Skip to content

[ti_anomali] Rebrand Integration Name and Normalize Event Severity#17442

Open
mohitjha-elastic wants to merge 2 commits intoelastic:mainfrom
mohitjha-elastic:ti_anomali-2.4.0
Open

[ti_anomali] Rebrand Integration Name and Normalize Event Severity#17442
mohitjha-elastic wants to merge 2 commits intoelastic:mainfrom
mohitjha-elastic:ti_anomali-2.4.0

Conversation

@mohitjha-elastic
Copy link
Collaborator

@mohitjha-elastic mohitjha-elastic commented Feb 17, 2026

Proposed commit message

ti_anomali: Rebrand to Anomali ThreatStream and normalize event.severity ECS.

Rebranded the integration to Anomali ThreatStream as a superficial update with no 
impact on existing functionality or data flow. Additionally, normalized the event.severity 
values to align with the latest guidelines and updated the documentation to 
incorporate best practices.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

How to test this PR locally

  • Clone integrations repo.
  • Install the elastic package locally.
  • Start the elastic stack using the elastic package.
  • Move to integrations/packages/ti_anomali directory.
  • Run the following command to run tests.

elastic-package test -v

Related Issues

@mohitjha-elastic mohitjha-elastic self-assigned this Feb 17, 2026
@mohitjha-elastic mohitjha-elastic requested a review from a team as a code owner February 17, 2026 18:32
@mohitjha-elastic mohitjha-elastic added documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. enhancement New feature or request Integration:ti_anomali Anomali Category: Integration quality Category: Quality used for SI planning Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Team:Sit-Crest Crest developers on the Security Integrations team [elastic/sit-crest-contractors] labels Feb 17, 2026
@elasticmachine
Copy link

elasticmachine commented Feb 17, 2026

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@github-actions
Copy link
Contributor

github-actions bot commented Feb 17, 2026

Vale Linting Results

Summary: 8 warnings, 4 suggestions found

⚠️ Warnings (8)
File Line Rule Message
packages/ti_anomali/_dev/build/docs/README.md 42 Elastic.Latinisms Latin terms and abbreviations are a common source of confusion. Use 'using' instead of 'via'.
packages/ti_anomali/_dev/build/docs/README.md 45 Elastic.DontUse Don't use 'Please'.
packages/ti_anomali/_dev/build/docs/README.md 118 Elastic.DontUse Don't use 'Very'.
packages/ti_anomali/docs/README.md 42 Elastic.Latinisms Latin terms and abbreviations are a common source of confusion. Use 'using' instead of 'via'.
packages/ti_anomali/docs/README.md 45 Elastic.DontUse Don't use 'Please'.
packages/ti_anomali/docs/README.md 118 Elastic.DontUse Don't use 'Very'.
packages/ti_anomali/docs/README.md 168 Elastic.DontUse Don't use 'very'.
packages/ti_anomali/docs/README.md 217 Elastic.DontUse Don't use 'very'.
💡 Suggestions (4)
File Line Rule Message
packages/ti_anomali/_dev/build/docs/README.md 95 Elastic.WordChoice Consider using 'can, might' instead of 'may', unless the term is in the UI.
packages/ti_anomali/_dev/build/docs/README.md 95 Elastic.WordChoice Consider using 'can, might' instead of 'may', unless the term is in the UI.
packages/ti_anomali/docs/README.md 95 Elastic.WordChoice Consider using 'can, might' instead of 'may', unless the term is in the UI.
packages/ti_anomali/docs/README.md 95 Elastic.WordChoice Consider using 'can, might' instead of 'may', unless the term is in the UI.

The Vale linter checks documentation changes against the Elastic Docs style guide.

To use Vale locally or report issues, refer to Elastic style guide for Vale.

@mohitjha-elastic
Copy link
Collaborator Author

mohitjha-elastic commented Feb 17, 2026

The dashboard screenshots will be updated in a subsequent PR under the separate dashboard improvement ticket that is currently in progress.

@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Feb 17, 2026

🚀 Benchmarks report

Package ti_anomali 👍(1) 💚(0) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
intelligence 6944.44 5524.86 -1419.58 (-20.44%) 💔

To see the full report comment with /test benchmark fullreport

@elasticmachine
Copy link

elasticmachine commented Feb 17, 2026

💚 Build Succeeded

cc @mohitjha-elastic

@andrewkroh andrewkroh added the dashboard Relates to a Kibana dashboard bug, enhancement, or modification. label Feb 17, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@mohitjha-elastic mohitjha-elastic

Labels

Category: Integration quality Category: Quality used for SI planning dashboard Relates to a Kibana dashboard bug, enhancement, or modification. documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. enhancement New feature or request Integration:ti_anomali Anomali Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Team:Sit-Crest Crest developers on the Security Integrations team [elastic/sit-crest-contractors]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

ti_anomali: Normalise event.severity handling ti_anomali: Rebrand and other UI improvements ti_anomali: Update documentation per new template

3 participants

@mohitjha-elastic @elasticmachine @andrewkroh