elastic · amirbenun · Sep 10, 2025 · Sep 9, 2025 · Sep 9, 2025 · Sep 9, 2025
@@ -1,6 +1,7 @@
 # newer versions go on top
 # version map:
 # IMPORTANT: this map doesn't apply to serverless where package availability depends on the spec version https://github.com/elastic/kibana/blob/main/config/serverless.yml#L14-L15
+# 3.1.x - 9.2.x
 # 3.0.x - 9.1.x
 # 2.0.x - 8.19.x
 # 1.13.x - 8.18.x, 9.0.x
@@ -15,6 +16,11 @@
 # 1.4.x - 8.9.x
 # 1.3.x - 8.8.x
 # 1.2.x - 8.7.x
+- version: "3.1.0-preview01"
+  changes:
+    - description: Add Cloud Connectors variables for Azure CSPM input
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/15255
 - version: "3.0.1"
   changes:
     - description: Save GCP Project ID as string

@@ -323,6 +323,13 @@ streams:
         - name: azure.credentials.client_certificate_path
         - name: azure.credentials.tenant_id
         - name: azure.credentials.client_certificate_password
+      single_account_cloud_connectors:
+        - name: azure.account_type
+          value: single-account
+        - name: azure.credentials.type
+          value: cloud_connectors
+        - name: azure.credentials.client_id
+        - name: azure.credentials.tenant_id
       single_account_arm_template:
         - name: azure.account_type
           value: single-account

@@ -1,7 +1,7 @@
 format_version: 3.3.2
 name: cloud_security_posture
 title: "Security Posture Management"
-version: "3.0.1"
+version: "3.1.0-preview01"
 source:
   license: "Elastic-2.0"
 description: "Identify & remediate configuration risks in your Cloud infrastructure"
@@ -11,7 +11,7 @@ categories:
   - cloudsecurity_cdr
 conditions:
   kibana:
-    version: "^9.1.0"
+    version: "^9.2.0"
   elastic:
     subscription: basic
     capabilities:
@@ -169,6 +169,15 @@ policy_templates:
             description: A URL to the ARM Template for creating a new deployment
             # ACCOUNT_TYPE value should be either "single-account" or "organization-account"
             default: https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2Felastic%2Fcloudbeat%2F8.19%2Fdeploy%2Fazure%2FARM-for-ACCOUNT_TYPE.json
+          - name: arm_template_cloud_connectors_url
+            type: text
+            title: ARM Cloud Connectors Template URL
+            multi: false
+            required: true
+            show_user: false
+            description: A URL to the ARM Template for creating a Cloud Connectors managed identity
+            # ACCOUNT_TYPE value should be either "single-account" or "organization-account"
+            default: https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2Felastic%2Fcloudbeat%2Fmain%2Fdeploy%2Fazure%2FARM-for-cloud-connectors-ACCOUNT_TYPE.json
   - name: vuln_mgmt
     title: Cloud Native Vulnerability Management (CNVM)
     description: Scan for cloud workload vulnerabilities