Update VERSION

VERSION

@@ -1 +1 @@
-2.4.200
+2.4.0-foxtrot

salt/elastalert/enabled.sls

@@ -60,7 +60,7 @@ so-elastalert:
     - watch:
       - file: elastaconf
     - onlyif:
-      - "so-elasticsearch-query / | jq -r '.version.number[0:1]' | grep -q 8" {# only run this state if elasticsearch is version 8 #}
+      - "so-elasticsearch-query / | jq -r '.version.number[0:1]' | grep -q 9" {# only run this state if elasticsearch is version 9 #}
 
 delete_so-elastalert_so-status.disabled:
   file.uncomment:

salt/elasticfleet/files/integrations/elastic-defend/elastic-defend-endpoints.json

@@ -5,7 +5,7 @@
   "package": {
     "name": "endpoint",
     "title": "Elastic Defend",
-    "version": "8.18.1",
+    "version": "9.0.2",
     "requires_root": true
   },
   "enabled": true,

salt/elasticfleet/integration-defaults.map.jinja

@@ -21,6 +21,7 @@
     'azure_application_insights.app_state': 'azure.app_state',
     'azure_billing.billing': 'azure.billing',
     'azure_functions.metrics': 'azure.function',
+    'azure_ai_foundry.metrics': 'azure.ai_foundry',
     'azure_metrics.compute_vm_scaleset': 'azure.compute_vm_scaleset',
     'azure_metrics.compute_vm': 'azure.compute_vm',
     'azure_metrics.container_instance': 'azure.container_instance',

salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-optional-integrations-load

@@ -86,7 +86,7 @@ if [[ -f $STATE_FILE_SUCCESS  ]]; then
         latest_package_list=$(/usr/sbin/so-elastic-fleet-package-list)
         echo '{ "packages" : []}' > $BULK_INSTALL_PACKAGE_LIST
         rm -f $INSTALLED_PACKAGE_LIST
-        echo $latest_package_list | jq '{packages: [.items[] | {name: .name, latest_version: .version, installed_version: .savedObject.attributes.install_version, subscription: .conditions.elastic.subscription }]}' >> $INSTALLED_PACKAGE_LIST
+        echo $latest_package_list | jq '{packages: [.items[] | {name: .name, latest_version: .version, installed_version: .installationInfo.version, subscription: .conditions.elastic.subscription }]}' >> $INSTALLED_PACKAGE_LIST
 
         while read -r package; do
             # get package details

salt/elasticsearch/defaults.yaml

@@ -1,6 +1,6 @@
 elasticsearch:
   enabled: false
-  version: 8.18.8
+  version: 9.0.8
   index_clean: true
   config:
     action:

salt/elasticsearch/tools/sbin_jinja/so-catrust

@@ -15,7 +15,7 @@ set -e
 if [ ! -f /opt/so/saltstack/local/salt/elasticsearch/cacerts ]; then
     docker run -v /etc/pki/ca.crt:/etc/ssl/ca.crt --name so-elasticsearchca --user root --entrypoint jdk/bin/keytool {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-elasticsearch:$ELASTIC_AGENT_TARBALL_VERSION -keystore /usr/share/elasticsearch/jdk/lib/security/cacerts -alias SOSCA -import -file /etc/ssl/ca.crt -storepass changeit -noprompt
     docker cp so-elasticsearchca:/usr/share/elasticsearch/jdk/lib/security/cacerts /opt/so/saltstack/local/salt/elasticsearch/cacerts
-    docker cp so-elasticsearchca:/etc/ssl/certs/ca-certificates.crt /opt/so/saltstack/local/salt/elasticsearch/tls-ca-bundle.pem
+    docker cp so-elasticsearchca:/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem /opt/so/saltstack/local/salt/elasticsearch/tls-ca-bundle.pem
     docker rm so-elasticsearchca
     echo "" >> /opt/so/saltstack/local/salt/elasticsearch/tls-ca-bundle.pem
     echo "sosca" >> /opt/so/saltstack/local/salt/elasticsearch/tls-ca-bundle.pem

salt/logstash/defaults.yaml

@@ -63,7 +63,7 @@ logstash:
   settings:
     lsheap: 500m
   config:
-    http_x_host: 0.0.0.0
+    api_x_http_x_host: 0.0.0.0
     path_x_logs: /var/log/logstash
     pipeline_x_workers: 1
     pipeline_x_batch_x_size: 125

salt/logstash/pipelines/config/so/0011_input_endgame.conf

@@ -5,10 +5,10 @@ input {
     codec => es_bulk
     request_headers_target_field => client_headers
     remote_host_target_field => client_host
-    ssl => true
+    ssl_enabled => true
     ssl_certificate_authorities => ["/usr/share/filebeat/ca.crt"]
     ssl_certificate => "/usr/share/logstash/filebeat.crt"
     ssl_key => "/usr/share/logstash/filebeat.key"
-    ssl_verify_mode => "peer"
+    ssl_client_authentication => "required"
   }
 }

salt/logstash/pipelines/config/so/0012_input_elastic_agent.conf.jinja

@@ -2,11 +2,11 @@ input {
   elastic_agent {
     port => 5055
     tags => [ "elastic-agent", "input-{{ GLOBALS.hostname }}" ]
-    ssl => true
+    ssl_enabled => true
     ssl_certificate_authorities => ["/usr/share/filebeat/ca.crt"]
     ssl_certificate => "/usr/share/logstash/elasticfleet-logstash.crt"
     ssl_key => "/usr/share/logstash/elasticfleet-logstash.key"
-    ssl_verify_mode => "force_peer"
+    ssl_client_authentication => "required"
     ecs_compatibility => v8
   }
 }

salt/logstash/pipelines/config/so/0013_input_lumberjack_fleet.conf

@@ -2,7 +2,7 @@ input {
   elastic_agent {
     port => 5056
     tags => [ "elastic-agent", "fleet-lumberjack-input" ]
-    ssl => true
+    ssl_enabled => true
     ssl_certificate => "/usr/share/logstash/elasticfleet-lumberjack.crt"
     ssl_key => "/usr/share/logstash/elasticfleet-lumberjack.key"
     ecs_compatibility => v8

salt/logstash/pipelines/config/so/9805_output_elastic_agent.conf.jinja

@@ -8,8 +8,8 @@ output {
       document_id => "%{[metadata][_id]}"
       index => "so-ip-mappings"
       silence_errors_in_log => ["version_conflict_engine_exception"]
-      ssl => true
-      ssl_certificate_verification => false
+      ssl_enabled => true
+      ssl_verification_mode => "none"
     }
   }
   else {
@@ -25,8 +25,8 @@ output {
             document_id => "%{[metadata][_id]}"
             pipeline => "%{[metadata][pipeline]}"
             silence_errors_in_log => ["version_conflict_engine_exception"]
-            ssl => true
-            ssl_certificate_verification => false
+            ssl_enabled => true
+            ssl_verification_mode => "none"
           }
         }
         else {
@@ -37,8 +37,8 @@ output {
             user => "{{ ES_USER }}"
             password => "{{ ES_PASS }}"
             pipeline => "%{[metadata][pipeline]}"
-            ssl => true
-            ssl_certificate_verification => false
+            ssl_enabled => true
+            ssl_verification_mode => "none"
           }
         }
       }
@@ -49,8 +49,8 @@ output {
           data_stream => true
           user => "{{ ES_USER }}"
           password => "{{ ES_PASS }}"
-          ssl => true
-          ssl_certificate_verification => false
+          ssl_enabled => true
+          ssl_verification_mode=> "none"
         }
       }
     }

salt/logstash/pipelines/config/so/9900_output_endgame.conf.jinja

@@ -13,8 +13,8 @@ output {
       user => "{{ ES_USER }}"
       password => "{{ ES_PASS }}"
       index => "endgame-%{+YYYY.MM.dd}"
-      ssl => true
-      ssl_certificate_verification => false
+      ssl_enabled => true
+      ssl_verification_mode => "none"
     }
   }
 }

salt/logstash/soc_logstash.yaml

@@ -56,7 +56,7 @@ logstash:
       helpLink: logstash.html
       global: False
   config:
-    http_x_host: 
+    api_x_http_x_host:
       description: Host interface to listen to connections.
       helpLink: logstash.html
       readonly: True