elastic · kcreddy · Apr 15, 2026
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "3.7.0"
+  changes:
+    - description: Use num_failure_retries instead of unattended mode for transform failure recovery.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/18404
 - version: "3.6.0"
   changes:
     - description: Add tags to ingest pipelines.

@@ -37,6 +37,6 @@ _meta:
   managed: true
   # Bump this version to delete, reinstall, and restart the transform during package.
   # Version bump is needed if there is any code change in transform.
-  fleet_transform_version: 0.5.0
+  fleet_transform_version: 0.6.0
 settings:
-  unattended: true
+  num_failure_retries: -1
@@ -38,6 +38,6 @@ _meta:
   managed: true
   # Bump this version to delete, reinstall, and restart the transform during package.
   # Version bump is needed if there is any code change in transform.
-  fleet_transform_version: 0.5.0
+  fleet_transform_version: 0.6.0
 settings:
-  unattended: true
+  num_failure_retries: -1
@@ -38,6 +38,6 @@ _meta:
   managed: true
   # Bump this version to delete, reinstall, and restart the transform during package.
   # Version bump is needed if there is any code change in transform.
-  fleet_transform_version: 0.5.0
+  fleet_transform_version: 0.6.0
 settings:
-  unattended: true
+  num_failure_retries: -1
@@ -37,6 +37,6 @@ _meta:
   managed: true
   # Bump this version to delete, reinstall, and restart the transform during package.
   # Version bump is needed if there is any code change in transform.
-  fleet_transform_version: 0.5.0
+  fleet_transform_version: 0.6.0
 settings:
-  unattended: true
+  num_failure_retries: -1
@@ -37,6 +37,6 @@ _meta:
   managed: true
   # Bump this version to delete, reinstall, and restart the transform during package.
   # Version bump is needed if there is any code change in transform.
-  fleet_transform_version: 0.5.0
+  fleet_transform_version: 0.6.0
 settings:
-  unattended: true
+  num_failure_retries: -1
@@ -37,6 +37,6 @@ _meta:
   managed: true
   # Bump this version to delete, reinstall, and restart the transform during package.
   # Version bump is needed if there is any code change in transform.
-  fleet_transform_version: 0.5.0
+  fleet_transform_version: 0.6.0
 settings:
-  unattended: true
+  num_failure_retries: -1
@@ -1,6 +1,6 @@
 name: ti_abusech
 title: abuse.ch
-version: "3.6.0"
+version: "3.7.0"
 description: Ingest threat intelligence indicators from URL Haus, Malware Bazaar, and Threat Fox feeds with Elastic Agent.
 type: integration
 format_version: "3.3.2"

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.7.0"
+  changes:
+    - description: Use num_failure_retries instead of unattended mode for transform failure recovery.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/18404
 - version: "2.6.1"
   changes:
     - description: Add missing request trace enabled default option.

@@ -32,6 +32,6 @@ retention_policy:
 _meta:
   managed: true
   # Bump this version to delete, reinstall, and restart the transform during package.
-  fleet_transform_version: 0.4.0
+  fleet_transform_version: 0.5.0
 settings:
-  unattended: true
+  num_failure_retries: -1
@@ -32,6 +32,6 @@ retention_policy:
 _meta:
   managed: true
   # Bump this version to delete, reinstall, and restart the transform during package.
-  fleet_transform_version: 0.6.0
+  fleet_transform_version: 0.7.0
 settings:
-  unattended: true
+  num_failure_retries: -1
@@ -1,6 +1,6 @@
 name: ti_anomali
 title: Anomali ThreatStream
-version: "2.6.1"
+version: "2.7.0"
 description: Ingest threat intelligence indicators from Anomali ThreatStream with Elastic Agent.
 type: integration
 format_version: 3.3.2

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.1.0"
+  changes:
+    - description: Use num_failure_retries instead of unattended mode for transform failure recovery.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/18404
 - version: "1.0.0"
   changes:
     - description: Initial release of ANY.RUN Threat Intelligence Feeds package

@@ -24,4 +24,6 @@ retention_policy:
     max_age: 1m
 _meta:
   managed: true
-  fleet_transform_version: 1.0.0
+  fleet_transform_version: 1.1.0
+settings:
+  num_failure_retries: -1
@@ -1,7 +1,7 @@
 format_version: 3.4.0
 name: ti_anyrun
 title: ANY.RUN Threat Intelligence Feeds
-version: 1.0.0
+version: 1.1.0
 source:
   license: Elastic-2.0
 description: Ingest Threat Intelligence indicators from ANY.RUN TI Feeds with Elastic Agent
@@ -22,7 +22,7 @@ screenshots:
   - src: /img/Intelligence_Dashboard.png
     title: Intelligence Dashboard
     size: 600x600
-    type: image/png 
+    type: image/png
 icons:
   - src: /img/anyrun-logo.svg
     title: ANY.RUN
@@ -55,7 +55,7 @@ policy_templates:
             required: true
             show_user: false
             default: https://api.any.run
-            description: Base URL of the ANY.RUN Threat Intelligence API. Defaults to https://api.any.run  
+            description: Base URL of the ANY.RUN Threat Intelligence API. Defaults to https://api.any.run
           - name: proxy_url
             type: text
             title: Proxy URL

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.19.0"
+  changes:
+    - description: Use num_failure_retries instead of unattended mode for transform failure recovery.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/18404
 - version: "1.18.2"
   changes:
     - description: Use triple-brace Mustache templating when referencing variables in ingest pipelines.

@@ -40,6 +40,6 @@ _meta:
   managed: true
   # Bump this version to delete, reinstall, and restart the transform during package.
   # Version bump is needed if there is any code change in transform.
-  fleet_transform_version: 0.4.0
+  fleet_transform_version: 0.5.0
 settings:
-  unattended: true
+  num_failure_retries: -1
@@ -1,7 +1,7 @@
 format_version: "3.0.2"
 name: ti_cif3
 title: "Collective Intelligence Framework v3"
-version: "1.18.2"
+version: "1.19.0"
 description: "Ingest threat indicators from a Collective Intelligence Framework v3 instance with Elastic Agent."
 type: integration
 categories:

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.8.0"
+  changes:
+    - description: Use num_failure_retries instead of unattended mode for transform failure recovery.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/18404
 - version: "2.7.1"
   changes:
     - description: Change `data_stream.namespace` field type from constant_keyword to keyword in transform destination indices to support multiple namespaces.

@@ -22,7 +22,7 @@ latest:
 description: Latest Intel Indicator data retrieved from CrowdStrike Intel API.
 frequency: 30s
 settings:
-  unattended: true
+  num_failure_retries: -1
 sync:
   time:
     field: event.ingested
@@ -35,4 +35,4 @@ _meta:
   managed: true
   # Bump this version to delete, reinstall, and restart the transform during package.
   # Version bump is needed if there is any code change in transform.
-  fleet_transform_version: 0.5.0
+  fleet_transform_version: 0.6.0
@@ -22,7 +22,7 @@ latest:
 description: Latest IOC Indicator data retrieved from CrowdStrike IOC API.
 frequency: 30s
 settings:
-  unattended: true
+  num_failure_retries: -1
 sync:
   time:
     field: event.ingested
@@ -35,4 +35,4 @@ _meta:
   managed: true
   # Bump this version to delete, reinstall, and restart the transform during package.
   # Version bump is needed if there is any code change in transform.
-  fleet_transform_version: 0.6.0
+  fleet_transform_version: 0.7.0
@@ -1,7 +1,7 @@
 format_version: 3.3.2
 name: ti_crowdstrike
 title: CrowdStrike Falcon Intelligence
-version: "2.7.1"
+version: "2.8.0"
 description: Collect logs from CrowdStrike Falcon Intelligence with Elastic Agent.
 type: integration
 categories:

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.6.0"
+  changes:
+    - description: Use num_failure_retries instead of unattended mode for transform failure recovery.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/18404
 - version: "1.5.0"
   changes:
     - description: Expose `max_executions` as an optional advanced parameter so users can raise the cap for high-volume feeds.

@@ -31,6 +31,6 @@ _meta:
   managed: true
   # Bump this version to delete, reinstall, and restart the transform during package.
   # Version bump is needed if there is any code change in transform.
-  fleet_transform_version: 0.6.0
+  fleet_transform_version: 0.7.0
 settings:
-  unattended: true
+  num_failure_retries: -1
@@ -3,7 +3,7 @@ name: ti_custom
 title: Custom Threat Intelligence
 description: Ingest threat intelligence data in STIX 2.1 format with Elastic Agent
 type: integration
-version: "1.5.0"
+version: "1.6.0"
 categories:
   - custom
   - security

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.35.0"
+  changes:
+    - description: Use num_failure_retries instead of unattended mode for transform failure recovery.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/18404
 - version: "1.34.1"
   changes:
     - description: Remove duplicate security-solution-default tag references

@@ -34,6 +34,6 @@ _meta:
   managed: true
   # Bump this version to delete, reinstall, and restart the transform during package.
   # Version bump is needed if there is any code change in transform.
-  fleet_transform_version: 0.4.0
+  fleet_transform_version: 0.5.0
 settings:
-  unattended: true
+  num_failure_retries: -1
@@ -1,6 +1,6 @@
 name: ti_cybersixgill
 title: Cybersixgill
-version: "1.34.1"
+version: "1.35.0"
 description: Ingest threat intelligence indicators from Cybersixgill with Elastic Agent.
 type: integration
 format_version: "3.0.2"

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "0.3.0"
+  changes:
+    - description: Use num_failure_retries instead of unattended mode for transform failure recovery.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/18404
 - version: "0.2.0"
   changes:
     - description: Update documentation and add "IOC Expiration Duration" configuration parameter.

@@ -23,7 +23,7 @@ description: Latest IOC Indicator data retrieved from Cyware Intel Exchange API.
 frequency: 2m
 settings:
   deduce_mappings: false
-  unattended: true
+  num_failure_retries: -1
 sync:
   time:
     field: "event.ingested"
@@ -38,5 +38,5 @@ _meta:
   managed: true
   # Bump this version to delete, reinstall, and restart the transform during
   # package installation.
-  fleet_transform_version: 0.1.0
+  fleet_transform_version: 0.2.0
   run_as_kibana_system: false
@@ -1,7 +1,7 @@
 format_version: 3.3.2
 name: ti_cyware_intel_exchange
 title: Cyware Intel Exchange
-version: 0.2.0
+version: 0.3.0
 description: Collect logs from Cyware Intel Exchange with Elastic Agent.
 type: integration
 categories: ["security", "threat_intel"]
@@ -17,7 +17,7 @@ icons:
     type: image/svg+xml
 screenshots:
   - src: /img/cyware-indicator-dashboard.png
-    title: Indicator Dashboard 
+    title: Indicator Dashboard
     size: 600x600
     type: image/png
 policy_templates:

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.4.0"
+  changes:
+    - description: Use num_failure_retries instead of unattended mode for transform failure recovery.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/18404
 - version: "1.3.0"
   changes:
     - description: Allow transforms to run in unattended mode.

@@ -32,6 +32,6 @@ _meta:
   managed: true
   # Bump this version to delete, reinstall, and restart the transform during package.
   # Version bump is needed if there is any code change in transform.
-  fleet_transform_version: 1.1.0
+  fleet_transform_version: 1.2.0
 settings:
-  unattended: true
+  num_failure_retries: -1
@@ -32,6 +32,6 @@ _meta:
   managed: true
   # Bump this version to delete, reinstall, and restart the transform during package.
   # Version bump is needed if there is any code change in transform.
-  fleet_transform_version: 1.1.0
+  fleet_transform_version: 1.2.0
 settings:
-  unattended: true
+  num_failure_retries: -1
@@ -32,6 +32,6 @@ _meta:
   managed: true
   # Bump this version to delete, reinstall, and restart the transform during package.
   # Version bump is needed if there is any code change in transform.
-  fleet_transform_version: 1.1.0
+  fleet_transform_version: 1.2.0
 settings:
-  unattended: true
+  num_failure_retries: -1
@@ -32,6 +32,6 @@ _meta:
   managed: true
   # Bump this version to delete, reinstall, and restart the transform during package.
   # Version bump is needed if there is any code change in transform.
-  fleet_transform_version: 1.1.0
+  fleet_transform_version: 1.2.0
 settings:
-  unattended: true
+  num_failure_retries: -1
@@ -32,6 +32,6 @@ _meta:
   managed: true
   # Bump this version to delete, reinstall, and restart the transform during package.
   # Version bump is needed if there is any code change in transform.
-  fleet_transform_version: 1.1.0
+  fleet_transform_version: 1.2.0
 settings:
-  unattended: true
+  num_failure_retries: -1
@@ -32,6 +32,6 @@ _meta:
   managed: true
   # Bump this version to delete, reinstall, and restart the transform during package.
   # Version bump is needed if there is any code change in transform.
-  fleet_transform_version: 1.1.0
+  fleet_transform_version: 1.2.0
 settings:
-  unattended: true
+  num_failure_retries: -1