import requests
import yaml
def is_packaged_integration(integration_name: str) -> bool:
response = requests.get(f"[https://raw.githubusercontent.com/elastic/integrations/main/packages/{integration_name}/manifest.yml](https://raw.githubusercontent.com/elastic/integrations/main/packages/%7Bintegration_name%7D/manifest.yml)")
manifest = yaml.safe_load(response.content)
# has multiple integrations in the package
return len(manifest.get("policy_templates")) > 1
for index in indices:
if not index.startswith('logs-'):
continue
_, full_name, _ = index.lsplit('-', 1)
integration, _ = full_name.lsplit('.*-', 1)
if parsed in EXCLUSIONS:
continue
return integration
fields = get_unique_query_fields(rule)
if fields:
indices = rule.contents.data.index
if not any("logs-" in index for index in indices):
print(f"Skipping rule: '{rule.name}', that doesn't include integrations")
continueAdditional Context
_post_dict_transforma class objectAdditional Context