Skip to content

[ti_flashpoint] Initial release of Flashpoint with Alert, Indicator and Vulnerability data streams#17755

Open
akshraj-crest wants to merge 4 commits intoelastic:mainfrom
akshraj-crest:feature/ti_flashpoint-0.1.0
Open

[ti_flashpoint] Initial release of Flashpoint with Alert, Indicator and Vulnerability data streams#17755
akshraj-crest wants to merge 4 commits intoelastic:mainfrom
akshraj-crest:feature/ti_flashpoint-0.1.0

Conversation

@akshraj-crest
Copy link
Contributor

@akshraj-crest akshraj-crest commented Mar 11, 2026

Proposed commit message

The initial release includes Alert, Indicator and vulnerability data stream and associated dashboard.

Flashpoint fields are mapped to their corresponding ECS fields where possible.

Test samples were derived from live data samples, which were subsequently
sanitized

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

How to test this PR locally

To test the flashpoint package:

  • Clone integrations repo.
  • Install elastic package locally.
  • Start elastic stack using elastic-package.
  • Move to integrations/packages/ti_flashpoint directory.
  • Run the following command to run tests.

elastic-package test

Run asset tests for the package
2026/03/11 18:54:58  INFO elastic-package v0.120.0 version-hash 97620231 (build time: 2026-02-18T21:47:16+05:30)
2026/03/11 18:54:58  INFO elastic-stack: 8.18.0
--- Test results for package: ti_flashpoint - START ---
╭───────────────┬───────────────┬───────────┬────────────────────────────────────────────────────────────────────────┬────────┬──────────────╮
│ PACKAGE       │ DATA STREAM   │ TEST TYPE │ TEST NAME                                                              │ RESULT │ TIME ELAPSED │
├───────────────┼───────────────┼───────────┼────────────────────────────────────────────────────────────────────────┼────────┼──────────────┤
│ ti_flashpoint │               │ asset     │ dashboard ti_flashpoint-467e6747-8c82-4bd6-8ba5-2ec3d0e3b826 is loaded │ PASS   │      1.576µs │
│ ti_flashpoint │               │ asset     │ dashboard ti_flashpoint-cfe7739d-dce8-46e0-9f7e-4d077bc5c7bc is loaded │ PASS   │        222ns │
│ ti_flashpoint │               │ asset     │ dashboard ti_flashpoint-f080464d-6a61-42dc-bd9f-45665d5cda75 is loaded │ PASS   │        222ns │
│ ti_flashpoint │               │ asset     │ search ti_flashpoint-02229216-8fcd-4a07-8c65-782f455fcfab is loaded    │ PASS   │        458ns │
│ ti_flashpoint │               │ asset     │ search ti_flashpoint-279eadc8-e6f2-4a00-a5cf-f01bd434eb6e is loaded    │ PASS   │        150ns │
│ ti_flashpoint │               │ asset     │ search ti_flashpoint-78e2de59-5a14-4a7b-9328-69b9b310c0b7 is loaded    │ PASS   │        218ns │
│ ti_flashpoint │ alert         │ asset     │ index_template logs-ti_flashpoint.alert is loaded                      │ PASS   │        307ns │
│ ti_flashpoint │ alert         │ asset     │ ingest_pipeline logs-ti_flashpoint.alert-0.1.0 is loaded               │ PASS   │        212ns │
│ ti_flashpoint │ indicator     │ asset     │ index_template logs-ti_flashpoint.indicator is loaded                  │ PASS   │        140ns │
│ ti_flashpoint │ indicator     │ asset     │ ingest_pipeline logs-ti_flashpoint.indicator-0.1.0 is loaded           │ PASS   │        241ns │
│ ti_flashpoint │ vulnerability │ asset     │ index_template logs-ti_flashpoint.vulnerability is loaded              │ PASS   │        160ns │
│ ti_flashpoint │ vulnerability │ asset     │ ingest_pipeline logs-ti_flashpoint.vulnerability-0.1.0 is loaded       │ PASS   │        161ns │
╰───────────────┴───────────────┴───────────┴────────────────────────────────────────────────────────────────────────┴────────┴──────────────╯
--- Test results for package: ti_flashpoint - END   ---
Done
Run pipeline tests for the package
2026/03/11 18:55:05  INFO elastic-package v0.120.0 version-hash 97620231 (build time: 2026-02-18T21:47:16+05:30)
2026/03/11 18:55:05  INFO elastic-stack: 8.18.0
--- Test results for package: ti_flashpoint - START ---
╭───────────────┬───────────────┬───────────┬───────────────────────────────────────────────────┬────────┬──────────────╮
│ PACKAGE       │ DATA STREAM   │ TEST TYPE │ TEST NAME                                         │ RESULT │ TIME ELAPSED │
├───────────────┼───────────────┼───────────┼───────────────────────────────────────────────────┼────────┼──────────────┤
│ ti_flashpoint │ alert         │ pipeline  │ (ingest pipeline warnings test-alert.log)         │ PASS   │ 279.427829ms │
│ ti_flashpoint │ alert         │ pipeline  │ test-alert.log                                    │ PASS   │ 158.379828ms │
│ ti_flashpoint │ indicator     │ pipeline  │ (ingest pipeline warnings test-indicator.log)     │ PASS   │ 259.626313ms │
│ ti_flashpoint │ indicator     │ pipeline  │ test-indicator.log                                │ PASS   │ 179.925993ms │
│ ti_flashpoint │ vulnerability │ pipeline  │ (ingest pipeline warnings test-vulnerability.log) │ PASS   │ 242.641329ms │
│ ti_flashpoint │ vulnerability │ pipeline  │ test-vulnerability.log                            │ PASS   │ 140.734571ms │
╰───────────────┴───────────────┴───────────┴───────────────────────────────────────────────────┴────────┴──────────────╯
--- Test results for package: ti_flashpoint - END   ---
Done
Run policy tests for the package
2026/03/11 18:55:06  INFO elastic-package v0.120.0 version-hash 97620231 (build time: 2026-02-18T21:47:16+05:30)
2026/03/11 18:55:06  INFO elastic-stack: 8.18.0
--- Test results for package: ti_flashpoint - START ---
No test results
--- Test results for package: ti_flashpoint - END   ---
Done
Run script tests for the package
PKG ti_flashpoint
[no test files]
--- Test results for package: ti_flashpoint - START ---
No test results
--- Test results for package: ti_flashpoint - END   ---
Done
Run static tests for the package
2026/03/11 18:55:07  INFO elastic-package v0.120.0 version-hash 97620231 (build time: 2026-02-18T21:47:16+05:30)
--- Test results for package: ti_flashpoint - START ---
╭───────────────┬───────────────┬───────────┬──────────────────────────┬────────┬──────────────╮
│ PACKAGE       │ DATA STREAM   │ TEST TYPE │ TEST NAME                │ RESULT │ TIME ELAPSED │
├───────────────┼───────────────┼───────────┼──────────────────────────┼────────┼──────────────┤
│ ti_flashpoint │ alert         │ static    │ Verify sample_event.json │ PASS   │ 108.869134ms │
│ ti_flashpoint │ indicator     │ static    │ Verify sample_event.json │ PASS   │ 115.019057ms │
│ ti_flashpoint │ vulnerability │ static    │ Verify sample_event.json │ PASS   │ 126.461652ms │
╰───────────────┴───────────────┴───────────┴──────────────────────────┴────────┴──────────────╯
--- Test results for package: ti_flashpoint - END   ---
Done
Run system tests for the package
2026/03/11 18:55:08  INFO elastic-package v0.120.0 version-hash 97620231 (build time: 2026-02-18T21:47:16+05:30)
2026/03/11 18:55:08  INFO elastic-stack: 8.18.0
2026/03/11 18:55:08  INFO Installing package...
2026/03/11 18:55:20  INFO Running test for data_stream "alert" with configuration 'default'
2026/03/11 18:55:29  INFO Setting up independent Elastic Agent...
2026/03/11 18:55:39  INFO Setting up service...
2026/03/11 18:55:59  INFO Validating test case...
2026/03/11 18:55:59  INFO Tearing down service...
2026/03/11 18:56:00  INFO Write container logs to file: /root/integrations/build/container-logs/ti_flashpoint-1773235560308046281.log
2026/03/11 18:56:02  INFO Tearing down agent...
2026/03/11 18:56:03  INFO Write container logs to file: /root/integrations/build/container-logs/elastic-agent-1773235563168404947.log
2026/03/11 18:56:12  INFO Running test for data_stream "indicator" with configuration 'default'
2026/03/11 18:56:21  INFO Setting up independent Elastic Agent...
2026/03/11 18:57:59  INFO Setting up service...
2026/03/11 18:58:19  INFO Validating test case...
2026/03/11 18:58:20  INFO Tearing down service...
2026/03/11 18:58:20  INFO Write container logs to file: /root/integrations/build/container-logs/ti_flashpoint-1773235700711709681.log
2026/03/11 18:58:23  INFO Tearing down agent...
2026/03/11 18:58:23  INFO Write container logs to file: /root/integrations/build/container-logs/elastic-agent-1773235703207128376.log
2026/03/11 18:58:32  INFO Running test for data_stream "vulnerability" with configuration 'default'
2026/03/11 18:58:41  INFO Setting up independent Elastic Agent...
2026/03/11 18:58:48  INFO Setting up service...
2026/03/11 18:59:08  INFO Validating test case...
2026/03/11 18:59:08  INFO Tearing down service...
2026/03/11 18:59:09  INFO Write container logs to file: /root/integrations/build/container-logs/ti_flashpoint-1773235749560211149.log
2026/03/11 18:59:12  INFO Tearing down agent...
2026/03/11 18:59:12  INFO Write container logs to file: /root/integrations/build/container-logs/elastic-agent-1773235752248747729.log
2026/03/11 18:59:21  INFO Uninstalling package...
--- Test results for package: ti_flashpoint - START ---
╭───────────────┬───────────────┬───────────┬───────────┬────────┬────────────────╮
│ PACKAGE       │ DATA STREAM   │ TEST TYPE │ TEST NAME │ RESULT │   TIME ELAPSED │
├───────────────┼───────────────┼───────────┼───────────┼────────┼────────────────┤
│ ti_flashpoint │ alert         │ system    │ default   │ PASS   │  39.606400882s │
│ ti_flashpoint │ indicator     │ system    │ default   │ PASS   │ 2m7.609674955s │
│ ti_flashpoint │ vulnerability │ system    │ default   │ PASS   │  36.567468502s │
╰───────────────┴───────────────┴───────────┴───────────┴────────┴────────────────╯
--- Test results for package: ti_flashpoint - END   ---
Done

Screenshots

image (6) image (5)

Note: This integration follows a phased development process where individual data streams were reviewed and merged into a feature branch through separate PRs:

All PR's have been reviewed and merged in this feature branch, which is now ready for integration into the main branch.

@akshraj-crest
[ti_flashpoint][alert] Add Flashpoint Alert data stream (elastic#16714)
740b5bf 
The initial release includes alert data stream and associated dashboard.

Flashpoint fields are mapped to their corresponding ECS fields where possible.

Test samples were derived from live data samples, which were subsequently
sanitized.
@akshraj-crest
[ti_flashpoint][indicator] Add Flashpoint Indicator data stream (elas…
41954a8 
…tic#16726)

The initial release includes indicator data stream and associated dashboard.

Flashpoint fields are mapped to their corresponding ECS fields where possible.

Test samples were derived from live data samples, which were subsequently
sanitized.
@akshraj-crest
[ti_flashpoint][vulnerability] Add Flashpoint Vulnerability data stre…
54d412f 
…am (elastic#16741)

The initial release includes vulnerability data stream and associated dashboard.

Flashpoint fields are mapped to their corresponding ECS fields where possible.

Test samples were derived from live data samples, which were subsequently
sanitized
@akshraj-crest akshraj-crest requested a review from a team as a code owner March 11, 2026 13:42
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Mar 11, 2026

Reviewers

Buildkite won't run for external contributors automatically; you need to add a comment:

  • /test : will kick off a build in Buildkite.

NOTE: https://github.com/elastic/integrations/blob/main/.buildkite/pull-requests.json contains all those details.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@akshraj-crest