add filtering out of documents with error.message from latest misconfiguration and vulnerability index

change is added to all supported native and 3p integrations

Author: alexreal1314

packages/aws/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "4.3.1"
+  changes:
+    - description: Update transform to filter out document containing an error.message from AWS Config, AWS Inspector, and AWS Security Hub latest indexes.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/15722
 - version: "4.3.0"
   changes:
     - description: Improve documentation to align with new guidelines.

packages/aws/elasticsearch/transform/latest_cdr_misconfigurations/transform.yml

@@ -1,6 +1,11 @@
 source:
   index:
     - "logs-aws.securityhub_findings_full_posture-*"
+  query:
+    bool:
+      must_not:
+        exists:
+          field: error.message
 dest:
   index: "security_solution-aws.misconfiguration_latest-v2"
   aliases:

packages/aws/elasticsearch/transform/latest_cdr_misconfigurations_awsconfig/transform.yml

@@ -2,6 +2,11 @@
 source:
   index:
     - "logs-aws.config-*"
+  query:
+    bool:
+      must_not:
+        exists:
+          field: error.message
 dest:
   index: "security_solution-awsconfig.misconfiguration_latest-v1"
   aliases:

packages/aws/elasticsearch/transform/latest_cdr_vulnerabilities_awsinspector/transform.yml

@@ -8,6 +8,9 @@ source:
             aws.inspector.status: ACTIVE
         - match:
             aws.inspector.type: PACKAGE_VULNERABILITY
+      must_not:
+        - exists:
+            field: error.message
 dest:
   index: "security_solution-awsinspector.vulnerability_latest-v1"
   aliases:

packages/aws/manifest.yml

@@ -1,7 +1,7 @@
 format_version: 3.3.2
 name: aws
 title: AWS
-version: "4.3.0"
+version: "4.3.1"
 description: Collect logs and metrics from Amazon Web Services (AWS) with Elastic Agent.
 type: integration
 categories:

packages/cloud_security_posture/changelog.yml

@@ -16,6 +16,11 @@
 # 1.4.x - 8.9.x
 # 1.3.x - 8.8.x
 # 1.2.x - 8.7.x
+- version: "3.1.1"
+  changes:
+    - description: Update transform to filter out documents containing an error message from latest vulnerability and misconfiguration indexes.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/15722
 - version: "3.1.0"
   changes:
     - description: Release version 3.1.0

packages/cloud_security_posture/elasticsearch/transform/misconfiguration/transform.yml

@@ -1,6 +1,11 @@
 source:
   index:
     - "logs-cloud_security_posture.findings-*"
+  query:
+    bool:
+      must_not:
+        exists:
+          field: error.message
 dest:
   index: "security_solution-cloud_security_posture.misconfiguration_latest-v1"
   aliases:

packages/cloud_security_posture/manifest.yml

@@ -1,7 +1,7 @@
 format_version: 3.3.2
 name: cloud_security_posture
 title: "Security Posture Management"
-version: "3.1.0"
+version: "3.1.1"
 source:
   license: "Elastic-2.0"
 description: "Identify & remediate configuration risks in your Cloud infrastructure"

packages/google_scc/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.2.1"
+  changes:
+    - description: Update transform to filter out documents containing an error.message from latest vulnerability and misconfiguration indexes.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/15722
 - version: "2.2.0"
   changes:
     - description: Prevent updating fleet health status to degraded.

packages/google_scc/elasticsearch/transform/latest_cdr_misconfigurations/transform.yml

@@ -6,6 +6,9 @@ source:
       must:
         - match:
             google_scc.finding.class: MISCONFIGURATION
+      must_not:
+        - exists:
+            field: error.message
 dest:
   index: "security_solution-google_scc.misconfiguration_latest-v1"
   aliases: