andrewkroh
diff --git a/‎fleet_integration/m365_defender.alert.httpjson/README.md‎
Lines changed: 8 additions & 8 deletions b/‎fleet_integration/m365_defender.alert.httpjson/README.md‎
Lines changed: 8 additions & 8 deletions
diff --git a/‎fleet_integration/m365_defender.alert.httpjson/module.tf.json‎
Lines changed: 8 additions & 7 deletions b/‎fleet_integration/m365_defender.alert.httpjson/module.tf.json‎
Lines changed: 8 additions & 7 deletions
diff --git a/‎fleet_integration/m365_defender.event.azure-eventhub/README.md‎
Lines changed: 2 additions & 2 deletions b/‎fleet_integration/m365_defender.event.azure-eventhub/README.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎fleet_integration/m365_defender.event.azure-eventhub/module.tf.json‎
Lines changed: 2 additions & 1 deletion b/‎fleet_integration/m365_defender.event.azure-eventhub/module.tf.json‎
Lines changed: 2 additions & 1 deletion
@@ -22,29 +22,29 @@ No resources.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_batch_size"></a> [batch\_size](#input\_batch\_size) | Batch size for the response of the Alert Security Graph API V2. The maximum supported batch size value is 2000. | `number` | `2000` | no |
-| <a name="input_client_id"></a> [client\_id](#input\_client\_id) | The client ID related to creating a new application on Azure. | `string` | n/a | yes |
-| <a name="input_client_secret"></a> [client\_secret](#input\_client\_secret) | The secret related to the client ID. | `string` | n/a | yes |
+| <a name="input_client_id"></a> [client\_id](#input\_client\_id) | Client ID for Azure AD application. | `string` | n/a | yes |
+| <a name="input_client_secret"></a> [client\_secret](#input\_client\_secret) | Client Secret for Azure AD application. | `string` | n/a | yes |
 | <a name="input_enable_request_tracer"></a> [enable\_request\_tracer](#input\_enable\_request\_tracer) | The request tracer logs requests and responses to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. Disabling the request tracer will delete any stored traces. Refer to [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-httpjson.html#_request_tracer_filename) for details. | `bool` | `false` | no |
 | <a name="input_fleet_agent_policy_id"></a> [fleet\_agent\_policy\_id](#input\_fleet\_agent\_policy\_id) | Agent policy ID to add the package policy to. | `string` | n/a | yes |
 | <a name="input_fleet_data_stream_namespace"></a> [fleet\_data\_stream\_namespace](#input\_fleet\_data\_stream\_namespace) | Namespace to use for the data stream. | `string` | `"default"` | no |
 | <a name="input_fleet_package_policy_description"></a> [fleet\_package\_policy\_description](#input\_fleet\_package\_policy\_description) | Description to use for the package policy. | `string` | `""` | no |
 | <a name="input_fleet_package_policy_force"></a> [fleet\_package\_policy\_force](#input\_fleet\_package\_policy\_force) | Force reinstallation of the package even if already installed. When true, bypasses "already installed" checks and triggers complete re-installation. This deletes and recreates Kibana assets (dashboards, visualizations), removes transforms and their destination indices, and overwrites ingest pipelines and templates. | `bool` | `true` | no |
 | <a name="input_fleet_package_policy_name_suffix"></a> [fleet\_package\_policy\_name\_suffix](#input\_fleet\_package\_policy\_name\_suffix) | Suffix to append to the end of the package policy name. | `string` | `""` | no |
-| <a name="input_fleet_package_version"></a> [fleet\_package\_version](#input\_fleet\_package\_version) | Version of the m365\_defender package to use. | `string` | `"5.7.0"` | no |
+| <a name="input_fleet_package_version"></a> [fleet\_package\_version](#input\_fleet\_package\_version) | Version of the m365\_defender package to use. | `string` | `"5.8.0"` | no |
 | <a name="input_http_client_timeout"></a> [http\_client\_timeout](#input\_http\_client\_timeout) | Duration before declaring that the HTTP client connection has timed out. Valid time units are ns, us, ms, s, m, h. | `string` | `"30s"` | no |
 | <a name="input_include_unknown_enum_members"></a> [include\_unknown\_enum\_members](#input\_include\_unknown\_enum\_members) | Return unknown members for properties of evolvable enum types. | `bool` | `null` | no |
 | <a name="input_initial_interval"></a> [initial\_interval](#input\_initial\_interval) | How far back to pull the alerts from Microsoft Defender XDR. Supported units for this parameter are h/m/s. | `string` | `"24h"` | no |
 | <a name="input_interval"></a> [interval](#input\_interval) | Duration between requests to the Microsoft Security Graph API V2. Supported units for this parameter are h/m/s. | `string` | `"5m"` | no |
-| <a name="input_login_url"></a> [login\_url](#input\_login\_url) | URL of Login Server 'tenant-id and token endpoint added automatically'. | `string` | `"https://login.microsoftonline.com"` | no |
-| <a name="input_oauth_endpoint_params_yaml"></a> [oauth\_endpoint\_params\_yaml](#input\_oauth\_endpoint\_params\_yaml) | Endpoint Params used for OAuth2 authentication as YAML. Refer to [documentation](https://www.elastic.co/docs/reference/beats/filebeat/filebeat-input-httpjson#_auth_oauth2_endpoint_params_2) for details. | `string` | `null` | no |
+| <a name="input_login_url"></a> [login\_url](#input\_login\_url) | The Base URL endpoint that will be used to generate the tokens during the oauth2 flow. If not provided, above `Tenant ID` will be used for oauth2 token generation. | `string` | `"https://login.microsoftonline.com"` | no |
+| <a name="input_oauth_endpoint_params_yaml"></a> [oauth\_endpoint\_params\_yaml](#input\_oauth\_endpoint\_params\_yaml) | Set of values that will be sent on each resource to the OAuth Server URL. Each param key can have multiple values and they are appended to the URL as query parameters. | `string` | `null` | no |
 | <a name="input_preserve_duplicate_custom_fields"></a> [preserve\_duplicate\_custom\_fields](#input\_preserve\_duplicate\_custom\_fields) | Preserve m365\_defender.alert fields that were copied to Elastic Common Schema (ECS) fields. | `bool` | `false` | no |
 | <a name="input_preserve_original_event"></a> [preserve\_original\_event](#input\_preserve\_original\_event) | Preserves a raw copy of the original event, added to the field `event.original`. | `bool` | `false` | no |
 | <a name="input_processors_yaml"></a> [processors\_yaml](#input\_processors\_yaml) | Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details. | `string` | `null` | no |
-| <a name="input_proxy_url"></a> [proxy\_url](#input\_proxy\_url) | URL to proxy connections in the form of http\[s\]://<user>:<password>@<server name/ip>:<port>. Please ensure your username and password are in URL encoded format. | `string` | `null` | no |
+| <a name="input_proxy_url"></a> [proxy\_url](#input\_proxy\_url) | URL to proxy connections in the form of http[s]://<user>:<password>@<server name/ip>:<port>. Please ensure your username and password are in URL encoded format. | `string` | `null` | no |
 | <a name="input_request_url"></a> [request\_url](#input\_request\_url) | URL of API endpoint. | `string` | `"https://graph.microsoft.com"` | no |
 | <a name="input_ssl_yaml"></a> [ssl\_yaml](#input\_ssl\_yaml) | SSL configuration options. Refer to [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html#ssl-common-config) for details. | `string` | `"#certificate_authorities:\n#  - |\n#    -----BEGIN CERTIFICATE-----\n#    MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n#    ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n#    MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n#    BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n#    fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n#    94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n#    /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n#    PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n#    CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n#    BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n#    8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n#    874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n#    3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n#    H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n#    8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n#    yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n#    sxSmbIUfc2SGJGCJD4I=\n#    -----END CERTIFICATE-----\n"` | no |
-| <a name="input_tags"></a> [tags](#input\_tags) | n/a | `list(string)` | <pre>[<br>  "forwarded",<br>  "m365_defender-alert"<br>]</pre> | no |
-| <a name="input_tenant_id"></a> [tenant\_id](#input\_tenant\_id) | The tenant ID related to creating a new application on Azure. | `string` | n/a | yes |
+| <a name="input_tags"></a> [tags](#input\_tags) | Tags for the data-stream. | `list(string)` | <pre>[<br>  "forwarded",<br>  "m365_defender-alert"<br>]</pre> | no |
+| <a name="input_tenant_id"></a> [tenant\_id](#input\_tenant\_id) | Tenant ID of the Azure. | `string` | n/a | yes |
 | <a name="input_token_endpoint"></a> [token\_endpoint](#input\_token\_endpoint) | Microsoft supports multiple Oauth2 URL endpoints, the default is oauth2/v2.0/token, but can also be oauth2/token | `string` | `"oauth2/v2.0/token"` | no |
 
 ## Outputs
 
@@ -9,12 +9,12 @@
     },
     "client_id": {
       "type": "string",
-      "description": "The client ID related to creating a new application on Azure.",
+      "description": "Client ID for Azure AD application.",
       "nullable": false
     },
     "client_secret": {
       "type": "string",
-      "description": "The secret related to the client ID.",
+      "description": "Client Secret for Azure AD application.",
       "sensitive": true,
       "nullable": false
     },
@@ -50,7 +50,7 @@
     "fleet_package_version": {
       "type": "string",
       "description": "Version of the m365_defender package to use.",
-      "default": "5.7.0"
+      "default": "5.8.0"
     },
     "http_client_timeout": {
       "type": "string",
@@ -77,13 +77,13 @@
     },
     "login_url": {
       "type": "string",
-      "description": "URL of Login Server 'tenant-id and token endpoint added automatically'.",
+      "description": "The Base URL endpoint that will be used to generate the tokens during the oauth2 flow. If not provided, above `Tenant ID` will be used for oauth2 token generation.",
       "default": "https://login.microsoftonline.com",
       "nullable": false
     },
     "oauth_endpoint_params_yaml": {
       "type": "string",
-      "description": "Endpoint Params used for OAuth2 authentication as YAML. Refer to [documentation](https://www.elastic.co/docs/reference/beats/filebeat/filebeat-input-httpjson#_auth_oauth2_endpoint_params_2) for details.",
+      "description": "Set of values that will be sent on each resource to the OAuth Server URL. Each param key can have multiple values and they are appended to the URL as query parameters.",
       "default": null
     },
     "preserve_duplicate_custom_fields": {
@@ -105,7 +105,7 @@
     },
     "proxy_url": {
       "type": "string",
-      "description": "URL to proxy connections in the form of http\\[s\\]://<user>:<password>@<server name/ip>:<port>. Please ensure your username and password are in URL encoded format.",
+      "description": "URL to proxy connections in the form of http[s]://<user>:<password>@<server name/ip>:<port>. Please ensure your username and password are in URL encoded format.",
       "default": null
     },
     "request_url": {
@@ -121,6 +121,7 @@
     },
     "tags": {
       "type": "list(string)",
+      "description": "Tags for the data-stream.",
       "default": [
         "forwarded",
         "m365_defender-alert"
@@ -129,7 +130,7 @@
     },
     "tenant_id": {
       "type": "string",
-      "description": "The tenant ID related to creating a new application on Azure.",
+      "description": "Tenant ID of the Azure.",
       "nullable": false
     },
     "token_endpoint": {
 
@@ -29,15 +29,15 @@ No resources.
 | <a name="input_fleet_package_policy_description"></a> [fleet\_package\_policy\_description](#input\_fleet\_package\_policy\_description) | Description to use for the package policy. | `string` | `""` | no |
 | <a name="input_fleet_package_policy_force"></a> [fleet\_package\_policy\_force](#input\_fleet\_package\_policy\_force) | Force reinstallation of the package even if already installed. When true, bypasses "already installed" checks and triggers complete re-installation. This deletes and recreates Kibana assets (dashboards, visualizations), removes transforms and their destination indices, and overwrites ingest pipelines and templates. | `bool` | `true` | no |
 | <a name="input_fleet_package_policy_name_suffix"></a> [fleet\_package\_policy\_name\_suffix](#input\_fleet\_package\_policy\_name\_suffix) | Suffix to append to the end of the package policy name. | `string` | `""` | no |
-| <a name="input_fleet_package_version"></a> [fleet\_package\_version](#input\_fleet\_package\_version) | Version of the m365\_defender package to use. | `string` | `"5.7.0"` | no |
+| <a name="input_fleet_package_version"></a> [fleet\_package\_version](#input\_fleet\_package\_version) | Version of the m365\_defender package to use. | `string` | `"5.8.0"` | no |
 | <a name="input_preserve_duplicate_custom_fields"></a> [preserve\_duplicate\_custom\_fields](#input\_preserve\_duplicate\_custom\_fields) | Preserve m365\_defender.event fields that were copied to Elastic Common Schema (ECS) fields. | `bool` | `false` | no |
 | <a name="input_preserve_original_event"></a> [preserve\_original\_event](#input\_preserve\_original\_event) | Preserves a raw copy of the original event, added to the field `event.original`. | `bool` | `false` | no |
 | <a name="input_processors_yaml"></a> [processors\_yaml](#input\_processors\_yaml) | Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details. | `string` | `null` | no |
 | <a name="input_resource_manager_endpoint"></a> [resource\_manager\_endpoint](#input\_resource\_manager\_endpoint) | By default we are using the azure public environment, to override, users can provide a specific resource manager endpoint in order to use a different azure environment. | `string` | `null` | no |
 | <a name="input_storage_account"></a> [storage\_account](#input\_storage\_account) | The name of the storage account where the consumer group's state/offsets will be stored and updated. | `string` | n/a | yes |
 | <a name="input_storage_account_container"></a> [storage\_account\_container](#input\_storage\_account\_container) | The storage account container where the integration stores the checkpoint data for the consumer group. It is an advanced option to use with extreme care. You MUST use a dedicated storage account container for each Azure log type. DO NOT REUSE the same container name for more than one Azure log type. See [Container Names](https://docs.microsoft.com/en-us/rest/api/storageservices/naming-and-referencing-containers--blobs--and-metadata#container-names) for details on naming rules from Microsoft. The integration generates a default container name if not specified. | `string` | `null` | no |
 | <a name="input_storage_account_key"></a> [storage\_account\_key](#input\_storage\_account\_key) | The storage account key, this key will be used to authorize access to data in your storage account. | `string` | n/a | yes |
-| <a name="input_tags"></a> [tags](#input\_tags) | n/a | `list(string)` | <pre>[<br>  "forwarded",<br>  "m365_defender-event"<br>]</pre> | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | Tags for the data-stream. | `list(string)` | <pre>[<br>  "forwarded",<br>  "m365_defender-event"<br>]</pre> | no |
 
 ## Outputs
 
 
@@ -45,7 +45,7 @@
     "fleet_package_version": {
       "type": "string",
       "description": "Version of the m365_defender package to use.",
-      "default": "5.7.0"
+      "default": "5.8.0"
     },
     "preserve_duplicate_custom_fields": {
       "type": "bool",
@@ -87,6 +87,7 @@
     },
     "tags": {
       "type": "list(string)",
+      "description": "Tags for the data-stream.",
       "default": [
         "forwarded",
         "m365_defender-event"