculated_level", "related.ip", - "vulnerability.description", "vulnerability.published_date", "vulnerability.score.version". + - description: "The following fields are no longer available in the new implementation: \"cloud.provider\", \"cloud.resource_id\", \n\"cloud.instance.id\", \"host.geo\", \"host.ip\", \"host.risk.calculated_level\", \"related.ip\", \n\"vulnerability.description\", \"vulnerability.published_date\", \"vulnerability.score.version\".\n" type: breaking-change link: https://github.com/elastic/integrations/pull/15603 - version: "3.1.2" @@ -68,9 +70,7 @@ link: https://github.com/elastic/integrations/pull/15226 - version: "3.0.0" changes: - - description: | - Add mapping changes and latest transform in `vulnerability` data stream for - Cloud Detection and Response (CDR) vulnerability workflow. + - description: "Add mapping changes and latest transform in `vulnerability` data stream for \nCloud Detection and Response (CDR) vulnerability workflow.\n" type: breaking-change link: https://github.com/elastic/integrations/pull/14809 - version: "2.43.0" diff --git a/packages/microsoft_defender_endpoint/manifest.yml b/packages/microsoft_defender_endpoint/manifest.yml index 466793e052d..a760ff9a64f 100644 --- a/packages/microsoft_defender_endpoint/manifest.yml +++ b/packages/microsoft_defender_endpoint/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.4.0" name: microsoft_defender_endpoint title: Microsoft Defender for Endpoint -version: "4.4.0" +version: "4.5.0" description: Collect logs from Microsoft Defender for Endpoint with Elastic Agent. categories: - security diff --git a/packages/sentinel_one/changelog.yml b/packages/sentinel_one/changelog.yml index 85cd9a5246d..3834030ff27 100644 --- a/packages/sentinel_one/changelog.yml +++ b/packages/sentinel_one/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.5.0" + changes: + - description: Improve documentation + type: enhancement + link: https://github.com/elastic/integrations/pull/17889 - version: "2.4.1" changes: - description: Use triple-brace Mustache templating when referencing variables in ingest pipelines. diff --git a/packages/sentinel_one/manifest.yml b/packages/sentinel_one/manifest.yml index 81548a922b3..e96138028c3 100644 --- a/packages/sentinel_one/manifest.yml +++ b/packages/sentinel_one/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.4.0" name: sentinel_one title: SentinelOne -version: "2.4.1" +version: "2.5.0" description: Collect logs from SentinelOne with Elastic Agent. type: integration categories: From 83281c42f7dbd23c422490f6558b74e1c5880d0e Mon Sep 17 00:00:00 2001 From: Janeen Roberts Date: Mon, 23 Mar 2026 12:43:34 -0400 Subject: [PATCH 4/4] docs: update changelog descriptions per review feedback --- packages/crowdstrike/changelog.yml | 2 +- packages/m365_defender/changelog.yml | 2 +- packages/microsoft_defender_endpoint/changelog.yml | 2 +- packages/sentinel_one/changelog.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/packages/crowdstrike/changelog.yml b/packages/crowdstrike/changelog.yml index d5b02430140..5bdf3afc183 100644 --- a/packages/crowdstrike/changelog.yml +++ b/packages/crowdstrike/changelog.yml @@ -1,7 +1,7 @@ # newer versions go on top - version: "3.12.0" changes: - - description: Improve documentation + - description: Add demo video link to integration documentation. type: enhancement link: https://github.com/elastic/integrations/pull/17889 - version: "3.11.0" diff --git a/packages/m365_defender/changelog.yml b/packages/m365_defender/changelog.yml index 63b0ed2fabd..c34b9da4bda 100644 --- a/packages/m365_defender/changelog.yml +++ b/packages/m365_defender/changelog.yml @@ -1,7 +1,7 @@ # newer versions go on top - version: "5.12.0" changes: - - description: Improve documentation + - description: Add demo video link to integration documentation. type: enhancement link: https://github.com/elastic/integrations/pull/17889 - version: "5.11.1" diff --git a/packages/microsoft_defender_endpoint/changelog.yml b/packages/microsoft_defender_endpoint/changelog.yml index c4e1ce896dc..8b9d2d09573 100644 --- a/packages/microsoft_defender_endpoint/changelog.yml +++ b/packages/microsoft_defender_endpoint/changelog.yml @@ -1,7 +1,7 @@ # newer versions go on top - version: "4.5.0" changes: - - description: Improve documentation + - description: Add demo video link to integration documentation. type: enhancement link: https://github.com/elastic/integrations/pull/17889 - version: "4.4.0" diff --git a/packages/sentinel_one/changelog.yml b/packages/sentinel_one/changelog.yml index 3834030ff27..c7bce5ab011 100644 --- a/packages/sentinel_one/changelog.yml +++ b/packages/sentinel_one/changelog.yml @@ -1,7 +1,7 @@ # newer versions go on top - version: "2.5.0" changes: - - description: Improve documentation + - description: Add demo video link to integration documentation. type: enhancement link: https://github.com/elastic/integrations/pull/17889 - version: "2.4.1"