diff --git a/packages/salesforce/changelog.yml b/packages/salesforce/changelog.yml index 0c0c000a4d0..76d819d9070 100644 --- a/packages/salesforce/changelog.yml +++ b/packages/salesforce/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.7.0" + changes: + - description: Adding limit to queries in `login`, `logout` and `setupaudittrail`. + type: enhancement + link: https://github.com/elastic/integrations/pull/16193 - version: "1.6.0" changes: - description: Improve documentation diff --git a/packages/salesforce/data_stream/login/agent/stream/salesforce.yml.hbs b/packages/salesforce/data_stream/login/agent/stream/salesforce.yml.hbs index 8838980e6b4..cd1cba30997 100644 --- a/packages/salesforce/data_stream/login/agent/stream/salesforce.yml.hbs +++ b/packages/salesforce/data_stream/login/agent/stream/salesforce.yml.hbs @@ -1,4 +1,5 @@ version: {{api_version}} +limit: {{limit}} auth.oauth2: {{#if jwt_enabled }} jwt_bearer_flow: @@ -22,16 +23,16 @@ event_monitoring_method: enabled: {{#if event_log_file}}true{{else}}false{{/if}} interval: {{elf_period}} query: - default: SELECT CreatedDate,LogDate,LogFile FROM EventLogFile WHERE {{#if initial_interval}}LogDate > [[ (formatTime (now.Add (parseDuration "-{{initial_interval}}")) "2006-01-02T15:04:05.000Z0700") ]] AND {{/if}}{{#if log_file_interval}}Interval = '{{log_file_interval}}' AND {{/if}}EventType = 'Login' ORDER BY LogDate ASC NULLS FIRST - value: SELECT CreatedDate,LogDate,LogFile FROM EventLogFile WHERE {{#if log_file_interval}}Interval = '{{log_file_interval}}' AND {{/if}}EventType = 'Login' AND CreatedDate > [[ .cursor.event_log_file.last_event_time ]] ORDER BY LogDate ASC NULLS FIRST + default: SELECT CreatedDate,LogDate,LogFile FROM EventLogFile WHERE EventType = 'Login' AND {{#if initial_interval}}LogDate > [[ (formatTime (now.Add (parseDuration "-{{initial_interval}}")) "2006-01-02T15:04:05.000Z0700") ]] AND {{/if}}{{#if log_file_interval}}Interval = '{{log_file_interval}}'{{/if}} ORDER BY LogDate ASC {{#if limit}}LIMIT {{limit}}{{/if}} + value: SELECT CreatedDate,LogDate,LogFile FROM EventLogFile WHERE EventType = 'Login' AND CreatedDate > [[ .cursor.event_log_file.last_event_time ]] AND {{#if log_file_interval}}Interval = '{{log_file_interval}}'{{/if}} ORDER BY LogDate ASC {{#if limit}}LIMIT {{limit}}{{/if}} cursor: field: "CreatedDate" object: enabled: {{#if object}}true{{else}}false{{/if}} interval: {{real_time_period}} query: - default: SELECT FIELDS(STANDARD) FROM LoginEvent{{#if initial_interval}} WHERE EventDate > [[ (formatTime (now.Add (parseDuration "-{{initial_interval}}")) "2006-01-02T15:04:05.000Z0700") ]]{{/if}} - value: SELECT FIELDS(STANDARD) FROM LoginEvent WHERE EventDate > [[ .cursor.object.first_event_time ]] + default: SELECT FIELDS(STANDARD) FROM LoginEvent{{#if initial_interval}} WHERE EventDate > [[ (formatTime (now.Add (parseDuration "-{{initial_interval}}")) "2006-01-02T15:04:05.000Z0700") ]]{{/if}} ORDER BY EventDate ASC {{#if limit}}LIMIT {{limit}}{{/if}} + value: SELECT FIELDS(STANDARD) FROM LoginEvent WHERE EventDate > [[ .cursor.object.first_event_time ]] ORDER BY EventDate ASC {{#if limit}}LIMIT {{limit}}{{/if}} cursor: field: "EventDate" tags: diff --git a/packages/salesforce/data_stream/login/manifest.yml b/packages/salesforce/data_stream/login/manifest.yml index 1456c163e64..b75ee223622 100644 --- a/packages/salesforce/data_stream/login/manifest.yml +++ b/packages/salesforce/data_stream/login/manifest.yml @@ -3,6 +3,13 @@ title: Salesforce login logs streams: - input: salesforce vars: + - name: limit + type: integer + title: Query limit + description: Query limit. + multi: false + required: false + show_user: false - name: api_version type: text title: API Version diff --git a/packages/salesforce/data_stream/logout/agent/stream/salesforce.yml.hbs b/packages/salesforce/data_stream/logout/agent/stream/salesforce.yml.hbs index 53d388a71d6..6f011d2c938 100644 --- a/packages/salesforce/data_stream/logout/agent/stream/salesforce.yml.hbs +++ b/packages/salesforce/data_stream/logout/agent/stream/salesforce.yml.hbs @@ -1,4 +1,5 @@ version: {{api_version}} +limit: {{limit}} auth.oauth2: {{#if jwt_enabled }} jwt_bearer_flow: @@ -22,16 +23,16 @@ event_monitoring_method: enabled: {{#if event_log_file}}true{{else}}false{{/if}} interval: {{elf_period}} query: - default: SELECT CreatedDate,LogDate,LogFile FROM EventLogFile WHERE {{#if initial_interval}}LogDate > [[ (formatTime (now.Add (parseDuration "-{{initial_interval}}")) "2006-01-02T15:04:05.000Z0700") ]] AND {{/if}}{{#if log_file_interval}}Interval = '{{log_file_interval}}' AND {{/if}}EventType = 'Logout' ORDER BY LogDate ASC NULLS FIRST - value: SELECT CreatedDate,LogDate,LogFile FROM EventLogFile WHERE {{#if log_file_interval}}Interval = '{{log_file_interval}}' AND {{/if}}EventType = 'Logout' AND CreatedDate > [[ .cursor.event_log_file.last_event_time ]] ORDER BY LogDate ASC NULLS FIRST + default: SELECT CreatedDate,LogDate,LogFile FROM EventLogFile WHERE EventType = 'Logout' AND {{#if initial_interval}}LogDate > [[ (formatTime (now.Add (parseDuration "-{{initial_interval}}")) "2006-01-02T15:04:05.000Z0700") ]] AND {{/if}}{{#if log_file_interval}}Interval = '{{log_file_interval}}'{{/if}} ORDER BY LogDate ASC {{#if limit}}LIMIT {{limit}}{{/if}} + value: SELECT CreatedDate,LogDate,LogFile FROM EventLogFile WHERE EventType = 'Logout' AND CreatedDate > [[ .cursor.event_log_file.last_event_time ]] AND {{#if log_file_interval}}Interval = '{{log_file_interval}}'{{/if}} ORDER BY LogDate ASC {{#if limit}}LIMIT {{limit}}{{/if}} cursor: field: "CreatedDate" object: enabled: {{#if object}}true{{else}}false{{/if}} interval: {{real_time_period}} query: - default: SELECT FIELDS(STANDARD) FROM LogoutEvent{{#if initial_interval}} WHERE EventDate > [[ (formatTime (now.Add (parseDuration "-{{initial_interval}}")) "2006-01-02T15:04:05.000Z0700") ]]{{/if}} - value: SELECT FIELDS(STANDARD) FROM LogoutEvent WHERE EventDate > [[ .cursor.object.first_event_time ]] + default: SELECT FIELDS(STANDARD) FROM LogoutEvent{{#if initial_interval}} WHERE EventDate > [[ (formatTime (now.Add (parseDuration "-{{initial_interval}}")) "2006-01-02T15:04:05.000Z0700") ]]{{/if}} ORDER BY EventDate ASC {{#if limit}}LIMIT {{limit}}{{/if}} + value: SELECT FIELDS(STANDARD) FROM LogoutEvent WHERE EventDate > [[ .cursor.object.first_event_time ]] ORDER BY EventDate ASC {{#if limit}}LIMIT {{limit}}{{/if}} cursor: field: "EventDate" tags: diff --git a/packages/salesforce/data_stream/logout/manifest.yml b/packages/salesforce/data_stream/logout/manifest.yml index 616282ec472..782c331215a 100644 --- a/packages/salesforce/data_stream/logout/manifest.yml +++ b/packages/salesforce/data_stream/logout/manifest.yml @@ -3,6 +3,13 @@ title: Salesforce logout logs streams: - input: salesforce vars: + - name: limit + type: integer + title: Query limit + description: Query limit. + multi: false + required: false + show_user: false - name: api_version type: text title: API Version diff --git a/packages/salesforce/data_stream/setupaudittrail/agent/stream/salesforce.yml.hbs b/packages/salesforce/data_stream/setupaudittrail/agent/stream/salesforce.yml.hbs index 62f80c2b804..e38dcd3eb09 100644 --- a/packages/salesforce/data_stream/setupaudittrail/agent/stream/salesforce.yml.hbs +++ b/packages/salesforce/data_stream/setupaudittrail/agent/stream/salesforce.yml.hbs @@ -1,4 +1,5 @@ version: {{api_version}} +limit: {{limit}} auth.oauth2: {{#if jwt_enabled }} jwt_bearer_flow: @@ -22,8 +23,8 @@ event_monitoring_method: enabled: true interval: {{period}} query: - default: SELECT FIELDS(STANDARD) FROM SetupAuditTrail{{#if initial_interval}} WHERE CreatedDate > [[ (formatTime (now.Add (parseDuration "-{{initial_interval}}")) "2006-01-02T15:04:05.000Z0700") ]]{{/if}} ORDER BY CreatedDate ASC NULLS FIRST - value: SELECT FIELDS(STANDARD) FROM SetupAuditTrail WHERE CreatedDate > [[ .cursor.object.last_event_time ]] ORDER BY CreatedDate ASC NULLS FIRST + default: SELECT FIELDS(STANDARD) FROM SetupAuditTrail{{#if initial_interval}} WHERE CreatedDate > [[ (formatTime (now.Add (parseDuration "-{{initial_interval}}")) "2006-01-02T15:04:05.000Z0700") ]]{{/if}} ORDER BY CreatedDate ASC {{#if limit}}LIMIT {{limit}}{{/if}} + value: SELECT FIELDS(STANDARD) FROM SetupAuditTrail WHERE CreatedDate > [[ .cursor.object.last_event_time ]] ORDER BY CreatedDate ASC {{#if limit}}LIMIT {{limit}}{{/if}} cursor: field: "CreatedDate" tags: diff --git a/packages/salesforce/data_stream/setupaudittrail/manifest.yml b/packages/salesforce/data_stream/setupaudittrail/manifest.yml index 52a9ff613c1..866ef06d57c 100644 --- a/packages/salesforce/data_stream/setupaudittrail/manifest.yml +++ b/packages/salesforce/data_stream/setupaudittrail/manifest.yml @@ -3,6 +3,13 @@ title: Salesforce setupaudittrail logs streams: - input: salesforce vars: + - name: limit + type: integer + title: Query limit + description: Query limit. + multi: false + required: false + show_user: false - name: api_version type: text title: API Version diff --git a/packages/salesforce/manifest.yml b/packages/salesforce/manifest.yml index 4334cc145d3..807296fee86 100644 --- a/packages/salesforce/manifest.yml +++ b/packages/salesforce/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.0.2 name: salesforce title: Salesforce -version: "1.6.0" +version: "1.7.0" description: | Collect logs from Salesforce instances using the Elastic Agent. This integration enables monitoring and analysis of various Salesforce logs, including Login, Logout, Setup Audit Trail, and Apex execution logs. Gain insights into user activity, security events, and application performance. type: integration