Add missing winlog config options (#10408)

Author: marc-gr

packages/hid_bravura_monitor/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.18.0"
+  changes:
+    - description: Add missing options to winlog input
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/10408
 - version: "1.17.2"
   changes:
     - description: Changed owners

packages/hid_bravura_monitor/data_stream/winlog/agent/stream/winlog.yml.hbs

@@ -3,14 +3,31 @@ condition: ${host.platform} == 'windows'
 {{#if event_id}}
 event_id: {{event_id}}
 {{/if}}
-{{#if processors}}
-processors:
-{{processors}}
+{{#if ignore_older}}
+ignore_older: {{ignore_older}}
 {{/if}}
+{{#if language}}
+language: {{language}}
+{{/if}}
+{{#if tags.length}}
 tags:
+{{#each tags as |tag|}}
+  - {{tag}}
+{{/each}}
 {{#if preserve_original_event}}
   - preserve_original_event
 {{/if}}
-{{#each tags as |tag i|}}
-  - {{tag}}
-{{/each}}
+{{else}}
+{{#if preserve_original_event}}
+tags:
+  - preserve_original_event
+{{/if}}
+{{/if}}
+{{#if preserve_original_event}}
+include_xml: true
+{{/if}}
+{{#if processors.length}}
+processors:
+{{processors}}
+{{/if}}
+{{custom}}

packages/hid_bravura_monitor/data_stream/winlog/manifest.yml

@@ -22,6 +22,22 @@ streams:
         type: bool
         multi: false
         default: false
+      - name: ignore_older
+        type: text
+        title: Ignore events older than
+        default: 72h
+        required: false
+        show_user: false
+        description: >-
+          If this option is specified, events that are older than the specified amount of time are ignored. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".
+      - name: language
+        type: text
+        title: Language ID
+        description: >-
+          The language ID the events will be rendered in. The language will be forced regardless of the system language. A complete list of language IDs can be found https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-lcid/a9eac961-e77d-41a6-90a5-ce1a8b0cdb9c[here]. It defaults to `0`, which indicates to use the system language. E.g.: 0x0409 for en-US
+        required: false
+        show_user: false
+        default: 0
       - name: processors
         type: yaml
         title: Processors
@@ -35,3 +51,13 @@ streams:
         title: Tags
         multi: true
         show_user: false
+      - name: custom
+        type: yaml
+        title: Custom Configurations
+        description: >-
+          YAML configuration options for winlog input. Be careful, this may break the integration.
+        required: false
+        show_user: false
+        default: |-
+          # Winlog configuration example
+          #batch_read_size: 100

packages/hid_bravura_monitor/manifest.yml

@@ -1,6 +1,6 @@
 name: hid_bravura_monitor
 title: Bravura Monitor
-version: "1.17.2"
+version: "1.18.0"
 categories: ["security", "iam"]
 description: Collect logs from Bravura Security Fabric with Elastic Agent.
 type: integration

packages/microsoft_sqlserver/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.9.0"
+  changes:
+    - description: Add missing options to winlog input
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/10408
 - version: "2.8.0"
   changes:
     - description: Add processor support for performance and transaction_log data streams.

packages/microsoft_sqlserver/data_stream/audit/agent/stream/winlog.yml.hbs

@@ -1,6 +1,8 @@
 name: {{channel}}
 condition: ${host.platform} == 'windows'
+{{#if event_id}}
 event_id: {{event_id}}
+{{/if}}
 {{#if ignore_older}}
 ignore_older: {{ignore_older}}
 {{/if}}
@@ -9,9 +11,17 @@ language: {{language}}
 {{/if}}
 {{#if tags.length}}
 tags:
-{{#each tags as |tag i|}}
-  - {{tag}}
+{{#each tags as |tag|}}
+- {{tag}}
 {{/each}}
+{{#if preserve_original_event}}
+- preserve_original_event
+{{/if}}
+{{else}}
+{{#if preserve_original_event}}
+tags:
+- preserve_original_event
+{{/if}}
 {{/if}}
 {{#if preserve_original_event}}
 include_xml: true
@@ -20,3 +30,4 @@ include_xml: true
 processors:
 {{processors}}
 {{/if}}
+{{custom}}

packages/microsoft_sqlserver/data_stream/audit/manifest.yml

@@ -60,3 +60,13 @@ streams:
         required: false
         show_user: false
         description: "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. \nThis executes in the agent before the logs are parsed. \nSee [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.\n"
+      - name: custom
+        type: yaml
+        title: Custom Configurations
+        description: >-
+          YAML configuration options for winlog input. Be careful, this may break the integration.
+        required: false
+        show_user: false
+        default: |-
+          # Winlog configuration example
+          #batch_read_size: 100

packages/microsoft_sqlserver/manifest.yml

@@ -1,7 +1,7 @@
 format_version: "3.0.2"
 name: microsoft_sqlserver
 title: "Microsoft SQL Server"
-version: "2.8.0"
+version: "2.9.0"
 description: Collect events from Microsoft SQL Server with Elastic Agent
 type: integration
 categories: