diff --git a/packages/atlassian_bitbucket/changelog.yml b/packages/atlassian_bitbucket/changelog.yml
index 37734a6e2e8..b011f8b34c6 100644
--- a/packages/atlassian_bitbucket/changelog.yml
+++ b/packages/atlassian_bitbucket/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.6.0"
+  changes:
+    - description: Prevent updating fleet health status to degraded.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/15584
 - version: "2.5.0"
   changes:
     - description: Improve error reporting.
diff --git a/packages/atlassian_bitbucket/data_stream/audit/agent/stream/httpjson.yml.hbs b/packages/atlassian_bitbucket/data_stream/audit/agent/stream/httpjson.yml.hbs
index 609d92d3935..b3c7444ba4a 100644
--- a/packages/atlassian_bitbucket/data_stream/audit/agent/stream/httpjson.yml.hbs
+++ b/packages/atlassian_bitbucket/data_stream/audit/agent/stream/httpjson.yml.hbs
@@ -52,8 +52,9 @@ response.split:
 response.pagination:
   - set:
       target: url.value
-      value: '[[ .last_response.body.pagingInfo.nextPageLink ]]'
+      value: '[[ if index .last_response.body.pagingInfo "nextPageLink" ]][[ .last_response.body.pagingInfo.nextPageLink ]][[ end ]]'
       fail_on_template_error: true
+      do_not_log_failure: true
 
 cursor:
   last_timestamp:
diff --git a/packages/atlassian_bitbucket/data_stream/audit/sample_event.json b/packages/atlassian_bitbucket/data_stream/audit/sample_event.json
index f3c8a16cbb2..74378391ea2 100644
--- a/packages/atlassian_bitbucket/data_stream/audit/sample_event.json
+++ b/packages/atlassian_bitbucket/data_stream/audit/sample_event.json
@@ -1,11 +1,11 @@
 {
-    "@timestamp": "2021-11-27T18:10:57.316Z",
+    "@timestamp": "2021-11-27T18:13:19.888Z",
     "agent": {
-        "ephemeral_id": "c1c6859f-88f5-4ae8-ad40-5c0c9fe933d1",
-        "id": "82d0dfd8-3946-4ac0-a092-a9146a71e3f7",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "949c3cd9-59d0-4214-bd94-b4388d99ca39",
+        "id": "111e6217-e5c2-49d6-88df-a1a2f716685b",
+        "name": "elastic-agent-45713",
         "type": "filebeat",
-        "version": "8.0.0-beta1"
+        "version": "8.19.4"
     },
     "bitbucket": {
         "audit": {
@@ -25,43 +25,71 @@
             ],
             "method": "Browser",
             "type": {
-                "action": "Project created",
-                "actionI18nKey": "bitbucket.service.project.audit.action.projectcreated",
+                "action": "Project deletion requested",
+                "actionI18nKey": "bitbucket.service.project.audit.action.projectdeletionrequested",
+                "area": "LOCAL_CONFIG_AND_ADMINISTRATION",
                 "category": "Projects",
-                "categoryI18nKey": "bitbucket.service.audit.category.projects"
+                "categoryI18nKey": "bitbucket.service.audit.category.projects",
+                "level": "BASE"
             }
         }
     },
     "data_stream": {
         "dataset": "atlassian_bitbucket.audit",
-        "namespace": "ep",
+        "namespace": "68281",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "82d0dfd8-3946-4ac0-a092-a9146a71e3f7",
+        "id": "111e6217-e5c2-49d6-88df-a1a2f716685b",
         "snapshot": false,
-        "version": "8.0.0-beta1"
+        "version": "8.19.4"
     },
     "event": {
-        "action": "bitbucket.service.project.audit.action.projectcreated",
+        "action": "bitbucket.service.project.audit.action.projectdeletionrequested",
         "agent_id_status": "verified",
         "category": [
             "configuration"
         ],
-        "created": "2021-12-24T00:39:23.076Z",
         "dataset": "atlassian_bitbucket.audit",
-        "ingested": "2021-12-24T00:39:24Z",
+        "ingested": "2025-10-05T12:01:16Z",
         "kind": "event",
-        "original": "{\"affectedObjects\":[{\"id\":\"3\",\"name\":\"AT\",\"type\":\"PROJECT\"}],\"author\":{\"avatarUri\":\"\",\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\",\"uri\":\"http://bitbucket.internal:7990/users/admin\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"AT\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":\"2021-11-27T18:10:57.316Z\",\"type\":{\"action\":\"Project created\",\"actionI18nKey\":\"bitbucket.service.project.audit.action.projectcreated\",\"category\":\"Projects\",\"categoryI18nKey\":\"bitbucket.service.audit.category.projects\"}}",
+        "original": "{\"affectedObjects\":[{\"id\":\"3\",\"name\":\"AT\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project deletion requested\",\"actionI18nKey\":\"bitbucket.service.project.audit.action.projectdeletionrequested\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Projects\",\"categoryI18nKey\":\"bitbucket.service.audit.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"AT\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036799,\"nano\":888000000},\"version\":\"1.0\"}",
         "type": [
-            "creation"
+            "deletion"
         ]
     },
+    "host": {
+        "architecture": "x86_64",
+        "containerized": false,
+        "hostname": "elastic-agent-45713",
+        "ip": [
+            "192.168.244.2",
+            "192.168.240.8"
+        ],
+        "mac": [
+            "82-A2-D4-5B-A7-85",
+            "9E-8C-8A-A2-0F-DB"
+        ],
+        "name": "elastic-agent-45713",
+        "os": {
+            "kernel": "5.15.0-156-generic",
+            "name": "Wolfi",
+            "platform": "wolfi",
+            "type": "linux",
+            "version": "20230201"
+        }
+    },
     "input": {
-        "type": "httpjson"
+        "type": "log"
+    },
+    "log": {
+        "file": {
+            "path": "/tmp/service_logs/test-audit.log"
+        },
+        "offset": 0
     },
     "related": {
         "hosts": [
@@ -83,11 +111,10 @@
     },
     "tags": [
         "preserve_original_event",
-        "forwarded",
         "bitbucket-audit"
     ],
     "user": {
         "id": "2",
         "name": "admin"
     }
-}
\ No newline at end of file
+}
diff --git a/packages/atlassian_bitbucket/docs/README.md b/packages/atlassian_bitbucket/docs/README.md
index c198b5e23f1..3aa7a84ff22 100644
--- a/packages/atlassian_bitbucket/docs/README.md
+++ b/packages/atlassian_bitbucket/docs/README.md
@@ -42,13 +42,13 @@ An example event for `audit` looks as following:
 
 ```json
 {
-    "@timestamp": "2021-11-27T18:10:57.316Z",
+    "@timestamp": "2021-11-27T18:13:19.888Z",
     "agent": {
-        "ephemeral_id": "c1c6859f-88f5-4ae8-ad40-5c0c9fe933d1",
-        "id": "82d0dfd8-3946-4ac0-a092-a9146a71e3f7",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "949c3cd9-59d0-4214-bd94-b4388d99ca39",
+        "id": "111e6217-e5c2-49d6-88df-a1a2f716685b",
+        "name": "elastic-agent-45713",
         "type": "filebeat",
-        "version": "8.0.0-beta1"
+        "version": "8.19.4"
     },
     "bitbucket": {
         "audit": {
@@ -68,43 +68,71 @@ An example event for `audit` looks as following:
             ],
             "method": "Browser",
             "type": {
-                "action": "Project created",
-                "actionI18nKey": "bitbucket.service.project.audit.action.projectcreated",
+                "action": "Project deletion requested",
+                "actionI18nKey": "bitbucket.service.project.audit.action.projectdeletionrequested",
+                "area": "LOCAL_CONFIG_AND_ADMINISTRATION",
                 "category": "Projects",
-                "categoryI18nKey": "bitbucket.service.audit.category.projects"
+                "categoryI18nKey": "bitbucket.service.audit.category.projects",
+                "level": "BASE"
             }
         }
     },
     "data_stream": {
         "dataset": "atlassian_bitbucket.audit",
-        "namespace": "ep",
+        "namespace": "68281",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "82d0dfd8-3946-4ac0-a092-a9146a71e3f7",
+        "id": "111e6217-e5c2-49d6-88df-a1a2f716685b",
         "snapshot": false,
-        "version": "8.0.0-beta1"
+        "version": "8.19.4"
     },
     "event": {
-        "action": "bitbucket.service.project.audit.action.projectcreated",
+        "action": "bitbucket.service.project.audit.action.projectdeletionrequested",
         "agent_id_status": "verified",
         "category": [
             "configuration"
         ],
-        "created": "2021-12-24T00:39:23.076Z",
         "dataset": "atlassian_bitbucket.audit",
-        "ingested": "2021-12-24T00:39:24Z",
+        "ingested": "2025-10-05T12:01:16Z",
         "kind": "event",
-        "original": "{\"affectedObjects\":[{\"id\":\"3\",\"name\":\"AT\",\"type\":\"PROJECT\"}],\"author\":{\"avatarUri\":\"\",\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\",\"uri\":\"http://bitbucket.internal:7990/users/admin\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"AT\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":\"2021-11-27T18:10:57.316Z\",\"type\":{\"action\":\"Project created\",\"actionI18nKey\":\"bitbucket.service.project.audit.action.projectcreated\",\"category\":\"Projects\",\"categoryI18nKey\":\"bitbucket.service.audit.category.projects\"}}",
+        "original": "{\"affectedObjects\":[{\"id\":\"3\",\"name\":\"AT\",\"type\":\"PROJECT\"}],\"auditType\":{\"action\":\"Project deletion requested\",\"actionI18nKey\":\"bitbucket.service.project.audit.action.projectdeletionrequested\",\"area\":\"LOCAL_CONFIG_AND_ADMINISTRATION\",\"category\":\"Projects\",\"categoryI18nKey\":\"bitbucket.service.audit.category.projects\",\"level\":\"BASE\"},\"author\":{\"id\":\"2\",\"name\":\"admin\",\"type\":\"NORMAL\"},\"changedValues\":[],\"extraAttributes\":[{\"name\":\"target\",\"nameI18nKey\":\"bitbucket.audit.attribute.legacy.target\",\"value\":\"AT\"}],\"method\":\"Browser\",\"node\":\"8767044c-1b98-4d64-82db-ef29af8c3792\",\"source\":\"10.100.100.2\",\"system\":\"http://bitbucket.internal:7990\",\"timestamp\":{\"epochSecond\":1638036799,\"nano\":888000000},\"version\":\"1.0\"}",
         "type": [
-            "creation"
+            "deletion"
         ]
     },
+    "host": {
+        "architecture": "x86_64",
+        "containerized": false,
+        "hostname": "elastic-agent-45713",
+        "ip": [
+            "192.168.244.2",
+            "192.168.240.8"
+        ],
+        "mac": [
+            "82-A2-D4-5B-A7-85",
+            "9E-8C-8A-A2-0F-DB"
+        ],
+        "name": "elastic-agent-45713",
+        "os": {
+            "kernel": "5.15.0-156-generic",
+            "name": "Wolfi",
+            "platform": "wolfi",
+            "type": "linux",
+            "version": "20230201"
+        }
+    },
     "input": {
-        "type": "httpjson"
+        "type": "log"
+    },
+    "log": {
+        "file": {
+            "path": "/tmp/service_logs/test-audit.log"
+        },
+        "offset": 0
     },
     "related": {
         "hosts": [
@@ -126,7 +154,6 @@ An example event for `audit` looks as following:
     },
     "tags": [
         "preserve_original_event",
-        "forwarded",
         "bitbucket-audit"
     ],
     "user": {
diff --git a/packages/atlassian_bitbucket/manifest.yml b/packages/atlassian_bitbucket/manifest.yml
index 37d41c4d861..d80cb3e221b 100644
--- a/packages/atlassian_bitbucket/manifest.yml
+++ b/packages/atlassian_bitbucket/manifest.yml
@@ -1,7 +1,7 @@
 format_version: "3.0.2"
 name: atlassian_bitbucket
 title: Atlassian Bitbucket
-version: "2.5.0"
+version: "2.6.0"
 description: Collect logs from Atlassian Bitbucket with Elastic Agent.
 type: integration
 categories:
@@ -9,7 +9,7 @@ categories:
   - productivity_security
 conditions:
   kibana:
-    version: "^8.13.0 || ^9.0.0"
+    version: "^8.19.4 || ~9.0.7 || ^9.1.4"
 icons:
   - src: /img/bitbucket-logo.svg
     title: Bitbucket Logo
diff --git a/packages/forgerock/_dev/deploy/docker/files/config.yml b/packages/forgerock/_dev/deploy/docker/files/config.yml
index 75c03c1725a..ef1dbf249c6 100644
--- a/packages/forgerock/_dev/deploy/docker/files/config.yml
+++ b/packages/forgerock/_dev/deploy/docker/files/config.yml
@@ -8,6 +8,9 @@ rules:
       _pagedResultsCookie: null
     responses:
       - status_code: 200
+        headers:
+          X-Rate-Limit-Remaining:
+            - 59
         body: |-
           {{ minify_json `
           {
@@ -118,6 +121,9 @@ rules:
       _pagedResultsCookie: "myCookie"
     responses:
       - status_code: 200
+        headers:
+          X-Rate-Limit-Remaining:
+            - 58
         body: |-
           {{ minify_json `
           {
@@ -192,6 +198,9 @@ rules:
       _pagedResultsCookie: null
     responses:
       - status_code: 200
+        headers:
+          X-Rate-Limit-Remaining:
+            - 59
         body: |-
           {{ minify_json `
           {
@@ -257,6 +266,9 @@ rules:
       _pagedResultsCookie: "myCookie"
     responses:
       - status_code: 200
+        headers:
+          X-Rate-Limit-Remaining:
+            - 58
         body: |-
           {{ minify_json `
           {
@@ -300,6 +312,9 @@ rules:
       _pagedResultsCookie: null
     responses:
       - status_code: 200
+        headers:
+          X-Rate-Limit-Remaining:
+            - 59
         body: |-
           {{ minify_json `
           {
@@ -389,6 +404,9 @@ rules:
       _pagedResultsCookie: "myCookie"
     responses:
       - status_code: 200
+        headers:
+          X-Rate-Limit-Remaining:
+            - 58
         body: |-
           {{ minify_json `
           {
@@ -444,6 +462,9 @@ rules:
       _pagedResultsCookie: null
     responses:
       - status_code: 200
+        headers:
+          X-Rate-Limit-Remaining:
+            - 59
         body: |-
           {{ minify_json `
           {
@@ -510,6 +531,9 @@ rules:
       _pagedResultsCookie: "myCookie"
     responses:
       - status_code: 200
+        headers:
+          X-Rate-Limit-Remaining:
+            - 58
         body: |-
           {{ minify_json `
           {
@@ -555,6 +579,9 @@ rules:
       _pagedResultsCookie: null
     responses:
       - status_code: 200
+        headers:
+          X-Rate-Limit-Remaining:
+            - 59
         body: |-
           {{ minify_json `
           {
@@ -604,6 +631,9 @@ rules:
       _pagedResultsCookie: "myCookie"
     responses:
       - status_code: 200
+        headers:
+          X-Rate-Limit-Remaining:
+            - 58
         body: |-
           {{ minify_json `
           {
@@ -642,6 +672,9 @@ rules:
       _pagedResultsCookie: null
     responses:
       - status_code: 200
+        headers:
+          X-Rate-Limit-Remaining:
+            - 59
         body: |-
           {{ minify_json `
           {
@@ -759,6 +792,9 @@ rules:
       _pagedResultsCookie: "myCookie"
     responses:
       - status_code: 200
+        headers:
+          X-Rate-Limit-Remaining:
+            - 58
         body: |-
           {{ minify_json `
           {
@@ -828,6 +864,9 @@ rules:
       _pagedResultsCookie: null
     responses:
       - status_code: 200
+        headers:
+          X-Rate-Limit-Remaining:
+            - 59
         body: |-
           {{ minify_json `
           {
@@ -895,6 +934,9 @@ rules:
       _pagedResultsCookie: "myCookie"
     responses:
       - status_code: 200
+        headers:
+          X-Rate-Limit-Remaining:
+            - 58
         body: |-
           {{ minify_json `
           {
@@ -939,6 +981,9 @@ rules:
       _pagedResultsCookie: null
     responses:
       - status_code: 200
+        headers:
+          X-Rate-Limit-Remaining:
+            - 59
         body: |-
           {{ minify_json `
           {
@@ -992,6 +1037,9 @@ rules:
       _pagedResultsCookie: "myCookie"
     responses:
       - status_code: 200
+        headers:
+          X-Rate-Limit-Remaining:
+            - 58
         body: |-
           {{ minify_json `
           {
@@ -1045,6 +1093,9 @@ rules:
       _pagedResultsCookie: null
     responses:
       - status_code: 200
+        headers:
+          X-Rate-Limit-Remaining:
+            - 59
         body: |-
           {{ minify_json `
           {
@@ -1110,6 +1161,9 @@ rules:
       _pagedResultsCookie: "myCookie"
     responses:
       - status_code: 200
+        headers:
+          X-Rate-Limit-Remaining:
+            - 58
         body: |-
           {{ minify_json `
           {
@@ -1153,6 +1207,9 @@ rules:
       _pagedResultsCookie: null
     responses:
       - status_code: 200
+        headers:
+          X-Rate-Limit-Remaining:
+            - 59
         body: |-
           {{ minify_json `
           {
@@ -1186,6 +1243,9 @@ rules:
       _pagedResultsCookie: "myCookie"
     responses:
       - status_code: 200
+        headers:
+          X-Rate-Limit-Remaining:
+            - 58
         body: |-
           {{ minify_json `
           {
@@ -1213,6 +1273,9 @@ rules:
       _pagedResultsCookie: null
     responses:
       - status_code: 200
+        headers:
+          X-Rate-Limit-Remaining:
+            - 59
         body: |-
           {{ minify_json `
           {
@@ -1282,6 +1345,9 @@ rules:
       _pagedResultsCookie: "myCookie"
     responses:
       - status_code: 200
+        headers:
+          X-Rate-Limit-Remaining:
+            - 58
         body: |-
           {{ minify_json `
           {
diff --git a/packages/forgerock/changelog.yml b/packages/forgerock/changelog.yml
index 4a8282d8446..a2440ec522e 100644
--- a/packages/forgerock/changelog.yml
+++ b/packages/forgerock/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.22.0"
+  changes:
+    - description: Prevent updating fleet health status to degraded.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/15584
 - version: "1.21.2"
   changes:
     - description: Add `forgerock.*` filter to dashboard panels.
diff --git a/packages/forgerock/data_stream/am_access/agent/stream/httpjson.yml.hbs b/packages/forgerock/data_stream/am_access/agent/stream/httpjson.yml.hbs
index 17306361698..8f951dac9a8 100644
--- a/packages/forgerock/data_stream/am_access/agent/stream/httpjson.yml.hbs
+++ b/packages/forgerock/data_stream/am_access/agent/stream/httpjson.yml.hbs
@@ -13,9 +13,9 @@ request.method: "GET"
 request.url: {{tenant_url}}/monitoring/logs
 
 request.rate_limit:
-  limit: '[[.last_response.headers.Get "X-Rate-Limit-Limit"]]'
-  remaining: '[[.last_response.headers.Get "X-Rate-Limit-Remaining"]]'
-  reset: '[[.last_response.headers.Get "X-Rate-Limit-Reset"]]'
+  limit: '[[.last_response.header.Get "X-Rate-Limit-Limit"]]'
+  remaining: '[[.last_response.header.Get "X-Rate-Limit-Remaining"]]'
+  reset: '[[.last_response.header.Get "X-Rate-Limit-Reset"]]'
 
 {{#if http_client_timeout}}
 request.timeout: {{http_client_timeout}}
@@ -80,8 +80,9 @@ response.pagination:
       value: '[[.last_response.url.params.Get "beginTime"]]'
   - set:
       target: url.params._pagedResultsCookie
-      value: '[[.last_response.body.pagedResultsCookie]]'
+      value: '[[if index .last_response.body "pagedResultsCookie"]][[.last_response.body.pagedResultsCookie]][[end]]'
       fail_on_template_error: true
+      do_not_log_failure: true
 
 cursor:
   last_timestamp:
diff --git a/packages/forgerock/data_stream/am_access/sample_event.json b/packages/forgerock/data_stream/am_access/sample_event.json
index 50e1fa24b5f..1f38ab0ab70 100644
--- a/packages/forgerock/data_stream/am_access/sample_event.json
+++ b/packages/forgerock/data_stream/am_access/sample_event.json
@@ -1,46 +1,80 @@
 {
-    "@timestamp": "2022-11-06T18:16:43.813Z",
+    "@timestamp": "2022-10-05T20:55:43.188Z",
     "agent": {
-        "ephemeral_id": "82b02cc6-7222-4ccc-b7f4-4c1c55315484",
-        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "912582e9-ce0a-4e33-bd0d-b446b246d5cb",
+        "id": "e5f7134f-516b-4b77-a0e8-a558bda68feb",
+        "name": "elastic-agent-93058",
         "type": "filebeat",
-        "version": "8.13.0"
+        "version": "8.19.4"
+    },
+    "client": {
+        "ip": "1.128.0.0"
     },
     "data_stream": {
         "dataset": "forgerock.am_access",
-        "namespace": "51919",
+        "namespace": "96005",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
+        "id": "e5f7134f-516b-4b77-a0e8-a558bda68feb",
         "snapshot": false,
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "event": {
-        "action": "AM-SESSION-IDLE_TIMED_OUT",
+        "action": "AM-ACCESS-ATTEMPT",
         "agent_id_status": "verified",
-        "created": "2024-06-12T03:05:10.979Z",
+        "created": "2025-10-06T12:40:16.272Z",
         "dataset": "forgerock.am_access",
-        "id": "688b24d9-968e-4a20-b471-9bd78f1e46ec-79599",
-        "ingested": "2024-06-12T03:05:14Z",
+        "id": "45463f84-ff1b-499f-aa84-8d4bd93150de-437950",
+        "ingested": "2025-10-06T12:40:17Z",
         "type": [
             "access"
         ]
     },
     "forgerock": {
-        "eventName": "AM-SESSION-IDLE_TIMED_OUT",
+        "eventName": "AM-ACCESS-ATTEMPT",
+        "http": {
+            "request": {
+                "headers": {
+                    "accept": [
+                        "application/json, text/plain, */*"
+                    ],
+                    "accept-api-version": [
+                        "protocol=1.0,resource=1.1"
+                    ],
+                    "host": [
+                        "openam-chico-poc.forgeblocks.com"
+                    ],
+                    "user-agent": [
+                        "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36"
+                    ],
+                    "x-forwarded-for": [
+                        "50.159.194.107, 34.149.144.150, 10.168.0.13"
+                    ],
+                    "x-forwarded-proto": [
+                        "https"
+                    ]
+                },
+                "secure": true
+            }
+        },
         "level": "INFO",
-        "objectId": "688b24d9-968e-4a20-b471-9bd78f1e46ec-13901",
         "realm": "/",
+        "request": {
+            "operation": "READ",
+            "protocol": "CREST"
+        },
         "source": "audit",
-        "topic": "activity",
-        "trackingIds": [
-            "688b24d9-968e-4a20-b471-9bd78f1e46ec-13901"
-        ]
+        "topic": "access"
+    },
+    "http": {
+        "request": {
+            "Path": "https://openam-chico-poc.forgeblocks.com/am/json/serverinfo/*",
+            "method": "GET"
+        }
     },
     "input": {
         "type": "httpjson"
@@ -48,8 +82,11 @@
     "observer": {
         "vendor": "ForgeRock Identity Platform"
     },
+    "server": {
+        "ip": "10.68.17.12"
+    },
     "service": {
-        "name": "Session"
+        "name": "Server Info"
     },
     "tags": [
         "forwarded",
@@ -57,9 +94,6 @@
         "forgerock-am-access"
     ],
     "transaction": {
-        "id": "688b24d9-968e-4a20-b471-9bd78f1e46ec-1"
-    },
-    "user": {
-        "id": "id=d7cd65bf-743c-4753-a78f-a20daae7e3bf,ou=user,ou=am-config"
+        "id": "1665003343053-7492ffada57c074a1475-43264/0"
     }
-}
\ No newline at end of file
+}
diff --git a/packages/forgerock/data_stream/am_activity/agent/stream/httpjson.yml.hbs b/packages/forgerock/data_stream/am_activity/agent/stream/httpjson.yml.hbs
index ab95a6aeba9..4b7160c65f0 100644
--- a/packages/forgerock/data_stream/am_activity/agent/stream/httpjson.yml.hbs
+++ b/packages/forgerock/data_stream/am_activity/agent/stream/httpjson.yml.hbs
@@ -17,9 +17,9 @@ request.timeout: {{http_client_timeout}}
 {{/if}}
 
 request.rate_limit:
-  limit: '[[.last_response.headers.Get "X-Rate-Limit-Limit"]]'
-  remaining: '[[.last_response.headers.Get "X-Rate-Limit-Remaining"]]'
-  reset: '[[.last_response.headers.Get "X-Rate-Limit-Reset"]]'
+  limit: '[[.last_response.header.Get "X-Rate-Limit-Limit"]]'
+  remaining: '[[.last_response.header.Get "X-Rate-Limit-Remaining"]]'
+  reset: '[[.last_response.header.Get "X-Rate-Limit-Reset"]]'
 
 request.transforms:
   - set:
@@ -80,8 +80,9 @@ response.pagination:
       value: '[[.last_response.url.params.Get "beginTime"]]'
   - set:
       target: url.params._pagedResultsCookie
-      value: '[[.last_response.body.pagedResultsCookie]]'
+      value: '[[if index .last_response.body "pagedResultsCookie"]][[.last_response.body.pagedResultsCookie]][[end]]'
       fail_on_template_error: true
+      do_not_log_failure: true
 
 cursor:
   last_timestamp:
diff --git a/packages/forgerock/data_stream/am_activity/sample_event.json b/packages/forgerock/data_stream/am_activity/sample_event.json
index d7cc3dcf77c..711d3e84c0d 100644
--- a/packages/forgerock/data_stream/am_activity/sample_event.json
+++ b/packages/forgerock/data_stream/am_activity/sample_event.json
@@ -1,32 +1,32 @@
 {
     "@timestamp": "2022-10-05T20:55:59.966Z",
     "agent": {
-        "ephemeral_id": "9db3f780-4230-43f5-832f-203266705932",
-        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "300977b2-2103-4f5c-8398-cb7491c52ce3",
+        "id": "a77ca8ac-13ef-47c3-84e4-ec42fde7af3f",
+        "name": "elastic-agent-41379",
         "type": "filebeat",
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "data_stream": {
         "dataset": "forgerock.am_activity",
-        "namespace": "71478",
+        "namespace": "61561",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
+        "id": "a77ca8ac-13ef-47c3-84e4-ec42fde7af3f",
         "snapshot": false,
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "event": {
         "action": "AM-SESSION-CREATED",
         "agent_id_status": "verified",
-        "created": "2024-06-12T03:05:53.025Z",
+        "created": "2025-10-06T12:41:04.474Z",
         "dataset": "forgerock.am_activity",
         "id": "45463f84-ff1b-499f-aa84-8d4bd93150de-438366",
-        "ingested": "2024-06-12T03:05:57Z",
+        "ingested": "2025-10-06T12:41:07Z",
         "reason": "CREATE"
     },
     "forgerock": {
@@ -62,4 +62,4 @@
         },
         "id": "id=d7cd65bf-743c-4753-a78f-a20daae7e3bf,ou=user,ou=am-config"
     }
-}
\ No newline at end of file
+}
diff --git a/packages/forgerock/data_stream/am_authentication/agent/stream/httpjson.yml.hbs b/packages/forgerock/data_stream/am_authentication/agent/stream/httpjson.yml.hbs
index 10da2c2c9a7..526a28395ff 100644
--- a/packages/forgerock/data_stream/am_authentication/agent/stream/httpjson.yml.hbs
+++ b/packages/forgerock/data_stream/am_authentication/agent/stream/httpjson.yml.hbs
@@ -13,9 +13,9 @@ request.method: "GET"
 request.url: {{tenant_url}}/monitoring/logs
 
 request.rate_limit:
-  limit: '[[.last_response.headers.Get "X-Rate-Limit-Limit"]]'
-  remaining: '[[.last_response.headers.Get "X-Rate-Limit-Remaining"]]'
-  reset: '[[.last_response.headers.Get "X-Rate-Limit-Reset"]]'
+  limit: '[[.last_response.header.Get "X-Rate-Limit-Limit"]]'
+  remaining: '[[.last_response.header.Get "X-Rate-Limit-Remaining"]]'
+  reset: '[[.last_response.header.Get "X-Rate-Limit-Reset"]]'
 
 {{#if http_client_timeout}}
 request.timeout: {{http_client_timeout}}
@@ -80,8 +80,9 @@ response.pagination:
       value: '[[.last_response.url.params.Get "beginTime"]]'
   - set:
       target: url.params._pagedResultsCookie
-      value: '[[.last_response.body.pagedResultsCookie]]'
+      value: '[[if index .last_response.body "pagedResultsCookie"]][[.last_response.body.pagedResultsCookie]][[end]]'
       fail_on_template_error: true
+      do_not_log_failure: true
 
 cursor:
   last_timestamp:
diff --git a/packages/forgerock/data_stream/am_authentication/sample_event.json b/packages/forgerock/data_stream/am_authentication/sample_event.json
index 191ac31fe01..d41c3ef56a6 100644
--- a/packages/forgerock/data_stream/am_authentication/sample_event.json
+++ b/packages/forgerock/data_stream/am_authentication/sample_event.json
@@ -1,24 +1,24 @@
 {
     "@timestamp": "2022-10-05T18:21:48.253Z",
     "agent": {
-        "ephemeral_id": "2ffe10cc-935a-4457-869f-95b732cb0c8b",
-        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "ad09d001-2dbe-4840-af47-f2818fa57098",
+        "id": "1fbc06be-5d4e-4db9-99c9-f1320758f1d8",
+        "name": "elastic-agent-75467",
         "type": "filebeat",
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "data_stream": {
         "dataset": "forgerock.am_authentication",
-        "namespace": "88343",
+        "namespace": "58576",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
+        "id": "1fbc06be-5d4e-4db9-99c9-f1320758f1d8",
         "snapshot": false,
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "event": {
         "action": "AM-LOGIN-COMPLETED",
@@ -26,10 +26,10 @@
         "category": [
             "authentication"
         ],
-        "created": "2024-06-12T03:06:40.162Z",
+        "created": "2025-10-06T12:42:03.795Z",
         "dataset": "forgerock.am_authentication",
         "id": "45463f84-ff1b-499f-aa84-8d4bd93150de-256208",
-        "ingested": "2024-06-12T03:06:44Z",
+        "ingested": "2025-10-06T12:42:06Z",
         "outcome": "success"
     },
     "forgerock": {
@@ -76,4 +76,4 @@
     "user": {
         "id": "id=autoid-resource-server,ou=agent,ou=am-config"
     }
-}
\ No newline at end of file
+}
diff --git a/packages/forgerock/data_stream/am_config/agent/stream/httpjson.yml.hbs b/packages/forgerock/data_stream/am_config/agent/stream/httpjson.yml.hbs
index c0a3454eda3..e78a9c44256 100644
--- a/packages/forgerock/data_stream/am_config/agent/stream/httpjson.yml.hbs
+++ b/packages/forgerock/data_stream/am_config/agent/stream/httpjson.yml.hbs
@@ -13,9 +13,9 @@ request.method: "GET"
 request.url: {{tenant_url}}/monitoring/logs
 
 request.rate_limit:
-  limit: '[[.last_response.headers.Get "X-Rate-Limit-Limit"]]'
-  remaining: '[[.last_response.headers.Get "X-Rate-Limit-Remaining"]]'
-  reset: '[[.last_response.headers.Get "X-Rate-Limit-Reset"]]'
+  limit: '[[.last_response.header.Get "X-Rate-Limit-Limit"]]'
+  remaining: '[[.last_response.header.Get "X-Rate-Limit-Remaining"]]'
+  reset: '[[.last_response.header.Get "X-Rate-Limit-Reset"]]'
 
 {{#if http_client_timeout}}
 request.timeout: {{http_client_timeout}}
@@ -80,8 +80,9 @@ response.pagination:
       value: '[[.last_response.url.params.Get "beginTime"]]'
   - set:
       target: url.params._pagedResultsCookie
-      value: '[[.last_response.body.pagedResultsCookie]]'
+      value: '[[if index .last_response.body "pagedResultsCookie"]][[.last_response.body.pagedResultsCookie]][[end]]'
       fail_on_template_error: true
+      do_not_log_failure: true
 
 cursor:
   last_timestamp:
diff --git a/packages/forgerock/data_stream/am_config/sample_event.json b/packages/forgerock/data_stream/am_config/sample_event.json
index 123335c8868..6f4b3fdbf70 100644
--- a/packages/forgerock/data_stream/am_config/sample_event.json
+++ b/packages/forgerock/data_stream/am_config/sample_event.json
@@ -1,24 +1,24 @@
 {
     "@timestamp": "2022-09-20T14:40:10.664Z",
     "agent": {
-        "ephemeral_id": "4afe06fa-469e-40e2-babb-b30baf137536",
-        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "78438062-5e65-437e-8b89-308d70efdb88",
+        "id": "d36dcc8f-d86c-4c48-9832-fd9828a9dfe7",
+        "name": "elastic-agent-89631",
         "type": "filebeat",
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "data_stream": {
         "dataset": "forgerock.am_config",
-        "namespace": "65246",
+        "namespace": "15954",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
+        "id": "d36dcc8f-d86c-4c48-9832-fd9828a9dfe7",
         "snapshot": false,
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "event": {
         "action": "AM-CONFIG-CHANGE",
@@ -26,10 +26,10 @@
         "category": [
             "configuration"
         ],
-        "created": "2024-06-12T03:07:28.334Z",
+        "created": "2025-10-06T12:42:52.973Z",
         "dataset": "forgerock.am_config",
         "id": "4e8550cd-71d6-4a08-b5b0-bb63bcbbc960-20605",
-        "ingested": "2024-06-12T03:07:31Z"
+        "ingested": "2025-10-06T12:42:55Z"
     },
     "forgerock": {
         "level": "INFO",
@@ -62,4 +62,4 @@
         },
         "id": "id=d7cd65bf-743c-4753-a78f-a20daae7e3bf,ou=user,ou=am-config"
     }
-}
\ No newline at end of file
+}
diff --git a/packages/forgerock/data_stream/am_core/agent/stream/httpjson.yml.hbs b/packages/forgerock/data_stream/am_core/agent/stream/httpjson.yml.hbs
index 1b29f14c688..05fcddb6aed 100644
--- a/packages/forgerock/data_stream/am_core/agent/stream/httpjson.yml.hbs
+++ b/packages/forgerock/data_stream/am_core/agent/stream/httpjson.yml.hbs
@@ -13,9 +13,9 @@ request.method: "GET"
 request.url: {{tenant_url}}/monitoring/logs
 
 request.rate_limit:
-  limit: '[[.last_response.headers.Get "X-Rate-Limit-Limit"]]'
-  remaining: '[[.last_response.headers.Get "X-Rate-Limit-Remaining"]]'
-  reset: '[[.last_response.headers.Get "X-Rate-Limit-Reset"]]'
+  limit: '[[.last_response.header.Get "X-Rate-Limit-Limit"]]'
+  remaining: '[[.last_response.header.Get "X-Rate-Limit-Remaining"]]'
+  reset: '[[.last_response.header.Get "X-Rate-Limit-Reset"]]'
 
 {{#if http_client_timeout}}
 request.timeout: {{http_client_timeout}}
@@ -80,8 +80,9 @@ response.pagination:
       value: '[[.last_response.url.params.Get "beginTime"]]'
   - set:
       target: url.params._pagedResultsCookie
-      value: '[[.last_response.body.pagedResultsCookie]]'
+      value: '[[if index .last_response.body "pagedResultsCookie"]][[.last_response.body.pagedResultsCookie]][[end]]'
       fail_on_template_error: true
+      do_not_log_failure: true
 
 cursor:
   last_timestamp:
diff --git a/packages/forgerock/data_stream/am_core/sample_event.json b/packages/forgerock/data_stream/am_core/sample_event.json
index 509234d9575..c326a37cce8 100644
--- a/packages/forgerock/data_stream/am_core/sample_event.json
+++ b/packages/forgerock/data_stream/am_core/sample_event.json
@@ -1,30 +1,30 @@
 {
     "@timestamp": "2022-12-05T19:29:20.845Z",
     "agent": {
-        "ephemeral_id": "b802141d-9281-4caa-bb31-d5561f968ee5",
-        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "013fcb42-a6c3-47de-8afb-94a1f9014635",
+        "id": "7efa0d65-4e58-4fb3-a1ed-0d89d045c77a",
+        "name": "elastic-agent-19283",
         "type": "filebeat",
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "data_stream": {
         "dataset": "forgerock.am_core",
-        "namespace": "90018",
+        "namespace": "89252",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
+        "id": "7efa0d65-4e58-4fb3-a1ed-0d89d045c77a",
         "snapshot": false,
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "event": {
         "agent_id_status": "verified",
-        "created": "2024-06-12T03:08:15.631Z",
+        "created": "2025-10-06T12:43:43.162Z",
         "dataset": "forgerock.am_core",
-        "ingested": "2024-06-12T03:08:19Z",
+        "ingested": "2025-10-06T12:43:46Z",
         "reason": "Connection attempt failed: availableConnections=0, maxPoolSize=10"
     },
     "forgerock": {
@@ -48,4 +48,4 @@
         "forgerock-debug",
         "forgerock-am-core"
     ]
-}
\ No newline at end of file
+}
diff --git a/packages/forgerock/data_stream/idm_access/agent/stream/httpjson.yml.hbs b/packages/forgerock/data_stream/idm_access/agent/stream/httpjson.yml.hbs
index ec14932f116..f66eb84cb5a 100644
--- a/packages/forgerock/data_stream/idm_access/agent/stream/httpjson.yml.hbs
+++ b/packages/forgerock/data_stream/idm_access/agent/stream/httpjson.yml.hbs
@@ -13,9 +13,9 @@ request.method: "GET"
 request.url: {{tenant_url}}/monitoring/logs
 
 request.rate_limit:
-  limit: '[[.last_response.headers.Get "X-Rate-Limit-Limit"]]'
-  remaining: '[[.last_response.headers.Get "X-Rate-Limit-Remaining"]]'
-  reset: '[[.last_response.headers.Get "X-Rate-Limit-Reset"]]'
+  limit: '[[.last_response.header.Get "X-Rate-Limit-Limit"]]'
+  remaining: '[[.last_response.header.Get "X-Rate-Limit-Remaining"]]'
+  reset: '[[.last_response.header.Get "X-Rate-Limit-Reset"]]'
 
 {{#if http_client_timeout}}
 request.timeout: {{http_client_timeout}}
@@ -80,8 +80,9 @@ response.pagination:
       value: '[[.last_response.url.params.Get "beginTime"]]'
   - set:
       target: url.params._pagedResultsCookie
-      value: '[[.last_response.body.pagedResultsCookie]]'
+      value: '[[if index .last_response.body "pagedResultsCookie"]][[.last_response.body.pagedResultsCookie]][[end]]'
       fail_on_template_error: true
+      do_not_log_failure: true
 
 cursor:
   last_timestamp:
diff --git a/packages/forgerock/data_stream/idm_access/sample_event.json b/packages/forgerock/data_stream/idm_access/sample_event.json
index 96191ed55e2..3fd8dde1cfe 100644
--- a/packages/forgerock/data_stream/idm_access/sample_event.json
+++ b/packages/forgerock/data_stream/idm_access/sample_event.json
@@ -1,11 +1,11 @@
 {
     "@timestamp": "2022-11-01T15:04:50.110Z",
     "agent": {
-        "ephemeral_id": "1c6538cf-fe70-498c-8919-a60c26ffcfac",
-        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "4a50402b-fc44-4850-93ea-ef0cf4c922ba",
+        "id": "229bc928-46fc-40e6-9d5c-687a54978dfd",
+        "name": "elastic-agent-86850",
         "type": "filebeat",
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "client": {
         "ip": "216.160.83.56",
@@ -13,24 +13,24 @@
     },
     "data_stream": {
         "dataset": "forgerock.idm_access",
-        "namespace": "61539",
+        "namespace": "92556",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
+        "id": "229bc928-46fc-40e6-9d5c-687a54978dfd",
         "snapshot": false,
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "event": {
         "agent_id_status": "verified",
-        "created": "2024-06-12T03:09:02.660Z",
+        "created": "2025-10-06T12:44:33.069Z",
         "dataset": "forgerock.idm_access",
         "duration": 2000000,
         "id": "a9a32d9e-7029-45e6-b581-eafb5d502273-49025",
-        "ingested": "2024-06-12T03:09:14Z",
+        "ingested": "2025-10-06T12:44:36Z",
         "outcome": "success",
         "type": [
             "access"
@@ -93,4 +93,4 @@
     "user": {
         "id": "anonymous"
     }
-}
\ No newline at end of file
+}
diff --git a/packages/forgerock/data_stream/idm_activity/agent/stream/httpjson.yml.hbs b/packages/forgerock/data_stream/idm_activity/agent/stream/httpjson.yml.hbs
index 64be2050cdb..a2ada795ce4 100644
--- a/packages/forgerock/data_stream/idm_activity/agent/stream/httpjson.yml.hbs
+++ b/packages/forgerock/data_stream/idm_activity/agent/stream/httpjson.yml.hbs
@@ -13,9 +13,9 @@ request.method: "GET"
 request.url: {{tenant_url}}/monitoring/logs
 
 request.rate_limit:
-  limit: '[[.last_response.headers.Get "X-Rate-Limit-Limit"]]'
-  remaining: '[[.last_response.headers.Get "X-Rate-Limit-Remaining"]]'
-  reset: '[[.last_response.headers.Get "X-Rate-Limit-Reset"]]'
+  limit: '[[.last_response.header.Get "X-Rate-Limit-Limit"]]'
+  remaining: '[[.last_response.header.Get "X-Rate-Limit-Remaining"]]'
+  reset: '[[.last_response.header.Get "X-Rate-Limit-Reset"]]'
 
 {{#if http_client_timeout}}
 request.timeout: {{http_client_timeout}}
@@ -80,8 +80,9 @@ response.pagination:
       value: '[[.last_response.url.params.Get "beginTime"]]'
   - set:
       target: url.params._pagedResultsCookie
-      value: '[[.last_response.body.pagedResultsCookie]]'
+      value: '[[if index .last_response.body "pagedResultsCookie"]][[.last_response.body.pagedResultsCookie]][[end]]'
       fail_on_template_error: true
+      do_not_log_failure: true
 
 cursor:
   last_timestamp:
diff --git a/packages/forgerock/data_stream/idm_activity/sample_event.json b/packages/forgerock/data_stream/idm_activity/sample_event.json
index 2fa07a9a206..faa4d14abd2 100644
--- a/packages/forgerock/data_stream/idm_activity/sample_event.json
+++ b/packages/forgerock/data_stream/idm_activity/sample_event.json
@@ -1,31 +1,31 @@
 {
     "@timestamp": "2022-11-01T18:02:39.882Z",
     "agent": {
-        "ephemeral_id": "18f29cf6-4b37-4c4d-8d49-91bf8719e14c",
-        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "e5134748-2f93-46d7-832e-a0345a05dd7a",
+        "id": "8cdbc0fe-d88c-4a81-bc16-8f7dafdb3681",
+        "name": "elastic-agent-30475",
         "type": "filebeat",
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "data_stream": {
         "dataset": "forgerock.idm_activity",
-        "namespace": "89179",
+        "namespace": "97694",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
+        "id": "8cdbc0fe-d88c-4a81-bc16-8f7dafdb3681",
         "snapshot": false,
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "event": {
         "agent_id_status": "verified",
-        "created": "2024-06-12T03:09:56.979Z",
+        "created": "2025-10-06T12:45:23.278Z",
         "dataset": "forgerock.idm_activity",
         "id": "a9a32d9e-7029-45e6-b581-eafb5d502273-268906",
-        "ingested": "2024-06-12T03:10:08Z",
+        "ingested": "2025-10-06T12:45:26Z",
         "outcome": "success"
     },
     "forgerock": {
@@ -59,4 +59,4 @@
         },
         "id": "9120c7db-d7e6-4b51-b805-07bbee7a4bb9"
     }
-}
\ No newline at end of file
+}
diff --git a/packages/forgerock/data_stream/idm_authentication/agent/stream/httpjson.yml.hbs b/packages/forgerock/data_stream/idm_authentication/agent/stream/httpjson.yml.hbs
index 18877c5bc39..bd767017ac1 100644
--- a/packages/forgerock/data_stream/idm_authentication/agent/stream/httpjson.yml.hbs
+++ b/packages/forgerock/data_stream/idm_authentication/agent/stream/httpjson.yml.hbs
@@ -13,9 +13,9 @@ request.method: "GET"
 request.url: {{tenant_url}}/monitoring/logs
 
 request.rate_limit:
-  limit: '[[.last_response.headers.Get "X-Rate-Limit-Limit"]]'
-  remaining: '[[.last_response.headers.Get "X-Rate-Limit-Remaining"]]'
-  reset: '[[.last_response.headers.Get "X-Rate-Limit-Reset"]]'
+  limit: '[[.last_response.header.Get "X-Rate-Limit-Limit"]]'
+  remaining: '[[.last_response.header.Get "X-Rate-Limit-Remaining"]]'
+  reset: '[[.last_response.header.Get "X-Rate-Limit-Reset"]]'
 
 {{#if http_client_timeout}}
 request.timeout: {{http_client_timeout}}
@@ -80,8 +80,9 @@ response.pagination:
       value: '[[.last_response.url.params.Get "beginTime"]]'
   - set:
       target: url.params._pagedResultsCookie
-      value: '[[.last_response.body.pagedResultsCookie]]'
+      value: '[[if index .last_response.body "pagedResultsCookie"]][[.last_response.body.pagedResultsCookie]][[end]]'
       fail_on_template_error: true
+      do_not_log_failure: true
 
 cursor:
   last_timestamp:
diff --git a/packages/forgerock/data_stream/idm_authentication/sample_event.json b/packages/forgerock/data_stream/idm_authentication/sample_event.json
index 08bfce1a6d9..9a6c97fa86a 100644
--- a/packages/forgerock/data_stream/idm_authentication/sample_event.json
+++ b/packages/forgerock/data_stream/idm_authentication/sample_event.json
@@ -1,34 +1,34 @@
 {
     "@timestamp": "2022-10-05T18:21:48.253Z",
     "agent": {
-        "ephemeral_id": "a585941c-cf1b-4f9e-ab31-9f02ad2f3a8d",
-        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "43621d03-c360-4aaf-8c54-29f1b2c9c14e",
+        "id": "d45d8d44-75ed-4fc4-8cd7-7e9546178b5f",
+        "name": "elastic-agent-35658",
         "type": "filebeat",
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "data_stream": {
         "dataset": "forgerock.idm_authentication",
-        "namespace": "54220",
+        "namespace": "74191",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
+        "id": "d45d8d44-75ed-4fc4-8cd7-7e9546178b5f",
         "snapshot": false,
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "event": {
         "agent_id_status": "verified",
         "category": [
             "authentication"
         ],
-        "created": "2024-06-12T03:10:55.079Z",
+        "created": "2025-10-06T12:46:13.049Z",
         "dataset": "forgerock.idm_authentication",
         "id": "45463f84-ff1b-499f-aa84-8d4bd93150de-256208",
-        "ingested": "2024-06-12T03:11:07Z",
+        "ingested": "2025-10-06T12:46:16Z",
         "outcome": "success"
     },
     "forgerock": {
@@ -72,4 +72,4 @@
     "user": {
         "id": "id=user"
     }
-}
\ No newline at end of file
+}
diff --git a/packages/forgerock/data_stream/idm_config/agent/stream/httpjson.yml.hbs b/packages/forgerock/data_stream/idm_config/agent/stream/httpjson.yml.hbs
index 226c0bcc133..6217c5f6d11 100644
--- a/packages/forgerock/data_stream/idm_config/agent/stream/httpjson.yml.hbs
+++ b/packages/forgerock/data_stream/idm_config/agent/stream/httpjson.yml.hbs
@@ -13,9 +13,9 @@ request.method: "GET"
 request.url: {{tenant_url}}/monitoring/logs
 
 request.rate_limit:
-  limit: '[[.last_response.headers.Get "X-Rate-Limit-Limit"]]'
-  remaining: '[[.last_response.headers.Get "X-Rate-Limit-Remaining"]]'
-  reset: '[[.last_response.headers.Get "X-Rate-Limit-Reset"]]'
+  limit: '[[.last_response.header.Get "X-Rate-Limit-Limit"]]'
+  remaining: '[[.last_response.header.Get "X-Rate-Limit-Remaining"]]'
+  reset: '[[.last_response.header.Get "X-Rate-Limit-Reset"]]'
 
 {{#if http_client_timeout}}
 request.timeout: {{http_client_timeout}}
@@ -80,8 +80,9 @@ response.pagination:
       value: '[[.last_response.url.params.Get "beginTime"]]'
   - set:
       target: url.params._pagedResultsCookie
-      value: '[[.last_response.body.pagedResultsCookie]]'
+      value: '[[if index .last_response.body "pagedResultsCookie"]][[.last_response.body.pagedResultsCookie]][[end]]'
       fail_on_template_error: true
+      do_not_log_failure: true
 
 cursor:
   last_timestamp:
diff --git a/packages/forgerock/data_stream/idm_config/sample_event.json b/packages/forgerock/data_stream/idm_config/sample_event.json
index fe4dd755abd..58724ad7bb5 100644
--- a/packages/forgerock/data_stream/idm_config/sample_event.json
+++ b/packages/forgerock/data_stream/idm_config/sample_event.json
@@ -1,34 +1,34 @@
 {
     "@timestamp": "2022-10-19T16:12:12.549Z",
     "agent": {
-        "ephemeral_id": "fb37ec3d-49b8-4a56-8540-f9bf8f749477",
-        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "c2abb4f1-08de-4c4b-b783-22cadd5e81fb",
+        "id": "e591b5b6-3b50-4c61-ac46-5c93370cda0b",
+        "name": "elastic-agent-85889",
         "type": "filebeat",
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "data_stream": {
         "dataset": "forgerock.idm_config",
-        "namespace": "74292",
+        "namespace": "96403",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
+        "id": "e591b5b6-3b50-4c61-ac46-5c93370cda0b",
         "snapshot": false,
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "event": {
         "agent_id_status": "verified",
         "category": [
             "configuration"
         ],
-        "created": "2024-06-12T03:11:48.197Z",
+        "created": "2025-10-06T12:47:03.339Z",
         "dataset": "forgerock.idm_config",
         "id": "5e787c05-c32f-40d3-9e77-666376f6738f-134332",
-        "ingested": "2024-06-12T03:12:00Z"
+        "ingested": "2025-10-06T12:47:06Z"
     },
     "forgerock": {
         "changedFields": [
@@ -60,4 +60,4 @@
         },
         "id": "d7cd65bf-743c-4753-a78f-a20daae7e3bf"
     }
-}
\ No newline at end of file
+}
diff --git a/packages/forgerock/data_stream/idm_core/agent/stream/httpjson.yml.hbs b/packages/forgerock/data_stream/idm_core/agent/stream/httpjson.yml.hbs
index fba364e14ce..0d9c4ccde73 100644
--- a/packages/forgerock/data_stream/idm_core/agent/stream/httpjson.yml.hbs
+++ b/packages/forgerock/data_stream/idm_core/agent/stream/httpjson.yml.hbs
@@ -13,9 +13,9 @@ request.method: "GET"
 request.url: {{tenant_url}}/monitoring/logs
 
 request.rate_limit:
-  limit: '[[.last_response.headers.Get "X-Rate-Limit-Limit"]]'
-  remaining: '[[.last_response.headers.Get "X-Rate-Limit-Remaining"]]'
-  reset: '[[.last_response.headers.Get "X-Rate-Limit-Reset"]]'
+  limit: '[[.last_response.header.Get "X-Rate-Limit-Limit"]]'
+  remaining: '[[.last_response.header.Get "X-Rate-Limit-Remaining"]]'
+  reset: '[[.last_response.header.Get "X-Rate-Limit-Reset"]]'
 
 {{#if http_client_timeout}}
 request.timeout: {{http_client_timeout}}
@@ -80,8 +80,9 @@ response.pagination:
       value: '[[.last_response.url.params.Get "beginTime"]]'
   - set:
       target: url.params._pagedResultsCookie
-      value: '[[.last_response.body.pagedResultsCookie]]'
+      value: '[[if index .last_response.body "pagedResultsCookie"]][[.last_response.body.pagedResultsCookie]][[end]]'
       fail_on_template_error: true
+      do_not_log_failure: true
 
 cursor:
   last_timestamp:
diff --git a/packages/forgerock/data_stream/idm_core/sample_event.json b/packages/forgerock/data_stream/idm_core/sample_event.json
index 76b693605bd..0506314d06e 100644
--- a/packages/forgerock/data_stream/idm_core/sample_event.json
+++ b/packages/forgerock/data_stream/idm_core/sample_event.json
@@ -1,30 +1,30 @@
 {
     "@timestamp": "2022-12-05T20:01:34.448Z",
     "agent": {
-        "ephemeral_id": "0ecd4e49-8926-4644-a9ac-e464dcb4f31c",
-        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "be0af615-72c8-4765-af00-f48265926a95",
+        "id": "49e76a53-246c-4949-aec1-a76a75a7943f",
+        "name": "elastic-agent-40983",
         "type": "filebeat",
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "data_stream": {
         "dataset": "forgerock.idm_core",
-        "namespace": "52603",
+        "namespace": "15088",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
+        "id": "49e76a53-246c-4949-aec1-a76a75a7943f",
         "snapshot": false,
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "event": {
         "agent_id_status": "verified",
-        "created": "2024-06-12T03:12:40.380Z",
+        "created": "2025-10-06T12:47:53.258Z",
         "dataset": "forgerock.idm_core",
-        "ingested": "2024-06-12T03:12:52Z",
+        "ingested": "2025-10-06T12:47:56Z",
         "reason": "Dec 05, 2022 8:01:34 PM org.forgerock.openidm.internal.InternalObjectSet readInstance"
     },
     "input": {
@@ -38,4 +38,4 @@
         "forgerock-debug",
         "forgerock-idm-core"
     ]
-}
\ No newline at end of file
+}
diff --git a/packages/forgerock/data_stream/idm_sync/agent/stream/httpjson.yml.hbs b/packages/forgerock/data_stream/idm_sync/agent/stream/httpjson.yml.hbs
index b0c28894ae7..bc93d566fdc 100644
--- a/packages/forgerock/data_stream/idm_sync/agent/stream/httpjson.yml.hbs
+++ b/packages/forgerock/data_stream/idm_sync/agent/stream/httpjson.yml.hbs
@@ -13,9 +13,9 @@ request.method: "GET"
 request.url: {{tenant_url}}/monitoring/logs
 
 request.rate_limit:
-  limit: '[[.last_response.headers.Get "X-Rate-Limit-Limit"]]'
-  remaining: '[[.last_response.headers.Get "X-Rate-Limit-Remaining"]]'
-  reset: '[[.last_response.headers.Get "X-Rate-Limit-Reset"]]'
+  limit: '[[.last_response.header.Get "X-Rate-Limit-Limit"]]'
+  remaining: '[[.last_response.header.Get "X-Rate-Limit-Remaining"]]'
+  reset: '[[.last_response.header.Get "X-Rate-Limit-Reset"]]'
 
 {{#if http_client_timeout}}
 request.timeout: {{http_client_timeout}}
@@ -81,8 +81,9 @@ response.pagination:
       value: '[[.last_response.url.params.Get "beginTime"]]'
   - set:
       target: url.params._pagedResultsCookie
-      value: '[[.last_response.body.pagedResultsCookie]]'
+      value: '[[if index .last_response.body "pagedResultsCookie"]][[.last_response.body.pagedResultsCookie]][[end]]'
       fail_on_template_error: true
+      do_not_log_failure: true
 
 cursor:
   last_timestamp:
diff --git a/packages/forgerock/data_stream/idm_sync/sample_event.json b/packages/forgerock/data_stream/idm_sync/sample_event.json
index 9c0e1a04a56..172cb23ee5c 100644
--- a/packages/forgerock/data_stream/idm_sync/sample_event.json
+++ b/packages/forgerock/data_stream/idm_sync/sample_event.json
@@ -1,31 +1,31 @@
 {
     "@timestamp": "2022-10-19T16:09:17.900Z",
     "agent": {
-        "ephemeral_id": "9597c9be-7da7-4082-890f-94632a9bdfed",
-        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "87a05e07-8bc1-4a59-b294-755ca4f09ab5",
+        "id": "92635cef-b931-43d6-89aa-42a3566922f7",
+        "name": "elastic-agent-79875",
         "type": "filebeat",
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "data_stream": {
         "dataset": "forgerock.idm_sync",
-        "namespace": "29113",
+        "namespace": "45841",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
+        "id": "92635cef-b931-43d6-89aa-42a3566922f7",
         "snapshot": false,
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "event": {
         "agent_id_status": "verified",
-        "created": "2024-06-12T03:13:33.362Z",
+        "created": "2025-10-06T12:52:05.339Z",
         "dataset": "forgerock.idm_sync",
         "id": "5e787c05-c32f-40d3-9e77-666376f6738f-130280",
-        "ingested": "2024-06-12T03:13:45Z",
+        "ingested": "2025-10-06T12:52:08Z",
         "outcome": "success"
     },
     "forgerock": {
@@ -56,4 +56,4 @@
     "user": {
         "id": "d7cd65bf-743c-4753-a78f-a20daae7e3bf"
     }
-}
\ No newline at end of file
+}
diff --git a/packages/forgerock/docs/README.md b/packages/forgerock/docs/README.md
index 2cbf8945519..8ae39468e40 100644
--- a/packages/forgerock/docs/README.md
+++ b/packages/forgerock/docs/README.md
@@ -16,48 +16,82 @@ An example event for `am_access` looks as following:
 
 ```json
 {
-    "@timestamp": "2022-11-06T18:16:43.813Z",
+    "@timestamp": "2022-10-05T20:55:43.188Z",
     "agent": {
-        "ephemeral_id": "82b02cc6-7222-4ccc-b7f4-4c1c55315484",
-        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "912582e9-ce0a-4e33-bd0d-b446b246d5cb",
+        "id": "e5f7134f-516b-4b77-a0e8-a558bda68feb",
+        "name": "elastic-agent-93058",
         "type": "filebeat",
-        "version": "8.13.0"
+        "version": "8.19.4"
+    },
+    "client": {
+        "ip": "1.128.0.0"
     },
     "data_stream": {
         "dataset": "forgerock.am_access",
-        "namespace": "51919",
+        "namespace": "96005",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
+        "id": "e5f7134f-516b-4b77-a0e8-a558bda68feb",
         "snapshot": false,
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "event": {
-        "action": "AM-SESSION-IDLE_TIMED_OUT",
+        "action": "AM-ACCESS-ATTEMPT",
         "agent_id_status": "verified",
-        "created": "2024-06-12T03:05:10.979Z",
+        "created": "2025-10-06T12:40:16.272Z",
         "dataset": "forgerock.am_access",
-        "id": "688b24d9-968e-4a20-b471-9bd78f1e46ec-79599",
-        "ingested": "2024-06-12T03:05:14Z",
+        "id": "45463f84-ff1b-499f-aa84-8d4bd93150de-437950",
+        "ingested": "2025-10-06T12:40:17Z",
         "type": [
             "access"
         ]
     },
     "forgerock": {
-        "eventName": "AM-SESSION-IDLE_TIMED_OUT",
+        "eventName": "AM-ACCESS-ATTEMPT",
+        "http": {
+            "request": {
+                "headers": {
+                    "accept": [
+                        "application/json, text/plain, */*"
+                    ],
+                    "accept-api-version": [
+                        "protocol=1.0,resource=1.1"
+                    ],
+                    "host": [
+                        "openam-chico-poc.forgeblocks.com"
+                    ],
+                    "user-agent": [
+                        "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36"
+                    ],
+                    "x-forwarded-for": [
+                        "50.159.194.107, 34.149.144.150, 10.168.0.13"
+                    ],
+                    "x-forwarded-proto": [
+                        "https"
+                    ]
+                },
+                "secure": true
+            }
+        },
         "level": "INFO",
-        "objectId": "688b24d9-968e-4a20-b471-9bd78f1e46ec-13901",
         "realm": "/",
+        "request": {
+            "operation": "READ",
+            "protocol": "CREST"
+        },
         "source": "audit",
-        "topic": "activity",
-        "trackingIds": [
-            "688b24d9-968e-4a20-b471-9bd78f1e46ec-13901"
-        ]
+        "topic": "access"
+    },
+    "http": {
+        "request": {
+            "Path": "https://openam-chico-poc.forgeblocks.com/am/json/serverinfo/*",
+            "method": "GET"
+        }
     },
     "input": {
         "type": "httpjson"
@@ -65,8 +99,11 @@ An example event for `am_access` looks as following:
     "observer": {
         "vendor": "ForgeRock Identity Platform"
     },
+    "server": {
+        "ip": "10.68.17.12"
+    },
     "service": {
-        "name": "Session"
+        "name": "Server Info"
     },
     "tags": [
         "forwarded",
@@ -74,10 +111,7 @@ An example event for `am_access` looks as following:
         "forgerock-am-access"
     ],
     "transaction": {
-        "id": "688b24d9-968e-4a20-b471-9bd78f1e46ec-1"
-    },
-    "user": {
-        "id": "id=d7cd65bf-743c-4753-a78f-a20daae7e3bf,ou=user,ou=am-config"
+        "id": "1665003343053-7492ffada57c074a1475-43264/0"
     }
 }
 ```
@@ -141,32 +175,32 @@ An example event for `am_activity` looks as following:
 {
     "@timestamp": "2022-10-05T20:55:59.966Z",
     "agent": {
-        "ephemeral_id": "9db3f780-4230-43f5-832f-203266705932",
-        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "300977b2-2103-4f5c-8398-cb7491c52ce3",
+        "id": "a77ca8ac-13ef-47c3-84e4-ec42fde7af3f",
+        "name": "elastic-agent-41379",
         "type": "filebeat",
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "data_stream": {
         "dataset": "forgerock.am_activity",
-        "namespace": "71478",
+        "namespace": "61561",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
+        "id": "a77ca8ac-13ef-47c3-84e4-ec42fde7af3f",
         "snapshot": false,
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "event": {
         "action": "AM-SESSION-CREATED",
         "agent_id_status": "verified",
-        "created": "2024-06-12T03:05:53.025Z",
+        "created": "2025-10-06T12:41:04.474Z",
         "dataset": "forgerock.am_activity",
         "id": "45463f84-ff1b-499f-aa84-8d4bd93150de-438366",
-        "ingested": "2024-06-12T03:05:57Z",
+        "ingested": "2025-10-06T12:41:07Z",
         "reason": "CREATE"
     },
     "forgerock": {
@@ -236,24 +270,24 @@ An example event for `am_authentication` looks as following:
 {
     "@timestamp": "2022-10-05T18:21:48.253Z",
     "agent": {
-        "ephemeral_id": "2ffe10cc-935a-4457-869f-95b732cb0c8b",
-        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "ad09d001-2dbe-4840-af47-f2818fa57098",
+        "id": "1fbc06be-5d4e-4db9-99c9-f1320758f1d8",
+        "name": "elastic-agent-75467",
         "type": "filebeat",
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "data_stream": {
         "dataset": "forgerock.am_authentication",
-        "namespace": "88343",
+        "namespace": "58576",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
+        "id": "1fbc06be-5d4e-4db9-99c9-f1320758f1d8",
         "snapshot": false,
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "event": {
         "action": "AM-LOGIN-COMPLETED",
@@ -261,10 +295,10 @@ An example event for `am_authentication` looks as following:
         "category": [
             "authentication"
         ],
-        "created": "2024-06-12T03:06:40.162Z",
+        "created": "2025-10-06T12:42:03.795Z",
         "dataset": "forgerock.am_authentication",
         "id": "45463f84-ff1b-499f-aa84-8d4bd93150de-256208",
-        "ingested": "2024-06-12T03:06:44Z",
+        "ingested": "2025-10-06T12:42:06Z",
         "outcome": "success"
     },
     "forgerock": {
@@ -343,24 +377,24 @@ An example event for `am_config` looks as following:
 {
     "@timestamp": "2022-09-20T14:40:10.664Z",
     "agent": {
-        "ephemeral_id": "4afe06fa-469e-40e2-babb-b30baf137536",
-        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "78438062-5e65-437e-8b89-308d70efdb88",
+        "id": "d36dcc8f-d86c-4c48-9832-fd9828a9dfe7",
+        "name": "elastic-agent-89631",
         "type": "filebeat",
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "data_stream": {
         "dataset": "forgerock.am_config",
-        "namespace": "65246",
+        "namespace": "15954",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
+        "id": "d36dcc8f-d86c-4c48-9832-fd9828a9dfe7",
         "snapshot": false,
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "event": {
         "action": "AM-CONFIG-CHANGE",
@@ -368,10 +402,10 @@ An example event for `am_config` looks as following:
         "category": [
             "configuration"
         ],
-        "created": "2024-06-12T03:07:28.334Z",
+        "created": "2025-10-06T12:42:52.973Z",
         "dataset": "forgerock.am_config",
         "id": "4e8550cd-71d6-4a08-b5b0-bb63bcbbc960-20605",
-        "ingested": "2024-06-12T03:07:31Z"
+        "ingested": "2025-10-06T12:42:55Z"
     },
     "forgerock": {
         "level": "INFO",
@@ -437,30 +471,30 @@ An example event for `am_core` looks as following:
 {
     "@timestamp": "2022-12-05T19:29:20.845Z",
     "agent": {
-        "ephemeral_id": "b802141d-9281-4caa-bb31-d5561f968ee5",
-        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "013fcb42-a6c3-47de-8afb-94a1f9014635",
+        "id": "7efa0d65-4e58-4fb3-a1ed-0d89d045c77a",
+        "name": "elastic-agent-19283",
         "type": "filebeat",
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "data_stream": {
         "dataset": "forgerock.am_core",
-        "namespace": "90018",
+        "namespace": "89252",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
+        "id": "7efa0d65-4e58-4fb3-a1ed-0d89d045c77a",
         "snapshot": false,
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "event": {
         "agent_id_status": "verified",
-        "created": "2024-06-12T03:08:15.631Z",
+        "created": "2025-10-06T12:43:43.162Z",
         "dataset": "forgerock.am_core",
-        "ingested": "2024-06-12T03:08:19Z",
+        "ingested": "2025-10-06T12:43:46Z",
         "reason": "Connection attempt failed: availableConnections=0, maxPoolSize=10"
     },
     "forgerock": {
@@ -509,11 +543,11 @@ An example event for `idm_access` looks as following:
 {
     "@timestamp": "2022-11-01T15:04:50.110Z",
     "agent": {
-        "ephemeral_id": "1c6538cf-fe70-498c-8919-a60c26ffcfac",
-        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "4a50402b-fc44-4850-93ea-ef0cf4c922ba",
+        "id": "229bc928-46fc-40e6-9d5c-687a54978dfd",
+        "name": "elastic-agent-86850",
         "type": "filebeat",
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "client": {
         "ip": "216.160.83.56",
@@ -521,24 +555,24 @@ An example event for `idm_access` looks as following:
     },
     "data_stream": {
         "dataset": "forgerock.idm_access",
-        "namespace": "61539",
+        "namespace": "92556",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
+        "id": "229bc928-46fc-40e6-9d5c-687a54978dfd",
         "snapshot": false,
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "event": {
         "agent_id_status": "verified",
-        "created": "2024-06-12T03:09:02.660Z",
+        "created": "2025-10-06T12:44:33.069Z",
         "dataset": "forgerock.idm_access",
         "duration": 2000000,
         "id": "a9a32d9e-7029-45e6-b581-eafb5d502273-49025",
-        "ingested": "2024-06-12T03:09:14Z",
+        "ingested": "2025-10-06T12:44:36Z",
         "outcome": "success",
         "type": [
             "access"
@@ -638,31 +672,31 @@ An example event for `idm_activity` looks as following:
 {
     "@timestamp": "2022-11-01T18:02:39.882Z",
     "agent": {
-        "ephemeral_id": "18f29cf6-4b37-4c4d-8d49-91bf8719e14c",
-        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "e5134748-2f93-46d7-832e-a0345a05dd7a",
+        "id": "8cdbc0fe-d88c-4a81-bc16-8f7dafdb3681",
+        "name": "elastic-agent-30475",
         "type": "filebeat",
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "data_stream": {
         "dataset": "forgerock.idm_activity",
-        "namespace": "89179",
+        "namespace": "97694",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
+        "id": "8cdbc0fe-d88c-4a81-bc16-8f7dafdb3681",
         "snapshot": false,
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "event": {
         "agent_id_status": "verified",
-        "created": "2024-06-12T03:09:56.979Z",
+        "created": "2025-10-06T12:45:23.278Z",
         "dataset": "forgerock.idm_activity",
         "id": "a9a32d9e-7029-45e6-b581-eafb5d502273-268906",
-        "ingested": "2024-06-12T03:10:08Z",
+        "ingested": "2025-10-06T12:45:26Z",
         "outcome": "success"
     },
     "forgerock": {
@@ -729,34 +763,34 @@ An example event for `idm_authentication` looks as following:
 {
     "@timestamp": "2022-10-05T18:21:48.253Z",
     "agent": {
-        "ephemeral_id": "a585941c-cf1b-4f9e-ab31-9f02ad2f3a8d",
-        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "43621d03-c360-4aaf-8c54-29f1b2c9c14e",
+        "id": "d45d8d44-75ed-4fc4-8cd7-7e9546178b5f",
+        "name": "elastic-agent-35658",
         "type": "filebeat",
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "data_stream": {
         "dataset": "forgerock.idm_authentication",
-        "namespace": "54220",
+        "namespace": "74191",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
+        "id": "d45d8d44-75ed-4fc4-8cd7-7e9546178b5f",
         "snapshot": false,
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "event": {
         "agent_id_status": "verified",
         "category": [
             "authentication"
         ],
-        "created": "2024-06-12T03:10:55.079Z",
+        "created": "2025-10-06T12:46:13.049Z",
         "dataset": "forgerock.idm_authentication",
         "id": "45463f84-ff1b-499f-aa84-8d4bd93150de-256208",
-        "ingested": "2024-06-12T03:11:07Z",
+        "ingested": "2025-10-06T12:46:16Z",
         "outcome": "success"
     },
     "forgerock": {
@@ -832,34 +866,34 @@ An example event for `idm_config` looks as following:
 {
     "@timestamp": "2022-10-19T16:12:12.549Z",
     "agent": {
-        "ephemeral_id": "fb37ec3d-49b8-4a56-8540-f9bf8f749477",
-        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "c2abb4f1-08de-4c4b-b783-22cadd5e81fb",
+        "id": "e591b5b6-3b50-4c61-ac46-5c93370cda0b",
+        "name": "elastic-agent-85889",
         "type": "filebeat",
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "data_stream": {
         "dataset": "forgerock.idm_config",
-        "namespace": "74292",
+        "namespace": "96403",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
+        "id": "e591b5b6-3b50-4c61-ac46-5c93370cda0b",
         "snapshot": false,
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "event": {
         "agent_id_status": "verified",
         "category": [
             "configuration"
         ],
-        "created": "2024-06-12T03:11:48.197Z",
+        "created": "2025-10-06T12:47:03.339Z",
         "dataset": "forgerock.idm_config",
         "id": "5e787c05-c32f-40d3-9e77-666376f6738f-134332",
-        "ingested": "2024-06-12T03:12:00Z"
+        "ingested": "2025-10-06T12:47:06Z"
     },
     "forgerock": {
         "changedFields": [
@@ -921,30 +955,30 @@ An example event for `idm_core` looks as following:
 {
     "@timestamp": "2022-12-05T20:01:34.448Z",
     "agent": {
-        "ephemeral_id": "0ecd4e49-8926-4644-a9ac-e464dcb4f31c",
-        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "be0af615-72c8-4765-af00-f48265926a95",
+        "id": "49e76a53-246c-4949-aec1-a76a75a7943f",
+        "name": "elastic-agent-40983",
         "type": "filebeat",
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "data_stream": {
         "dataset": "forgerock.idm_core",
-        "namespace": "52603",
+        "namespace": "15088",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
+        "id": "49e76a53-246c-4949-aec1-a76a75a7943f",
         "snapshot": false,
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "event": {
         "agent_id_status": "verified",
-        "created": "2024-06-12T03:12:40.380Z",
+        "created": "2025-10-06T12:47:53.258Z",
         "dataset": "forgerock.idm_core",
-        "ingested": "2024-06-12T03:12:52Z",
+        "ingested": "2025-10-06T12:47:56Z",
         "reason": "Dec 05, 2022 8:01:34 PM org.forgerock.openidm.internal.InternalObjectSet readInstance"
     },
     "input": {
@@ -986,31 +1020,31 @@ An example event for `idm_sync` looks as following:
 {
     "@timestamp": "2022-10-19T16:09:17.900Z",
     "agent": {
-        "ephemeral_id": "9597c9be-7da7-4082-890f-94632a9bdfed",
-        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "87a05e07-8bc1-4a59-b294-755ca4f09ab5",
+        "id": "92635cef-b931-43d6-89aa-42a3566922f7",
+        "name": "elastic-agent-79875",
         "type": "filebeat",
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "data_stream": {
         "dataset": "forgerock.idm_sync",
-        "namespace": "29113",
+        "namespace": "45841",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
+        "id": "92635cef-b931-43d6-89aa-42a3566922f7",
         "snapshot": false,
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "event": {
         "agent_id_status": "verified",
-        "created": "2024-06-12T03:13:33.362Z",
+        "created": "2025-10-06T12:52:05.339Z",
         "dataset": "forgerock.idm_sync",
         "id": "5e787c05-c32f-40d3-9e77-666376f6738f-130280",
-        "ingested": "2024-06-12T03:13:45Z",
+        "ingested": "2025-10-06T12:52:08Z",
         "outcome": "success"
     },
     "forgerock": {
diff --git a/packages/forgerock/manifest.yml b/packages/forgerock/manifest.yml
index cd23277214e..243e96f9625 100644
--- a/packages/forgerock/manifest.yml
+++ b/packages/forgerock/manifest.yml
@@ -1,13 +1,13 @@
 name: forgerock
 title: "ForgeRock"
-version: "1.21.2"
+version: "1.22.0"
 description: Collect audit logs from ForgeRock with Elastic Agent.
 type: integration
 format_version: "3.0.2"
 categories: ["security"]
 conditions:
   kibana:
-    version: "^8.13.0 || ^9.0.0"
+    version: "^8.19.4 || ~9.0.7 || ^9.1.4"
 screenshots:
   - src: /img/forgerock-dashboard.png
     title: ForgeRock Dashboard
diff --git a/packages/httpjson/changelog.yml b/packages/httpjson/changelog.yml
index eabee7d7e3e..5a2599ea57d 100644
--- a/packages/httpjson/changelog.yml
+++ b/packages/httpjson/changelog.yml
@@ -1,3 +1,8 @@
+- version: "1.24.0"
+  changes:
+    - description: Prevent updating fleet health status to degraded.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/15584
 - version: "1.23.0"
   changes:
     - description: Add options for OAuth2 user/password.
diff --git a/packages/httpjson/data_stream/generic/_dev/test/system/test-pagination-config.yml b/packages/httpjson/data_stream/generic/_dev/test/system/test-pagination-config.yml
index ec9a3932066..bba1fab58c3 100644
--- a/packages/httpjson/data_stream/generic/_dev/test/system/test-pagination-config.yml
+++ b/packages/httpjson/data_stream/generic/_dev/test/system/test-pagination-config.yml
@@ -10,6 +10,7 @@ data_stream:
     response_pagination: |-
       - set:
           target: url.params.page
-          value: '[[.last_response.body.page]]'
+          value: '[[if index .last_response.body "page"]][[.last_response.body.page]][[end]]'
           fail_on_template_error: true
+          do_not_log_failure: true
     enable_request_tracer: true
diff --git a/packages/httpjson/manifest.yml b/packages/httpjson/manifest.yml
index f8bd9494f21..49ad0f2626c 100644
--- a/packages/httpjson/manifest.yml
+++ b/packages/httpjson/manifest.yml
@@ -3,10 +3,10 @@ name: httpjson
 title: Custom API
 description: Collect custom events from an API endpoint with Elastic agent
 type: integration
-version: "1.23.0"
+version: "1.24.0"
 conditions:
   kibana:
-    version: "^8.13.0 || ^9.0.0"
+    version: "^8.19.4 || ~9.0.7 || ^9.1.4"
 categories:
   - custom
 policy_templates:
diff --git a/packages/lumos/changelog.yml b/packages/lumos/changelog.yml
index 3f2c31610c5..6b26c3a3ce3 100644
--- a/packages/lumos/changelog.yml
+++ b/packages/lumos/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.6.0"
+  changes:
+    - description: Prevent updating fleet health status to degraded.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/15584
 - version: "1.5.0"
   changes:
     - description: Update Kibana constraint to support 9.0.0.
diff --git a/packages/lumos/data_stream/activity_logs/agent/stream/httpjson.yml.hbs b/packages/lumos/data_stream/activity_logs/agent/stream/httpjson.yml.hbs
index 2a4e3286cbe..62829d09ba7 100644
--- a/packages/lumos/data_stream/activity_logs/agent/stream/httpjson.yml.hbs
+++ b/packages/lumos/data_stream/activity_logs/agent/stream/httpjson.yml.hbs
@@ -15,8 +15,9 @@ request.transforms:
 response.pagination:
   - set:
       target: url.value
-      value: '{{api_url}}[[.last_response.body.links.next]]'
+      value: '[[if index .last_response.body.links "next"]]{{api_url}}[[.last_response.body.links.next]][[end]]'
       fail_on_template_error: true
+      do_not_log_failure: true
 
 response.split:
   target: body.items
@@ -24,7 +25,8 @@ response.split:
 
 cursor:
   since:
-    value: '[[.last_event.created]]'
+    value: '[[if index .last_event "created"]][[.last_event.created]][[end]]'
+    ignore_empty_value: true
 
 {{#if processors}}
 processors:
diff --git a/packages/lumos/data_stream/activity_logs/sample_event.json b/packages/lumos/data_stream/activity_logs/sample_event.json
index 836f66a79f7..5b0c8df1e9b 100644
--- a/packages/lumos/data_stream/activity_logs/sample_event.json
+++ b/packages/lumos/data_stream/activity_logs/sample_event.json
@@ -1,32 +1,32 @@
 {
-    "@timestamp": "2024-06-12T03:14:31.761Z",
+    "@timestamp": "2025-10-07T10:29:39.283Z",
     "agent": {
-        "ephemeral_id": "164152f0-95db-44c9-a369-1412cbf18efd",
-        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "2899cf43-154c-43bf-8e38-6dd8fcdddeb8",
+        "id": "ec7a2ba3-4ffe-4b9d-98cf-dce8eccd9455",
+        "name": "elastic-agent-76548",
         "type": "filebeat",
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "data_stream": {
         "dataset": "lumos.activity_logs",
-        "namespace": "41003",
+        "namespace": "18028",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
+        "id": "ec7a2ba3-4ffe-4b9d-98cf-dce8eccd9455",
         "snapshot": false,
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "event": {
         "action": "SOD_POLICY_DELETED",
         "agent_id_status": "verified",
-        "created": "2024-06-12T03:14:31.761Z",
+        "created": "2025-10-07T10:29:39.283Z",
         "dataset": "lumos.activity_logs",
         "id": "630b90cedc35a8a5f43361534099bee51e032f42dd442085fc76ef094d228f543c78fbe59c132df992cf71a6b8496504e8ebbc6020fbae1f34206676985412e7",
-        "ingested": "2024-06-12T03:14:43Z",
+        "ingested": "2025-10-07T10:29:42Z",
         "kind": "event",
         "outcome": "success",
         "type": [
@@ -36,23 +36,22 @@
     "host": {
         "architecture": "x86_64",
         "containerized": false,
-        "hostname": "docker-fleet-agent",
-        "id": "8259e024976a406e8a54cdbffeb84fec",
+        "hostname": "elastic-agent-76548",
         "ip": [
-            "172.19.0.7"
+            "192.168.241.2",
+            "192.168.240.4"
         ],
         "mac": [
-            "02-42-AC-13-00-07"
+            "12-2A-F7-F2-2C-D7",
+            "DE-BF-74-CA-85-68"
         ],
-        "name": "docker-fleet-agent",
+        "name": "elastic-agent-76548",
         "os": {
-            "codename": "focal",
-            "family": "debian",
-            "kernel": "6.5.11-linuxkit",
-            "name": "Ubuntu",
-            "platform": "ubuntu",
+            "kernel": "5.15.0-156-generic",
+            "name": "Wolfi",
+            "platform": "wolfi",
             "type": "linux",
-            "version": "20.04.6 LTS (Focal Fossa)"
+            "version": "20230201"
         }
     },
     "input": {
@@ -77,4 +76,4 @@
         }
     },
     "message": "{\"actor\":{\"actor_type\":\"Lumos user\",\"email\":\"wile.e.coyote@lumos.com\",\"family_name\":\"Wile\",\"given_name\":\"Coyote\"},\"event_began_at\":\"2024-03-12T16:09:14\",\"event_hash\":\"630b90cedc35a8a5f43361534099bee51e032f42dd442085fc76ef094d228f543c78fbe59c132df992cf71a6b8496504e8ebbc6020fbae1f34206676985412e7\",\"event_metadata\":{},\"event_type\":\"SOD_POLICY_DELETED\",\"event_type_user_friendly\":\"A user deleted a SOD Policy\",\"outcome\":\"Succeeded\",\"targets\":[{\"name\":\"Untitled Rule\",\"target_type\":\"SOD Policy\"}]}"
-}
\ No newline at end of file
+}
diff --git a/packages/lumos/docs/README.md b/packages/lumos/docs/README.md
index 484ae7cc480..4421c00e18a 100644
--- a/packages/lumos/docs/README.md
+++ b/packages/lumos/docs/README.md
@@ -50,34 +50,34 @@ An example event for `activity` looks as following:
 
 ```json
 {
-    "@timestamp": "2024-06-12T03:14:31.761Z",
+    "@timestamp": "2025-10-07T10:29:39.283Z",
     "agent": {
-        "ephemeral_id": "164152f0-95db-44c9-a369-1412cbf18efd",
-        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "2899cf43-154c-43bf-8e38-6dd8fcdddeb8",
+        "id": "ec7a2ba3-4ffe-4b9d-98cf-dce8eccd9455",
+        "name": "elastic-agent-76548",
         "type": "filebeat",
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "data_stream": {
         "dataset": "lumos.activity_logs",
-        "namespace": "41003",
+        "namespace": "18028",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "d2a14a09-96fc-4f81-94ef-b0cd75ad71e7",
+        "id": "ec7a2ba3-4ffe-4b9d-98cf-dce8eccd9455",
         "snapshot": false,
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "event": {
         "action": "SOD_POLICY_DELETED",
         "agent_id_status": "verified",
-        "created": "2024-06-12T03:14:31.761Z",
+        "created": "2025-10-07T10:29:39.283Z",
         "dataset": "lumos.activity_logs",
         "id": "630b90cedc35a8a5f43361534099bee51e032f42dd442085fc76ef094d228f543c78fbe59c132df992cf71a6b8496504e8ebbc6020fbae1f34206676985412e7",
-        "ingested": "2024-06-12T03:14:43Z",
+        "ingested": "2025-10-07T10:29:42Z",
         "kind": "event",
         "outcome": "success",
         "type": [
@@ -87,23 +87,22 @@ An example event for `activity` looks as following:
     "host": {
         "architecture": "x86_64",
         "containerized": false,
-        "hostname": "docker-fleet-agent",
-        "id": "8259e024976a406e8a54cdbffeb84fec",
+        "hostname": "elastic-agent-76548",
         "ip": [
-            "172.19.0.7"
+            "192.168.241.2",
+            "192.168.240.4"
         ],
         "mac": [
-            "02-42-AC-13-00-07"
+            "12-2A-F7-F2-2C-D7",
+            "DE-BF-74-CA-85-68"
         ],
-        "name": "docker-fleet-agent",
+        "name": "elastic-agent-76548",
         "os": {
-            "codename": "focal",
-            "family": "debian",
-            "kernel": "6.5.11-linuxkit",
-            "name": "Ubuntu",
-            "platform": "ubuntu",
+            "kernel": "5.15.0-156-generic",
+            "name": "Wolfi",
+            "platform": "wolfi",
             "type": "linux",
-            "version": "20.04.6 LTS (Focal Fossa)"
+            "version": "20230201"
         }
     },
     "input": {
diff --git a/packages/lumos/manifest.yml b/packages/lumos/manifest.yml
index aaafd215ebe..978bed12ff0 100644
--- a/packages/lumos/manifest.yml
+++ b/packages/lumos/manifest.yml
@@ -1,14 +1,14 @@
 format_version: 3.1.2
 name: lumos
 title: "Lumos"
-version: "1.5.0"
+version: "1.6.0"
 description: "An integration with Lumos to ship your Activity logs to your Elastic instance."
 type: integration
 categories:
   - security
 conditions:
   kibana:
-    version: "^8.13.0 || ^9.0.0"
+    version: "^8.19.4 || ~9.0.7 || ^9.1.4"
   elastic:
     subscription: "basic"
 screenshots:
diff --git a/packages/microsoft_exchange_online_message_trace/changelog.yml b/packages/microsoft_exchange_online_message_trace/changelog.yml
index ec3ea8763b6..38c58e9bb2b 100644
--- a/packages/microsoft_exchange_online_message_trace/changelog.yml
+++ b/packages/microsoft_exchange_online_message_trace/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.29.0"
+  changes:
+    - description: Prevent updating fleet health status to degraded.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/15584
 - version: "1.28.0"
   changes:
     - description: Improve documentation
diff --git a/packages/microsoft_exchange_online_message_trace/data_stream/log/agent/stream/httpjson.yml.hbs b/packages/microsoft_exchange_online_message_trace/data_stream/log/agent/stream/httpjson.yml.hbs
index 9bae8695028..e53d1d0428f 100644
--- a/packages/microsoft_exchange_online_message_trace/data_stream/log/agent/stream/httpjson.yml.hbs
+++ b/packages/microsoft_exchange_online_message_trace/data_stream/log/agent/stream/httpjson.yml.hbs
@@ -73,8 +73,9 @@ response.pagination:
       fail_on_template_error: true
   - set:
       target: url.params.$skiptoken
-      value: '[[if (lt (len .last_response.body.value) (toInt {{batch_size}}))]][[.last_response.terminate_pagination]][[else]][[(add (toInt (.last_response.url.params.Get "$skiptoken")) (toInt {{batch_size}}))]][[end]]'
+      value: '[[if (ge (len .last_response.body.value) (toInt {{batch_size}}))]][[(add (toInt (.last_response.url.params.Get "$skiptoken")) (toInt {{batch_size}}))]][[end]]'
       fail_on_template_error: true
+      do_not_log_failure: true
 cursor:
   last_execution_datetime:
     # Expects `$filter` param to be in the format of:
diff --git a/packages/microsoft_exchange_online_message_trace/data_stream/log/sample_event.json b/packages/microsoft_exchange_online_message_trace/data_stream/log/sample_event.json
index 4d91605c8f4..d6787825e1e 100644
--- a/packages/microsoft_exchange_online_message_trace/data_stream/log/sample_event.json
+++ b/packages/microsoft_exchange_online_message_trace/data_stream/log/sample_event.json
@@ -1,15 +1,15 @@
 {
-    "@timestamp": "2022-10-21T17:25:30.600Z",
+    "@timestamp": "2022-10-21T17:25:36.969Z",
     "agent": {
-        "ephemeral_id": "1928ec83-7c3a-4ad0-9066-63dae084a2e1",
-        "id": "bd32c689-9c8b-44ea-ae34-b04c1bf3fd7d",
-        "name": "elastic-agent-75168",
+        "ephemeral_id": "11edfb81-b112-45ba-8f01-6e7483e450fa",
+        "id": "1c0788e9-492a-441e-acab-fc8c56281cf1",
+        "name": "elastic-agent-22259",
         "type": "filebeat",
-        "version": "8.15.3"
+        "version": "8.19.4"
     },
     "data_stream": {
         "dataset": "microsoft_exchange_online_message_trace.log",
-        "namespace": "89156",
+        "namespace": "71098",
         "type": "logs"
     },
     "destination": {
@@ -27,25 +27,25 @@
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "bd32c689-9c8b-44ea-ae34-b04c1bf3fd7d",
+        "id": "1c0788e9-492a-441e-acab-fc8c56281cf1",
         "snapshot": false,
-        "version": "8.15.3"
+        "version": "8.19.4"
     },
     "email": {
         "attachments": {
             "file": {
-                "size": 22704
+                "size": 22761
             }
         },
-        "delivery_timestamp": "2022-10-21T17:25:30.6006882Z",
+        "delivery_timestamp": "2022-10-21T17:25:36.969376Z",
         "from": {
             "address": [
                 "noreply@azure.microsoft.com"
             ]
         },
-        "local_id": "a6f62809-5cda-4454-0962-08dab38940d6",
-        "message_id": "<GVAP278MB037518E76F4082DFE9B607B3DA2D9@GVAP278MB0375.CHEP278.PROD.OUTLOOK.COM>",
-        "subject": "testmail 1",
+        "local_id": "a5e6dc0f-23df-4b20-d240-08dab38944a1",
+        "message_id": "<GVAP278MB037586A65EF1FB2F844B0258DA2D9@GVAP278MB0375.CHEP278.PROD.OUTLOOK.COM>",
+        "subject": "testmail 2",
         "to": {
             "address": [
                 "linus@contoso.com"
@@ -57,33 +57,38 @@
         "category": [
             "email"
         ],
-        "created": "2024-11-04T20:39:54.654Z",
         "dataset": "microsoft_exchange_online_message_trace.log",
-        "ingested": "2024-11-04T20:39:57Z",
-        "original": "{\"EndDate\":\"2022-10-22T09:40:10Z\",\"FromIP\":\"40.107.23.81\",\"Index\":1,\"MessageId\":\"\\u003cGVAP278MB037518E76F4082DFE9B607B3DA2D9@GVAP278MB0375.CHEP278.PROD.OUTLOOK.COM\\u003e\",\"MessageTraceId\":\"a6f62809-5cda-4454-0962-08dab38940d6\",\"Organization\":\"contoso.com\",\"Received\":\"2022-10-21T17:25:30.6006882Z\",\"RecipientAddress\":\"linus@contoso.com\",\"SenderAddress\":\"noreply@azure.microsoft.com\",\"Size\":22704,\"StartDate\":\"2022-10-21T09:40:10Z\",\"Status\":\"Delivered\",\"Subject\":\"testmail 1\",\"ToIP\":null}",
+        "ingested": "2025-10-06T13:13:06Z",
+        "original": "{\"Organization\":\"contoso.com\",\"MessageId\":\"\\u003cGVAP278MB037586A65EF1FB2F844B0258DA2D9@GVAP278MB0375.CHEP278.PROD.OUTLOOK.COM\\u003e\",\"Received\":\"2022-10-21T17:25:36.969376Z\",\"SenderAddress\":\"noreply@azure.microsoft.com\",\"RecipientAddress\":\"linus@contoso.com\",\"Subject\":\"testmail 2\",\"Status\":\"Delivered\",\"ToIP\":null,\"FromIP\":\"40.107.23.54\",\"Size\":22761,\"MessageTraceId\":\"a5e6dc0f-23df-4b20-d240-08dab38944a1\",\"StartDate\":\"2022-10-21T09:40:10Z\",\"EndDate\":\"2022-10-22T09:40:10Z\",\"Index\":0}",
         "outcome": "success",
         "type": [
             "info"
         ]
     },
     "input": {
-        "type": "httpjson"
+        "type": "log"
+    },
+    "log": {
+        "file": {
+            "path": "/tmp/service_logs/microsoft_exchange_online_message_trace_test.ndjson.log"
+        },
+        "offset": 0
     },
     "microsoft": {
         "online_message_trace": {
             "EndDate": "2022-10-22T09:40:10Z",
-            "FromIP": "40.107.23.81",
-            "Index": 1,
-            "MessageId": "<GVAP278MB037518E76F4082DFE9B607B3DA2D9@GVAP278MB0375.CHEP278.PROD.OUTLOOK.COM>",
-            "MessageTraceId": "a6f62809-5cda-4454-0962-08dab38940d6",
+            "FromIP": "40.107.23.54",
+            "Index": 0,
+            "MessageId": "<GVAP278MB037586A65EF1FB2F844B0258DA2D9@GVAP278MB0375.CHEP278.PROD.OUTLOOK.COM>",
+            "MessageTraceId": "a5e6dc0f-23df-4b20-d240-08dab38944a1",
             "Organization": "contoso.com",
-            "Received": "2022-10-21T17:25:30.6006882Z",
+            "Received": "2022-10-21T17:25:36.969376Z",
             "RecipientAddress": "linus@contoso.com",
             "SenderAddress": "noreply@azure.microsoft.com",
-            "Size": 22704,
+            "Size": 22761,
             "StartDate": "2022-10-21T09:40:10Z",
             "Status": "Delivered",
-            "Subject": "testmail 1"
+            "Subject": "testmail 2"
         }
     },
     "related": {
@@ -96,7 +101,7 @@
     },
     "source": {
         "domain": "azure.microsoft.com",
-        "ip": "40.107.23.81",
+        "ip": "40.107.23.54",
         "registered_domain": "microsoft.com",
         "subdomain": "azure",
         "top_level_domain": "com",
@@ -109,6 +114,7 @@
     },
     "tags": [
         "preserve_original_event",
+        "microsoft-defender-endpoint",
         "forwarded"
     ]
 }
diff --git a/packages/microsoft_exchange_online_message_trace/docs/README.md b/packages/microsoft_exchange_online_message_trace/docs/README.md
index 6c5d5326be4..4a9dbd76045 100644
--- a/packages/microsoft_exchange_online_message_trace/docs/README.md
+++ b/packages/microsoft_exchange_online_message_trace/docs/README.md
@@ -142,17 +142,17 @@ An example event for `log` looks as following:
 
 ```json
 {
-    "@timestamp": "2022-10-21T17:25:30.600Z",
+    "@timestamp": "2022-10-21T17:25:36.969Z",
     "agent": {
-        "ephemeral_id": "1928ec83-7c3a-4ad0-9066-63dae084a2e1",
-        "id": "bd32c689-9c8b-44ea-ae34-b04c1bf3fd7d",
-        "name": "elastic-agent-75168",
+        "ephemeral_id": "11edfb81-b112-45ba-8f01-6e7483e450fa",
+        "id": "1c0788e9-492a-441e-acab-fc8c56281cf1",
+        "name": "elastic-agent-22259",
         "type": "filebeat",
-        "version": "8.15.3"
+        "version": "8.19.4"
     },
     "data_stream": {
         "dataset": "microsoft_exchange_online_message_trace.log",
-        "namespace": "89156",
+        "namespace": "71098",
         "type": "logs"
     },
     "destination": {
@@ -170,25 +170,25 @@ An example event for `log` looks as following:
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "bd32c689-9c8b-44ea-ae34-b04c1bf3fd7d",
+        "id": "1c0788e9-492a-441e-acab-fc8c56281cf1",
         "snapshot": false,
-        "version": "8.15.3"
+        "version": "8.19.4"
     },
     "email": {
         "attachments": {
             "file": {
-                "size": 22704
+                "size": 22761
             }
         },
-        "delivery_timestamp": "2022-10-21T17:25:30.6006882Z",
+        "delivery_timestamp": "2022-10-21T17:25:36.969376Z",
         "from": {
             "address": [
                 "noreply@azure.microsoft.com"
             ]
         },
-        "local_id": "a6f62809-5cda-4454-0962-08dab38940d6",
-        "message_id": "<GVAP278MB037518E76F4082DFE9B607B3DA2D9@GVAP278MB0375.CHEP278.PROD.OUTLOOK.COM>",
-        "subject": "testmail 1",
+        "local_id": "a5e6dc0f-23df-4b20-d240-08dab38944a1",
+        "message_id": "<GVAP278MB037586A65EF1FB2F844B0258DA2D9@GVAP278MB0375.CHEP278.PROD.OUTLOOK.COM>",
+        "subject": "testmail 2",
         "to": {
             "address": [
                 "linus@contoso.com"
@@ -200,33 +200,38 @@ An example event for `log` looks as following:
         "category": [
             "email"
         ],
-        "created": "2024-11-04T20:39:54.654Z",
         "dataset": "microsoft_exchange_online_message_trace.log",
-        "ingested": "2024-11-04T20:39:57Z",
-        "original": "{\"EndDate\":\"2022-10-22T09:40:10Z\",\"FromIP\":\"40.107.23.81\",\"Index\":1,\"MessageId\":\"\\u003cGVAP278MB037518E76F4082DFE9B607B3DA2D9@GVAP278MB0375.CHEP278.PROD.OUTLOOK.COM\\u003e\",\"MessageTraceId\":\"a6f62809-5cda-4454-0962-08dab38940d6\",\"Organization\":\"contoso.com\",\"Received\":\"2022-10-21T17:25:30.6006882Z\",\"RecipientAddress\":\"linus@contoso.com\",\"SenderAddress\":\"noreply@azure.microsoft.com\",\"Size\":22704,\"StartDate\":\"2022-10-21T09:40:10Z\",\"Status\":\"Delivered\",\"Subject\":\"testmail 1\",\"ToIP\":null}",
+        "ingested": "2025-10-06T13:13:06Z",
+        "original": "{\"Organization\":\"contoso.com\",\"MessageId\":\"\\u003cGVAP278MB037586A65EF1FB2F844B0258DA2D9@GVAP278MB0375.CHEP278.PROD.OUTLOOK.COM\\u003e\",\"Received\":\"2022-10-21T17:25:36.969376Z\",\"SenderAddress\":\"noreply@azure.microsoft.com\",\"RecipientAddress\":\"linus@contoso.com\",\"Subject\":\"testmail 2\",\"Status\":\"Delivered\",\"ToIP\":null,\"FromIP\":\"40.107.23.54\",\"Size\":22761,\"MessageTraceId\":\"a5e6dc0f-23df-4b20-d240-08dab38944a1\",\"StartDate\":\"2022-10-21T09:40:10Z\",\"EndDate\":\"2022-10-22T09:40:10Z\",\"Index\":0}",
         "outcome": "success",
         "type": [
             "info"
         ]
     },
     "input": {
-        "type": "httpjson"
+        "type": "log"
+    },
+    "log": {
+        "file": {
+            "path": "/tmp/service_logs/microsoft_exchange_online_message_trace_test.ndjson.log"
+        },
+        "offset": 0
     },
     "microsoft": {
         "online_message_trace": {
             "EndDate": "2022-10-22T09:40:10Z",
-            "FromIP": "40.107.23.81",
-            "Index": 1,
-            "MessageId": "<GVAP278MB037518E76F4082DFE9B607B3DA2D9@GVAP278MB0375.CHEP278.PROD.OUTLOOK.COM>",
-            "MessageTraceId": "a6f62809-5cda-4454-0962-08dab38940d6",
+            "FromIP": "40.107.23.54",
+            "Index": 0,
+            "MessageId": "<GVAP278MB037586A65EF1FB2F844B0258DA2D9@GVAP278MB0375.CHEP278.PROD.OUTLOOK.COM>",
+            "MessageTraceId": "a5e6dc0f-23df-4b20-d240-08dab38944a1",
             "Organization": "contoso.com",
-            "Received": "2022-10-21T17:25:30.6006882Z",
+            "Received": "2022-10-21T17:25:36.969376Z",
             "RecipientAddress": "linus@contoso.com",
             "SenderAddress": "noreply@azure.microsoft.com",
-            "Size": 22704,
+            "Size": 22761,
             "StartDate": "2022-10-21T09:40:10Z",
             "Status": "Delivered",
-            "Subject": "testmail 1"
+            "Subject": "testmail 2"
         }
     },
     "related": {
@@ -239,7 +244,7 @@ An example event for `log` looks as following:
     },
     "source": {
         "domain": "azure.microsoft.com",
-        "ip": "40.107.23.81",
+        "ip": "40.107.23.54",
         "registered_domain": "microsoft.com",
         "subdomain": "azure",
         "top_level_domain": "com",
@@ -252,6 +257,7 @@ An example event for `log` looks as following:
     },
     "tags": [
         "preserve_original_event",
+        "microsoft-defender-endpoint",
         "forwarded"
     ]
 }
diff --git a/packages/microsoft_exchange_online_message_trace/manifest.yml b/packages/microsoft_exchange_online_message_trace/manifest.yml
index ee0960ffc52..10c7fef4eeb 100644
--- a/packages/microsoft_exchange_online_message_trace/manifest.yml
+++ b/packages/microsoft_exchange_online_message_trace/manifest.yml
@@ -1,7 +1,7 @@
 format_version: "3.0.2"
 name: microsoft_exchange_online_message_trace
 title: "Microsoft Exchange Online Message Trace"
-version: "1.28.0"
+version: "1.29.0"
 description: "Microsoft Exchange Online Message Trace Integration"
 type: integration
 categories:
@@ -9,7 +9,7 @@ categories:
   - email_security
 conditions:
   kibana:
-    version: "^8.13.0 || ^9.0.0"
+    version: "^8.19.4 || ~9.0.7 || ^9.1.4"
   elastic:
     subscription: "basic"
 icons:
diff --git a/packages/sophos_central/changelog.yml b/packages/sophos_central/changelog.yml
index 6ccce7dd13d..823987d5efc 100644
--- a/packages/sophos_central/changelog.yml
+++ b/packages/sophos_central/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.20.0"
+  changes:
+    - description: Prevent updating fleet health status to degraded.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/15584
 - version: "1.19.0"
   changes:
     - description: Update Kibana constraint to support 9.0.0.
diff --git a/packages/sophos_central/data_stream/alert/agent/stream/httpjson.yml.hbs b/packages/sophos_central/data_stream/alert/agent/stream/httpjson.yml.hbs
index 5379b8aaaca..cc9c08e95a6 100644
--- a/packages/sophos_central/data_stream/alert/agent/stream/httpjson.yml.hbs
+++ b/packages/sophos_central/data_stream/alert/agent/stream/httpjson.yml.hbs
@@ -37,14 +37,16 @@ response.pagination:
       fail_on_template_error: true
   - set:
       target: url.params.cursor
-      value: '[[if (.last_response.body.has_more)]][[.last_response.body.next_cursor]][[end]]'
+      value: '[[if index .last_response.body "has_more"]][[if (.last_response.body.has_more)]][[.last_response.body.next_cursor]][[end]][[end]]'
       fail_on_template_error: true
+      do_not_log_failure: true
 response.split:
   target: body.items
   ignore_empty_value: true
 cursor:
   from_date:
-    value: '[[if not (.last_response.body.has_more)]][[(now).Unix]][[end]]'
+    value: '[[if index .last_response.body "has_more"]][[if not (.last_response.body.has_more)]][[(now).Unix]][[end]][[end]]'
+    ignore_empty_value: true
 tags:
 {{#if preserve_original_event}}
   - preserve_original_event
diff --git a/packages/sophos_central/data_stream/alert/sample_event.json b/packages/sophos_central/data_stream/alert/sample_event.json
index e6b5b5a4d8c..d46ed156377 100644
--- a/packages/sophos_central/data_stream/alert/sample_event.json
+++ b/packages/sophos_central/data_stream/alert/sample_event.json
@@ -1,15 +1,15 @@
 {
     "@timestamp": "2022-11-24T07:07:48.000Z",
     "agent": {
-        "ephemeral_id": "f0294025-e37d-4210-bda4-eaf14642e17e",
-        "id": "cf659b85-d5b7-4b0d-8b9a-4ea2e187d862",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "a24a17a9-31ae-4042-9411-6644f768cebc",
+        "id": "7b486763-8241-40bb-9bba-d10a90020296",
+        "name": "elastic-agent-11434",
         "type": "filebeat",
-        "version": "8.7.1"
+        "version": "8.19.4"
     },
     "data_stream": {
         "dataset": "sophos_central.alert",
-        "namespace": "ep",
+        "namespace": "16887",
         "type": "logs"
     },
     "destination": {
@@ -20,9 +20,9 @@
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "cf659b85-d5b7-4b0d-8b9a-4ea2e187d862",
+        "id": "7b486763-8241-40bb-9bba-d10a90020296",
         "snapshot": false,
-        "version": "8.7.1"
+        "version": "8.19.4"
     },
     "event": {
         "agent_id_status": "verified",
@@ -33,7 +33,7 @@
         "created": "2022-11-24T07:07:52.094Z",
         "dataset": "sophos_central.alert",
         "id": "8bbd989a-6cab-407f-a586-c5064b94f76a",
-        "ingested": "2023-05-24T14:37:54Z",
+        "ingested": "2025-10-06T13:20:36Z",
         "kind": [
             "alert"
         ],
@@ -201,4 +201,4 @@
         "domain": "Domain",
         "name": "User"
     }
-}
\ No newline at end of file
+}
diff --git a/packages/sophos_central/data_stream/event/agent/stream/httpjson.yml.hbs b/packages/sophos_central/data_stream/event/agent/stream/httpjson.yml.hbs
index 08654aef8f1..5ac341857da 100644
--- a/packages/sophos_central/data_stream/event/agent/stream/httpjson.yml.hbs
+++ b/packages/sophos_central/data_stream/event/agent/stream/httpjson.yml.hbs
@@ -37,14 +37,16 @@ response.pagination:
       fail_on_template_error: true
   - set:
       target: url.params.cursor
-      value: '[[if (.last_response.body.has_more)]][[.last_response.body.next_cursor]][[end]]'
+      value: '[[if index .last_response.body "has_more"]][[if (.last_response.body.has_more)]][[.last_response.body.next_cursor]][[end]][[end]]'
       fail_on_template_error: true
+      do_not_log_failure: true
 response.split:
   target: body.items
   ignore_empty_value: true
 cursor:
   from_date:
-    value: '[[if not (.last_response.body.has_more)]][[(now).Unix]][[end]]'
+    value: '[[if index .last_response.body "has_more"]][[if not (.last_response.body.has_more)]][[(now).Unix]][[end]][[end]]'
+    ignore_empty_value: true
 tags:
 {{#if preserve_original_event}}
   - preserve_original_event
diff --git a/packages/sophos_central/data_stream/event/sample_event.json b/packages/sophos_central/data_stream/event/sample_event.json
index 8836d9f74b0..b30b5e80863 100644
--- a/packages/sophos_central/data_stream/event/sample_event.json
+++ b/packages/sophos_central/data_stream/event/sample_event.json
@@ -1,15 +1,15 @@
 {
     "@timestamp": "2022-12-06T12:27:28.094Z",
     "agent": {
-        "ephemeral_id": "5347e925-6d9e-4a32-bda5-1785fd44709f",
-        "id": "cf659b85-d5b7-4b0d-8b9a-4ea2e187d862",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "627751c7-a370-49b2-9b0b-a9d951b82a77",
+        "id": "60d39df7-b116-44e1-af54-276cb7941633",
+        "name": "elastic-agent-54968",
         "type": "filebeat",
-        "version": "8.7.1"
+        "version": "8.19.4"
     },
     "data_stream": {
         "dataset": "sophos_central.event",
-        "namespace": "ep",
+        "namespace": "23181",
         "type": "logs"
     },
     "destination": {
@@ -20,9 +20,9 @@
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "cf659b85-d5b7-4b0d-8b9a-4ea2e187d862",
+        "id": "60d39df7-b116-44e1-af54-276cb7941633",
         "snapshot": false,
-        "version": "8.7.1"
+        "version": "8.19.4"
     },
     "event": {
         "action": "Malicious inbound network traffic blocked from remote computer at 192.168.0.2 (Technical Support reference: 2019052901.77863414.5)",
@@ -33,7 +33,7 @@
         "created": "2022-12-06T12:27:31.310Z",
         "dataset": "sophos_central.event",
         "id": "3dab71db-32c9-426a-8616-1e0fd5c9aab9",
-        "ingested": "2023-05-24T14:38:29Z",
+        "ingested": "2025-10-06T13:21:28Z",
         "kind": [
             "event"
         ],
@@ -129,4 +129,4 @@
         "id": "638f34e1e5d0a20f3d40cf93",
         "name": "Lightning"
     }
-}
\ No newline at end of file
+}
diff --git a/packages/sophos_central/docs/README.md b/packages/sophos_central/docs/README.md
index 8a40a19de5f..db3efb0c5ba 100644
--- a/packages/sophos_central/docs/README.md
+++ b/packages/sophos_central/docs/README.md
@@ -51,15 +51,15 @@ An example event for `alert` looks as following:
 {
     "@timestamp": "2022-11-24T07:07:48.000Z",
     "agent": {
-        "ephemeral_id": "f0294025-e37d-4210-bda4-eaf14642e17e",
-        "id": "cf659b85-d5b7-4b0d-8b9a-4ea2e187d862",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "a24a17a9-31ae-4042-9411-6644f768cebc",
+        "id": "7b486763-8241-40bb-9bba-d10a90020296",
+        "name": "elastic-agent-11434",
         "type": "filebeat",
-        "version": "8.7.1"
+        "version": "8.19.4"
     },
     "data_stream": {
         "dataset": "sophos_central.alert",
-        "namespace": "ep",
+        "namespace": "16887",
         "type": "logs"
     },
     "destination": {
@@ -70,9 +70,9 @@ An example event for `alert` looks as following:
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "cf659b85-d5b7-4b0d-8b9a-4ea2e187d862",
+        "id": "7b486763-8241-40bb-9bba-d10a90020296",
         "snapshot": false,
-        "version": "8.7.1"
+        "version": "8.19.4"
     },
     "event": {
         "agent_id_status": "verified",
@@ -83,7 +83,7 @@ An example event for `alert` looks as following:
         "created": "2022-11-24T07:07:52.094Z",
         "dataset": "sophos_central.alert",
         "id": "8bbd989a-6cab-407f-a586-c5064b94f76a",
-        "ingested": "2023-05-24T14:37:54Z",
+        "ingested": "2025-10-06T13:20:36Z",
         "kind": [
             "alert"
         ],
@@ -366,15 +366,15 @@ An example event for `event` looks as following:
 {
     "@timestamp": "2022-12-06T12:27:28.094Z",
     "agent": {
-        "ephemeral_id": "5347e925-6d9e-4a32-bda5-1785fd44709f",
-        "id": "cf659b85-d5b7-4b0d-8b9a-4ea2e187d862",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "627751c7-a370-49b2-9b0b-a9d951b82a77",
+        "id": "60d39df7-b116-44e1-af54-276cb7941633",
+        "name": "elastic-agent-54968",
         "type": "filebeat",
-        "version": "8.7.1"
+        "version": "8.19.4"
     },
     "data_stream": {
         "dataset": "sophos_central.event",
-        "namespace": "ep",
+        "namespace": "23181",
         "type": "logs"
     },
     "destination": {
@@ -385,9 +385,9 @@ An example event for `event` looks as following:
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "cf659b85-d5b7-4b0d-8b9a-4ea2e187d862",
+        "id": "60d39df7-b116-44e1-af54-276cb7941633",
         "snapshot": false,
-        "version": "8.7.1"
+        "version": "8.19.4"
     },
     "event": {
         "action": "Malicious inbound network traffic blocked from remote computer at 192.168.0.2 (Technical Support reference: 2019052901.77863414.5)",
@@ -398,7 +398,7 @@ An example event for `event` looks as following:
         "created": "2022-12-06T12:27:31.310Z",
         "dataset": "sophos_central.event",
         "id": "3dab71db-32c9-426a-8616-1e0fd5c9aab9",
-        "ingested": "2023-05-24T14:38:29Z",
+        "ingested": "2025-10-06T13:21:28Z",
         "kind": [
             "event"
         ],
diff --git a/packages/sophos_central/manifest.yml b/packages/sophos_central/manifest.yml
index a0bbbd2a313..a05f46aee6d 100644
--- a/packages/sophos_central/manifest.yml
+++ b/packages/sophos_central/manifest.yml
@@ -1,14 +1,14 @@
 format_version: "3.0.2"
 name: sophos_central
 title: Sophos Central
-version: "1.19.0"
+version: "1.20.0"
 description: This Elastic integration collects logs from Sophos Central with Elastic Agent.
 type: integration
 categories:
   - security
 conditions:
   kibana:
-    version: "^8.13.0 || ^9.0.0"
+    version: "^8.19.4 || ~9.0.7 || ^9.1.4"
   elastic:
     subscription: "basic"
 screenshots:
diff --git a/packages/tenable_sc/_dev/deploy/docker/files/config.yml b/packages/tenable_sc/_dev/deploy/docker/files/config.yml
index a4ac8c68b70..288659dc82d 100644
--- a/packages/tenable_sc/_dev/deploy/docker/files/config.yml
+++ b/packages/tenable_sc/_dev/deploy/docker/files/config.yml
@@ -1,4 +1,21 @@
 rules:
+  - path: /rest/plugin
+    methods: [GET]
+    request_headers:
+      x-apikey: accesskey=some_access_key; secretkey=some_secret_key
+    query_params:
+      fields: id,name,description,family,type,copyright,version,sourceFile,dependencies,requiredPorts,requiredUDPPorts,cpe,srcPort,dstPort,protocol,riskFactor,solution,seeAlso,synopsis,checkType,exploitEase,exploitAvailable,exploitFrameworks,cvssVector,cvssVectorBF,baseScore,temporalScore,cvssV3Vector,cvssV3VectorBF,cvssV3BaseScore,cvssV3TemporalScore,vprScore,vprContext,stigSeverity,pluginPubDate,pluginModDate,patchPubDate,patchModDate,vulnPubDate,modifiedTime,md5,xrefs
+      filterField: pluginModDate
+      op: gt
+      startOffset: 1
+      endOffset: 2
+      sortField: modifiedTime
+      sortDirection: ASC
+      value: "{value:.*}"
+    responses:
+      - status_code: 200
+        body: |
+          {"type":"regular","response":[],"error_code":0,"error_msg":"","warnings":[],"timestamp":1411669585}
   - path: /rest/plugin
     methods: [GET]
     request_headers:
@@ -8,9 +25,10 @@ rules:
       filterField: pluginModDate
       op: gt
       startOffset: 0
-      endOffset: 1200
+      endOffset: 1
       sortField: modifiedTime
       sortDirection: ASC
+      value: "{value:.*}"
     responses:
       - status_code: 200
         body: |
diff --git a/packages/tenable_sc/changelog.yml b/packages/tenable_sc/changelog.yml
index 42428cce632..0ac0dee962a 100644
--- a/packages/tenable_sc/changelog.yml
+++ b/packages/tenable_sc/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.32.0"
+  changes:
+    - description: Prevent updating fleet health status to degraded.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/15584
 - version: "1.31.0"
   changes:
     - description: Enable Agentless deployment.
diff --git a/packages/tenable_sc/data_stream/asset/agent/stream/httpjson.yml.hbs b/packages/tenable_sc/data_stream/asset/agent/stream/httpjson.yml.hbs
index 57c192aa3ca..a663ad4a018 100644
--- a/packages/tenable_sc/data_stream/asset/agent/stream/httpjson.yml.hbs
+++ b/packages/tenable_sc/data_stream/asset/agent/stream/httpjson.yml.hbs
@@ -63,15 +63,18 @@ response.split:
 response.pagination:
   - set:
       target: body.startOffset
-      value: '[[if (ne (toInt .last_response.body.response.returnedRecords) 0)]][[toInt .last_response.body.response.endOffset]][[end]]'
+      value: '[[if (ne (toInt .last_response.body.response.returnedRecords) 0)]][[if index .last_response.body.response "endOffset"]][[toInt .last_response.body.response.endOffset]][[end]][[end]]'
       fail_on_template_error: true
+      do_not_log_failure: true
   - set:
       target: body.endOffset
-      value: '[[add (toInt .last_response.body.response.endOffset) {{batch_size}}]]'
+      value: '[[if index .last_response.body.response "endOffset"]][[add (toInt .last_response.body.response.endOffset) {{batch_size}}]][[end]]'
       fail_on_template_error: true
+      do_not_log_failure: true
 cursor:
   last_event_ts:
-    value: '[[if (ge (toInt .last_response.body.response.endOffset) (toInt .last_response.body.response.totalRecords))]][[toInt .last_response.body.timestamp]][[end]]'
+    value: '[[if index .last_response.body.response "endOffset"]][[if (ge (toInt .last_response.body.response.endOffset) (toInt .last_response.body.response.totalRecords))]][[toInt .last_response.body.timestamp]][[end]][[end]]'
+    ignore_empty_value: true
 tags:
 {{#if preserve_original_event}}
   - preserve_original_event
diff --git a/packages/tenable_sc/data_stream/asset/sample_event.json b/packages/tenable_sc/data_stream/asset/sample_event.json
index 4d684927059..429b27776a1 100644
--- a/packages/tenable_sc/data_stream/asset/sample_event.json
+++ b/packages/tenable_sc/data_stream/asset/sample_event.json
@@ -1,33 +1,33 @@
 {
-    "@timestamp": "2023-09-22T18:00:18.358Z",
+    "@timestamp": "2025-10-06T13:37:55.913Z",
     "agent": {
-        "ephemeral_id": "87389b96-4d7e-4a86-a055-4d34d251c4c0",
-        "id": "f25d13cd-18cc-4e73-822c-c4f849322623",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "77699819-d18a-4aaa-94ec-f623ee5a4a35",
+        "id": "37eb1402-bcaa-45c2-8cc6-4c13a4444037",
+        "name": "elastic-agent-77998",
         "type": "filebeat",
-        "version": "8.10.1"
+        "version": "8.19.4"
     },
     "data_stream": {
         "dataset": "tenable_sc.asset",
-        "namespace": "ep",
+        "namespace": "26660",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "f25d13cd-18cc-4e73-822c-c4f849322623",
+        "id": "37eb1402-bcaa-45c2-8cc6-4c13a4444037",
         "snapshot": false,
-        "version": "8.10.1"
+        "version": "8.19.4"
     },
     "event": {
         "agent_id_status": "verified",
         "category": [
             "host"
         ],
-        "created": "2023-09-22T18:00:18.358Z",
+        "created": "2025-10-06T13:37:55.913Z",
         "dataset": "tenable_sc.asset",
-        "ingested": "2023-09-22T18:00:21Z",
+        "ingested": "2025-10-06T13:37:58Z",
         "kind": "state",
         "original": "{\"biosGUID\":\"9e8c4d43-982b-4405-a76c-d56c1d6cf117\",\"dnsName\":\"rnkmigauv2l8zeyf.example\",\"hostUniqueness\":\"repositoryID,ip,dnsName\",\"ip\":\"0.0.228.153\",\"lastAuthRun\":\"\",\"lastUnauthRun\":\"\",\"macAddress\":\"00:00:00:47:05:0d\",\"mcafeeGUID\":\"\",\"netbiosName\":\"UNKNOWN\\\\RNKMIGAUV2L8ZEYF.EXAMPLE\",\"osCPE\":\"cpe:/o:microsoft:windows_10:::x64-home\",\"pluginSet\":\"201901281542\",\"policyName\":\"Basic Agent Scan\",\"repository\":{\"dataFormat\":\"IPv4\",\"description\":\"\",\"id\":\"2\",\"name\":\"Staged-Large\",\"sciID\":\"1\"},\"score\":\"307\",\"severityCritical\":\"6\",\"severityHigh\":\"4\",\"severityInfo\":\"131\",\"severityLow\":\"0\",\"severityMedium\":\"9\",\"total\":\"150\",\"tpmID\":\"\",\"uniqueness\":\"repositoryID,ip,dnsName\",\"uuid\":\"4add65d0-27fc-491c-91ba-3f498a61f49e\"}",
         "type": [
@@ -104,4 +104,4 @@
             "uuid": "4add65d0-27fc-491c-91ba-3f498a61f49e"
         }
     }
-}
\ No newline at end of file
+}
diff --git a/packages/tenable_sc/data_stream/plugin/_dev/test/system/test-default-config.yml b/packages/tenable_sc/data_stream/plugin/_dev/test/system/test-default-config.yml
index fb8f966f7d7..746c1cb4440 100644
--- a/packages/tenable_sc/data_stream/plugin/_dev/test/system/test-default-config.yml
+++ b/packages/tenable_sc/data_stream/plugin/_dev/test/system/test-default-config.yml
@@ -4,8 +4,10 @@ vars:
   url: http://{{Hostname}}:{{Port}}
   access_key: some_access_key
   secret_key: some_secret_key
-  batch_size: 1200
+  batch_size: 1
   enable_request_tracer: true
 data_stream:
   vars:
     preserve_original_event: true
+assert:
+  hit_count: 1
diff --git a/packages/tenable_sc/data_stream/plugin/agent/stream/httpjson.yml.hbs b/packages/tenable_sc/data_stream/plugin/agent/stream/httpjson.yml.hbs
index 940e240bfcd..fc8e8ae16e1 100644
--- a/packages/tenable_sc/data_stream/plugin/agent/stream/httpjson.yml.hbs
+++ b/packages/tenable_sc/data_stream/plugin/agent/stream/httpjson.yml.hbs
@@ -54,6 +54,7 @@ response.pagination:
       target: url.params.startOffset
       value: '[[if (ne (len .last_response.body.response) 0)]][[toInt (.last_response.url.params.Get "endOffset")]][[end]]'
       fail_on_template_error: true
+      do_not_log_failure: true
   - set:
       target: url.params.endOffset
       value: '[[add (toInt (.last_response.url.params.Get "endOffset")) {{batch_size}}]]'
@@ -64,6 +65,7 @@ response.split:
 cursor:
   last_event_ts:
     value: '[[if (lt (len .last_response.body.response) {{batch_size}})]][[.last_event.pluginModDate]][[end]]'
+    ignore_empty_value: true
 tags:
 {{#if preserve_original_event}}
   - preserve_original_event
diff --git a/packages/tenable_sc/data_stream/plugin/sample_event.json b/packages/tenable_sc/data_stream/plugin/sample_event.json
index 2bf9ff631fb..44d10bbefac 100644
--- a/packages/tenable_sc/data_stream/plugin/sample_event.json
+++ b/packages/tenable_sc/data_stream/plugin/sample_event.json
@@ -1,30 +1,30 @@
 {
     "@timestamp": "2021-09-27T01:33:53.000Z",
     "agent": {
-        "ephemeral_id": "7f93fe8a-bef7-46ec-8a36-47d48e2f8e7c",
-        "id": "f25d13cd-18cc-4e73-822c-c4f849322623",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "ad9b8348-5b15-45a3-967e-c24f69eed284",
+        "id": "65054cc3-10c1-4c92-a72b-ca4b1cd3f337",
+        "name": "elastic-agent-15688",
         "type": "filebeat",
-        "version": "8.10.1"
+        "version": "8.19.4"
     },
     "data_stream": {
         "dataset": "tenable_sc.plugin",
-        "namespace": "ep",
+        "namespace": "57997",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "f25d13cd-18cc-4e73-822c-c4f849322623",
+        "id": "65054cc3-10c1-4c92-a72b-ca4b1cd3f337",
         "snapshot": false,
-        "version": "8.10.1"
+        "version": "8.19.4"
     },
     "event": {
         "agent_id_status": "verified",
-        "created": "2023-09-22T18:01:18.245Z",
+        "created": "2025-10-07T10:42:09.255Z",
         "dataset": "tenable_sc.plugin",
-        "ingested": "2023-09-22T18:01:21Z",
+        "ingested": "2025-10-07T10:42:12Z",
         "kind": "event",
         "original": "{\"baseScore\":\"7.8\",\"checkType\":\"remote\",\"copyright\":\"This script is Copyright (C) 2003-2020 John Lampe\",\"cpe\":\"\",\"cvssV3BaseScore\":null,\"cvssV3TemporalScore\":null,\"cvssV3Vector\":\"\",\"cvssV3VectorBF\":\"0\",\"cvssVector\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C\",\"cvssVectorBF\":\"2164920932\",\"dependencies\":\"find_service1.nasl,http_version.nasl,www_fingerprinting_hmap.nasl\",\"description\":\"Microsoft IIS, running Frontpage extensions, is vulnerable to a remote denial of service attack usually called the 'malformed web submission' vulnerability.  An attacker, exploiting this vulnerability, will be able to render the service unusable.\\n\\nIf this machine serves a business-critical function, there could be an impact to the business.\",\"dstPort\":null,\"exploitAvailable\":\"false\",\"exploitEase\":\"No known exploits are available\",\"exploitFrameworks\":\"\",\"family\":{\"id\":\"11\",\"name\":\"Web Servers\",\"type\":\"active\"},\"id\":\"10585\",\"md5\":\"38b2147401eb5c3a15af52182682f345\",\"modifiedTime\":\"1632706433\",\"name\":\"Microsoft IIS Frontpage Server Extensions (FPSE) Malformed Form DoS\",\"patchModDate\":\"-1\",\"patchPubDate\":\"-1\",\"pluginModDate\":\"1591963200\",\"pluginPubDate\":\"1058875200\",\"protocol\":\"\",\"requiredPorts\":\"\",\"requiredUDPPorts\":\"\",\"riskFactor\":\"High\",\"seeAlso\":\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2000/ms00-100\",\"solution\":\"Microsoft has released a set of patches for IIS 4.0 and 5.0.\",\"sourceFile\":\"IIS_frontpage_DOS_2.nasl\",\"srcPort\":null,\"stigSeverity\":null,\"synopsis\":\"The remote web server is vulnerable to a denial of service\",\"temporalScore\":\"5.8\",\"type\":\"active\",\"version\":\"1.28\",\"vprContext\":\"[{\\\"id\\\":\\\"age_of_vuln\\\",\\\"name\\\":\\\"Vulnerability Age\\\",\\\"type\\\":\\\"string\\\",\\\"value\\\":\\\"730 days +\\\"},{\\\"id\\\":\\\"cvssV3_impactScore\\\",\\\"name\\\":\\\"CVSS v3 Impact Score\\\",\\\"type\\\":\\\"number\\\",\\\"value\\\":3.6000000000000001},{\\\"id\\\":\\\"exploit_code_maturity\\\",\\\"name\\\":\\\"Exploit Code Maturity\\\",\\\"type\\\":\\\"string\\\",\\\"value\\\":\\\"Unproven\\\"},{\\\"id\\\":\\\"product_coverage\\\",\\\"name\\\":\\\"Product Coverage\\\",\\\"type\\\":\\\"string\\\",\\\"value\\\":\\\"Low\\\"},{\\\"id\\\":\\\"threat_intensity_last_28\\\",\\\"name\\\":\\\"Threat Intensity\\\",\\\"type\\\":\\\"string\\\",\\\"value\\\":\\\"Very Low\\\"},{\\\"id\\\":\\\"threat_recency\\\",\\\"name\\\":\\\"Threat Recency\\\",\\\"type\\\":\\\"string\\\",\\\"value\\\":\\\"\\u003e 365 days\\\"},{\\\"id\\\":\\\"threat_sources_last_28\\\",\\\"name\\\":\\\"Threat Sources\\\",\\\"type\\\":\\\"string\\\",\\\"value\\\":\\\"No recorded events\\\"}]\",\"vprScore\":\"4.4\",\"vulnPubDate\":\"977486400\",\"xrefs\":\"CVE:CVE-2001-0096, BID:2144, MSFT:MS00-100, MSKB:280322\"}",
         "type": [
@@ -152,4 +152,4 @@
             ]
         }
     }
-}
\ No newline at end of file
+}
diff --git a/packages/tenable_sc/data_stream/vulnerability/agent/stream/httpjson.yml.hbs b/packages/tenable_sc/data_stream/vulnerability/agent/stream/httpjson.yml.hbs
index d65f660df79..aab1d00b003 100644
--- a/packages/tenable_sc/data_stream/vulnerability/agent/stream/httpjson.yml.hbs
+++ b/packages/tenable_sc/data_stream/vulnerability/agent/stream/httpjson.yml.hbs
@@ -80,15 +80,18 @@ response.split:
 response.pagination:
   - set:
       target: body.startOffset
-      value: '[[if (ne (toInt .last_response.body.response.returnedRecords) 0)]][[toInt .last_response.body.response.endOffset]][[end]]'
+      value: '[[if (ne (toInt .last_response.body.response.returnedRecords) 0)]][[if index .last_response.body.response "endOffset"]][[toInt .last_response.body.response.endOffset]][[end]][[end]]'
       fail_on_template_error: true
+      do_not_log_failure: true
   - set:
       target: body.endOffset
-      value: '[[add (toInt .last_response.body.response.endOffset) {{batch_size}}]]'
+      value: '[[if index .last_response.body.response "endOffset"]][[add (toInt .last_response.body.response.endOffset) {{batch_size}}]][[end]]'
       fail_on_template_error: true
+      do_not_log_failure: true
 cursor:
   last_event_ts:
-    value: '[[if (ge (toInt .last_response.body.response.endOffset) (toInt .last_response.body.response.totalRecords))]][[.last_event.lastSeen]][[end]]'
+    value: '[[if index .last_response.body.response "endOffset"]][[if (ge (toInt .last_response.body.response.endOffset) (toInt .last_response.body.response.totalRecords))]][[.last_event.lastSeen]][[end]][[end]]'
+    ignore_empty_value: true
 tags:
 {{#if preserve_original_event}}
   - preserve_original_event
diff --git a/packages/tenable_sc/data_stream/vulnerability/sample_event.json b/packages/tenable_sc/data_stream/vulnerability/sample_event.json
index 64003d8d67d..e2563efce45 100644
--- a/packages/tenable_sc/data_stream/vulnerability/sample_event.json
+++ b/packages/tenable_sc/data_stream/vulnerability/sample_event.json
@@ -1,24 +1,24 @@
 {
     "@timestamp": "2021-09-25T16:08:45.000Z",
     "agent": {
-        "ephemeral_id": "c643a0a5-89d8-4a1e-81f0-63a129501012",
-        "id": "ad0cabc5-f33b-4982-aba6-069a206e7c08",
-        "name": "elastic-agent-82139",
+        "ephemeral_id": "1ee3d09e-0309-4a71-86d5-4433169a250e",
+        "id": "11a703c8-e782-406b-85f6-a39a806a2ab3",
+        "name": "elastic-agent-67332",
         "type": "filebeat",
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "data_stream": {
         "dataset": "tenable_sc.vulnerability",
-        "namespace": "94688",
+        "namespace": "61211",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "ad0cabc5-f33b-4982-aba6-069a206e7c08",
+        "id": "11a703c8-e782-406b-85f6-a39a806a2ab3",
         "snapshot": false,
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "event": {
         "agent_id_status": "verified",
@@ -26,9 +26,9 @@
             "threat",
             "vulnerability"
         ],
-        "created": "2025-07-16T08:29:40.843Z",
+        "created": "2025-10-06T13:41:27.178Z",
         "dataset": "tenable_sc.vulnerability",
-        "ingested": "2025-07-16T08:29:43Z",
+        "ingested": "2025-10-06T13:41:30Z",
         "kind": "event",
         "original": "{\"acceptRisk\":\"0\",\"baseScore\":\"0.0\",\"bid\":\"\",\"checkType\":\"remote\",\"cpe\":\"\",\"cve\":\"CVE-1999-0524\",\"cvssV3BaseScore\":\"0.0\",\"cvssV3TemporalScore\":\"\",\"cvssV3Vector\":\"AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N\",\"cvssVector\":\"AV:L/AC:L/Au:N/C:N/I:N/A:N\",\"description\":\"The remote host answers to an ICMP timestamp request.  This allows an attacker to know the date that is set on the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-based authentication protocols.\\n\\nTimestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect, but usually within 1000 seconds of the actual system time.\",\"dnsName\":\"_gateway.lxd\",\"exploitAvailable\":\"No\",\"exploitEase\":\"\",\"exploitFrameworks\":\"\",\"family\":{\"id\":\"30\",\"name\":\"General\",\"type\":\"active\"},\"firstSeen\":\"1551284872\",\"hasBeenMitigated\":\"0\",\"hostUniqueness\":\"repositoryID,ip,dnsName\",\"ip\":\"10.238.64.1\",\"ips\":\"10.238.64.1\",\"lastSeen\":\"1632586125\",\"macAddress\":\"00:16:3e:a1:12:f7\",\"netbiosName\":\"\",\"operatingSystem\":\"Linux Kernel 2.6\",\"patchPubDate\":\"-1\",\"pluginID\":\"10114\",\"pluginInfo\":\"10114 (0/1) ICMP Timestamp Request Remote Date Disclosure\",\"pluginModDate\":\"1570190400\",\"pluginName\":\"ICMP Timestamp Request Remote Date Disclosure\",\"pluginPubDate\":\"933508800\",\"pluginText\":\"\\u003cplugin_output\\u003eThe remote clock is synchronized with the local clock.\\n\\u003c/plugin_output\\u003e\",\"port\":\"0\",\"protocol\":\"ICMP\",\"recastRisk\":\"0\",\"repository\":{\"dataFormat\":\"IPv4\",\"description\":\"\",\"id\":\"1\",\"name\":\"Live\",\"sciID\":\"1\"},\"riskFactor\":\"None\",\"seeAlso\":\"\",\"severity\":{\"description\":\"Informative\",\"id\":\"0\",\"name\":\"Info\"},\"solution\":\"Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).\",\"stigSeverity\":\"\",\"synopsis\":\"It is possible to determine the exact time set on the remote host.\",\"temporalScore\":\"\",\"uniqueness\":\"repositoryID,ip,dnsName\",\"uuid\":\"\",\"version\":\"1.48\",\"vprContext\":\"[{\\\"id\\\":\\\"age_of_vuln\\\",\\\"name\\\":\\\"Vulnerability Age\\\",\\\"type\\\":\\\"string\\\",\\\"value\\\":\\\"730 days +\\\"},{\\\"id\\\":\\\"cvssV3_impactScore\\\",\\\"name\\\":\\\"CVSS v3 Impact Score\\\",\\\"type\\\":\\\"number\\\",\\\"value\\\":0},{\\\"id\\\":\\\"exploit_code_maturity\\\",\\\"name\\\":\\\"Exploit Code Maturity\\\",\\\"type\\\":\\\"string\\\",\\\"value\\\":\\\"Unproven\\\"},{\\\"id\\\":\\\"product_coverage\\\",\\\"name\\\":\\\"Product Coverage\\\",\\\"type\\\":\\\"string\\\",\\\"value\\\":\\\"Very High\\\"},{\\\"id\\\":\\\"threat_intensity_last_28\\\",\\\"name\\\":\\\"Threat Intensity\\\",\\\"type\\\":\\\"string\\\",\\\"value\\\":\\\"Very Low\\\"},{\\\"id\\\":\\\"threat_recency\\\",\\\"name\\\":\\\"Threat Recency\\\",\\\"type\\\":\\\"string\\\",\\\"value\\\":\\\"No recorded events\\\"},{\\\"id\\\":\\\"threat_sources_last_28\\\",\\\"name\\\":\\\"Threat Sources\\\",\\\"type\\\":\\\"string\\\",\\\"value\\\":\\\"No recorded events\\\"}]\",\"vprScore\":\"0.8\",\"vulnPubDate\":\"788961600\",\"xref\":\"CWE #200\"}",
         "type": [
diff --git a/packages/tenable_sc/docs/README.md b/packages/tenable_sc/docs/README.md
index 6c25703eadb..0df754b65e2 100644
--- a/packages/tenable_sc/docs/README.md
+++ b/packages/tenable_sc/docs/README.md
@@ -34,35 +34,35 @@ An example event for `asset` looks as following:
 
 ```json
 {
-    "@timestamp": "2023-09-22T18:00:18.358Z",
+    "@timestamp": "2025-10-06T13:37:55.913Z",
     "agent": {
-        "ephemeral_id": "87389b96-4d7e-4a86-a055-4d34d251c4c0",
-        "id": "f25d13cd-18cc-4e73-822c-c4f849322623",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "77699819-d18a-4aaa-94ec-f623ee5a4a35",
+        "id": "37eb1402-bcaa-45c2-8cc6-4c13a4444037",
+        "name": "elastic-agent-77998",
         "type": "filebeat",
-        "version": "8.10.1"
+        "version": "8.19.4"
     },
     "data_stream": {
         "dataset": "tenable_sc.asset",
-        "namespace": "ep",
+        "namespace": "26660",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "f25d13cd-18cc-4e73-822c-c4f849322623",
+        "id": "37eb1402-bcaa-45c2-8cc6-4c13a4444037",
         "snapshot": false,
-        "version": "8.10.1"
+        "version": "8.19.4"
     },
     "event": {
         "agent_id_status": "verified",
         "category": [
             "host"
         ],
-        "created": "2023-09-22T18:00:18.358Z",
+        "created": "2025-10-06T13:37:55.913Z",
         "dataset": "tenable_sc.asset",
-        "ingested": "2023-09-22T18:00:21Z",
+        "ingested": "2025-10-06T13:37:58Z",
         "kind": "state",
         "original": "{\"biosGUID\":\"9e8c4d43-982b-4405-a76c-d56c1d6cf117\",\"dnsName\":\"rnkmigauv2l8zeyf.example\",\"hostUniqueness\":\"repositoryID,ip,dnsName\",\"ip\":\"0.0.228.153\",\"lastAuthRun\":\"\",\"lastUnauthRun\":\"\",\"macAddress\":\"00:00:00:47:05:0d\",\"mcafeeGUID\":\"\",\"netbiosName\":\"UNKNOWN\\\\RNKMIGAUV2L8ZEYF.EXAMPLE\",\"osCPE\":\"cpe:/o:microsoft:windows_10:::x64-home\",\"pluginSet\":\"201901281542\",\"policyName\":\"Basic Agent Scan\",\"repository\":{\"dataFormat\":\"IPv4\",\"description\":\"\",\"id\":\"2\",\"name\":\"Staged-Large\",\"sciID\":\"1\"},\"score\":\"307\",\"severityCritical\":\"6\",\"severityHigh\":\"4\",\"severityInfo\":\"131\",\"severityLow\":\"0\",\"severityMedium\":\"9\",\"total\":\"150\",\"tpmID\":\"\",\"uniqueness\":\"repositoryID,ip,dnsName\",\"uuid\":\"4add65d0-27fc-491c-91ba-3f498a61f49e\"}",
         "type": [
@@ -198,30 +198,30 @@ An example event for `plugin` looks as following:
 {
     "@timestamp": "2021-09-27T01:33:53.000Z",
     "agent": {
-        "ephemeral_id": "7f93fe8a-bef7-46ec-8a36-47d48e2f8e7c",
-        "id": "f25d13cd-18cc-4e73-822c-c4f849322623",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "ad9b8348-5b15-45a3-967e-c24f69eed284",
+        "id": "65054cc3-10c1-4c92-a72b-ca4b1cd3f337",
+        "name": "elastic-agent-15688",
         "type": "filebeat",
-        "version": "8.10.1"
+        "version": "8.19.4"
     },
     "data_stream": {
         "dataset": "tenable_sc.plugin",
-        "namespace": "ep",
+        "namespace": "57997",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "f25d13cd-18cc-4e73-822c-c4f849322623",
+        "id": "65054cc3-10c1-4c92-a72b-ca4b1cd3f337",
         "snapshot": false,
-        "version": "8.10.1"
+        "version": "8.19.4"
     },
     "event": {
         "agent_id_status": "verified",
-        "created": "2023-09-22T18:01:18.245Z",
+        "created": "2025-10-07T10:42:09.255Z",
         "dataset": "tenable_sc.plugin",
-        "ingested": "2023-09-22T18:01:21Z",
+        "ingested": "2025-10-07T10:42:12Z",
         "kind": "event",
         "original": "{\"baseScore\":\"7.8\",\"checkType\":\"remote\",\"copyright\":\"This script is Copyright (C) 2003-2020 John Lampe\",\"cpe\":\"\",\"cvssV3BaseScore\":null,\"cvssV3TemporalScore\":null,\"cvssV3Vector\":\"\",\"cvssV3VectorBF\":\"0\",\"cvssVector\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C\",\"cvssVectorBF\":\"2164920932\",\"dependencies\":\"find_service1.nasl,http_version.nasl,www_fingerprinting_hmap.nasl\",\"description\":\"Microsoft IIS, running Frontpage extensions, is vulnerable to a remote denial of service attack usually called the 'malformed web submission' vulnerability.  An attacker, exploiting this vulnerability, will be able to render the service unusable.\\n\\nIf this machine serves a business-critical function, there could be an impact to the business.\",\"dstPort\":null,\"exploitAvailable\":\"false\",\"exploitEase\":\"No known exploits are available\",\"exploitFrameworks\":\"\",\"family\":{\"id\":\"11\",\"name\":\"Web Servers\",\"type\":\"active\"},\"id\":\"10585\",\"md5\":\"38b2147401eb5c3a15af52182682f345\",\"modifiedTime\":\"1632706433\",\"name\":\"Microsoft IIS Frontpage Server Extensions (FPSE) Malformed Form DoS\",\"patchModDate\":\"-1\",\"patchPubDate\":\"-1\",\"pluginModDate\":\"1591963200\",\"pluginPubDate\":\"1058875200\",\"protocol\":\"\",\"requiredPorts\":\"\",\"requiredUDPPorts\":\"\",\"riskFactor\":\"High\",\"seeAlso\":\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2000/ms00-100\",\"solution\":\"Microsoft has released a set of patches for IIS 4.0 and 5.0.\",\"sourceFile\":\"IIS_frontpage_DOS_2.nasl\",\"srcPort\":null,\"stigSeverity\":null,\"synopsis\":\"The remote web server is vulnerable to a denial of service\",\"temporalScore\":\"5.8\",\"type\":\"active\",\"version\":\"1.28\",\"vprContext\":\"[{\\\"id\\\":\\\"age_of_vuln\\\",\\\"name\\\":\\\"Vulnerability Age\\\",\\\"type\\\":\\\"string\\\",\\\"value\\\":\\\"730 days +\\\"},{\\\"id\\\":\\\"cvssV3_impactScore\\\",\\\"name\\\":\\\"CVSS v3 Impact Score\\\",\\\"type\\\":\\\"number\\\",\\\"value\\\":3.6000000000000001},{\\\"id\\\":\\\"exploit_code_maturity\\\",\\\"name\\\":\\\"Exploit Code Maturity\\\",\\\"type\\\":\\\"string\\\",\\\"value\\\":\\\"Unproven\\\"},{\\\"id\\\":\\\"product_coverage\\\",\\\"name\\\":\\\"Product Coverage\\\",\\\"type\\\":\\\"string\\\",\\\"value\\\":\\\"Low\\\"},{\\\"id\\\":\\\"threat_intensity_last_28\\\",\\\"name\\\":\\\"Threat Intensity\\\",\\\"type\\\":\\\"string\\\",\\\"value\\\":\\\"Very Low\\\"},{\\\"id\\\":\\\"threat_recency\\\",\\\"name\\\":\\\"Threat Recency\\\",\\\"type\\\":\\\"string\\\",\\\"value\\\":\\\"\\u003e 365 days\\\"},{\\\"id\\\":\\\"threat_sources_last_28\\\",\\\"name\\\":\\\"Threat Sources\\\",\\\"type\\\":\\\"string\\\",\\\"value\\\":\\\"No recorded events\\\"}]\",\"vprScore\":\"4.4\",\"vulnPubDate\":\"977486400\",\"xrefs\":\"CVE:CVE-2001-0096, BID:2144, MSFT:MS00-100, MSKB:280322\"}",
         "type": [
@@ -430,24 +430,24 @@ An example event for `vulnerability` looks as following:
 {
     "@timestamp": "2021-09-25T16:08:45.000Z",
     "agent": {
-        "ephemeral_id": "c643a0a5-89d8-4a1e-81f0-63a129501012",
-        "id": "ad0cabc5-f33b-4982-aba6-069a206e7c08",
-        "name": "elastic-agent-82139",
+        "ephemeral_id": "1ee3d09e-0309-4a71-86d5-4433169a250e",
+        "id": "11a703c8-e782-406b-85f6-a39a806a2ab3",
+        "name": "elastic-agent-67332",
         "type": "filebeat",
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "data_stream": {
         "dataset": "tenable_sc.vulnerability",
-        "namespace": "94688",
+        "namespace": "61211",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "ad0cabc5-f33b-4982-aba6-069a206e7c08",
+        "id": "11a703c8-e782-406b-85f6-a39a806a2ab3",
         "snapshot": false,
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "event": {
         "agent_id_status": "verified",
@@ -455,9 +455,9 @@ An example event for `vulnerability` looks as following:
             "threat",
             "vulnerability"
         ],
-        "created": "2025-07-16T08:29:40.843Z",
+        "created": "2025-10-06T13:41:27.178Z",
         "dataset": "tenable_sc.vulnerability",
-        "ingested": "2025-07-16T08:29:43Z",
+        "ingested": "2025-10-06T13:41:30Z",
         "kind": "event",
         "original": "{\"acceptRisk\":\"0\",\"baseScore\":\"0.0\",\"bid\":\"\",\"checkType\":\"remote\",\"cpe\":\"\",\"cve\":\"CVE-1999-0524\",\"cvssV3BaseScore\":\"0.0\",\"cvssV3TemporalScore\":\"\",\"cvssV3Vector\":\"AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N\",\"cvssVector\":\"AV:L/AC:L/Au:N/C:N/I:N/A:N\",\"description\":\"The remote host answers to an ICMP timestamp request.  This allows an attacker to know the date that is set on the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-based authentication protocols.\\n\\nTimestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect, but usually within 1000 seconds of the actual system time.\",\"dnsName\":\"_gateway.lxd\",\"exploitAvailable\":\"No\",\"exploitEase\":\"\",\"exploitFrameworks\":\"\",\"family\":{\"id\":\"30\",\"name\":\"General\",\"type\":\"active\"},\"firstSeen\":\"1551284872\",\"hasBeenMitigated\":\"0\",\"hostUniqueness\":\"repositoryID,ip,dnsName\",\"ip\":\"10.238.64.1\",\"ips\":\"10.238.64.1\",\"lastSeen\":\"1632586125\",\"macAddress\":\"00:16:3e:a1:12:f7\",\"netbiosName\":\"\",\"operatingSystem\":\"Linux Kernel 2.6\",\"patchPubDate\":\"-1\",\"pluginID\":\"10114\",\"pluginInfo\":\"10114 (0/1) ICMP Timestamp Request Remote Date Disclosure\",\"pluginModDate\":\"1570190400\",\"pluginName\":\"ICMP Timestamp Request Remote Date Disclosure\",\"pluginPubDate\":\"933508800\",\"pluginText\":\"\\u003cplugin_output\\u003eThe remote clock is synchronized with the local clock.\\n\\u003c/plugin_output\\u003e\",\"port\":\"0\",\"protocol\":\"ICMP\",\"recastRisk\":\"0\",\"repository\":{\"dataFormat\":\"IPv4\",\"description\":\"\",\"id\":\"1\",\"name\":\"Live\",\"sciID\":\"1\"},\"riskFactor\":\"None\",\"seeAlso\":\"\",\"severity\":{\"description\":\"Informative\",\"id\":\"0\",\"name\":\"Info\"},\"solution\":\"Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).\",\"stigSeverity\":\"\",\"synopsis\":\"It is possible to determine the exact time set on the remote host.\",\"temporalScore\":\"\",\"uniqueness\":\"repositoryID,ip,dnsName\",\"uuid\":\"\",\"version\":\"1.48\",\"vprContext\":\"[{\\\"id\\\":\\\"age_of_vuln\\\",\\\"name\\\":\\\"Vulnerability Age\\\",\\\"type\\\":\\\"string\\\",\\\"value\\\":\\\"730 days +\\\"},{\\\"id\\\":\\\"cvssV3_impactScore\\\",\\\"name\\\":\\\"CVSS v3 Impact Score\\\",\\\"type\\\":\\\"number\\\",\\\"value\\\":0},{\\\"id\\\":\\\"exploit_code_maturity\\\",\\\"name\\\":\\\"Exploit Code Maturity\\\",\\\"type\\\":\\\"string\\\",\\\"value\\\":\\\"Unproven\\\"},{\\\"id\\\":\\\"product_coverage\\\",\\\"name\\\":\\\"Product Coverage\\\",\\\"type\\\":\\\"string\\\",\\\"value\\\":\\\"Very High\\\"},{\\\"id\\\":\\\"threat_intensity_last_28\\\",\\\"name\\\":\\\"Threat Intensity\\\",\\\"type\\\":\\\"string\\\",\\\"value\\\":\\\"Very Low\\\"},{\\\"id\\\":\\\"threat_recency\\\",\\\"name\\\":\\\"Threat Recency\\\",\\\"type\\\":\\\"string\\\",\\\"value\\\":\\\"No recorded events\\\"},{\\\"id\\\":\\\"threat_sources_last_28\\\",\\\"name\\\":\\\"Threat Sources\\\",\\\"type\\\":\\\"string\\\",\\\"value\\\":\\\"No recorded events\\\"}]\",\"vprScore\":\"0.8\",\"vulnPubDate\":\"788961600\",\"xref\":\"CWE #200\"}",
         "type": [
diff --git a/packages/tenable_sc/manifest.yml b/packages/tenable_sc/manifest.yml
index 56e097b9158..76b75c93322 100644
--- a/packages/tenable_sc/manifest.yml
+++ b/packages/tenable_sc/manifest.yml
@@ -2,7 +2,7 @@ format_version: "3.3.2"
 name: tenable_sc
 title: Tenable Security Center
 # The version must be updated in the input configuration templates as well, in order to set the correct User-Agent header. Until elastic/kibana#121310 is implemented we will have to manually sync these.
-version: "1.31.0"
+version: "1.32.0"
 description: |
   Collect data from Tenable Security Center with Elastic Agent.
 type: integration
@@ -11,7 +11,7 @@ categories:
   - vulnerability_management
 conditions:
   kibana:
-    version: "^8.18.0 || ^9.0.0"
+    version: "^8.19.4 || ~9.0.7 || ^9.1.4"
 screenshots:
   - src: /img/tenable_sc-screenshot.png
     title: Tenable Security Center vulnerability dashboard screenshot
diff --git a/packages/ti_eset/changelog.yml b/packages/ti_eset/changelog.yml
index 8d2420189ae..a41528c3af3 100644
--- a/packages/ti_eset/changelog.yml
+++ b/packages/ti_eset/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.8.0"
+  changes:
+    - description: Prevent updating fleet health status to degraded.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/15584
 - version: "1.7.0"
   changes:
     - description: Remove duplicated installation instructions from the documentation
diff --git a/packages/ti_eset/data_stream/apt/agent/stream/httpjson.yml.hbs b/packages/ti_eset/data_stream/apt/agent/stream/httpjson.yml.hbs
index 5037e0838d2..c7687e7d4f6 100644
--- a/packages/ti_eset/data_stream/apt/agent/stream/httpjson.yml.hbs
+++ b/packages/ti_eset/data_stream/apt/agent/stream/httpjson.yml.hbs
@@ -44,8 +44,9 @@ response.pagination:
   - set:
       target: url.params.added_after
       value: >-
-        [[ if .last_response.body.more ]][[ .last_response.header.Get "X-TAXII-Date-Added-Last" ]][[ end ]]
+        [[ if index .last_response.body "more" ]][[ if .last_response.body.more ]][[ .last_response.header.Get "X-TAXII-Date-Added-Last" ]][[ end ]][[ end ]]
       fail_on_template_error: true
+      do_not_log_failure: true
 
 response.split:
   target: body.objects
diff --git a/packages/ti_eset/data_stream/apt/sample_event.json b/packages/ti_eset/data_stream/apt/sample_event.json
index 2110598b83a..4bfae78a48b 100644
--- a/packages/ti_eset/data_stream/apt/sample_event.json
+++ b/packages/ti_eset/data_stream/apt/sample_event.json
@@ -1,24 +1,24 @@
 {
     "@timestamp": "2023-09-29T08:48:42.000Z",
     "agent": {
-        "ephemeral_id": "bd2c939d-5911-4c25-b463-5e05b9c631d1",
-        "id": "8299ae35-ee0e-4107-9acb-1b6acfdda1fb",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "a679c1a0-9912-432a-8b96-c086ca315b48",
+        "id": "cf4d8f48-a3a0-4e2b-a1c8-227f0e6989dc",
+        "name": "elastic-agent-89667",
         "type": "filebeat",
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "data_stream": {
         "dataset": "ti_eset.apt",
-        "namespace": "69523",
+        "namespace": "24024",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "8299ae35-ee0e-4107-9acb-1b6acfdda1fb",
+        "id": "cf4d8f48-a3a0-4e2b-a1c8-227f0e6989dc",
         "snapshot": false,
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "eset": {
         "id": "indicator--a4cb9aa8-b12e-4141-ae33-509dfd9dd382",
@@ -31,9 +31,9 @@
         "category": [
             "threat"
         ],
-        "created": "2024-08-02T04:59:53.515Z",
+        "created": "2025-10-07T05:22:55.697Z",
         "dataset": "ti_eset.apt",
-        "ingested": "2024-08-02T05:00:03Z",
+        "ingested": "2025-10-07T05:22:56Z",
         "kind": "enrichment",
         "original": "{\"created\":\"2023-09-29T08:48:42.000Z\",\"created_by_ref\":\"identity--55f6ea5e-51ac-4344-bc8c-4170950d210f\",\"id\":\"indicator--a4cb9aa8-b12e-4141-ae33-509dfd9dd382\",\"kill_chain_phases\":[{\"kill_chain_name\":\"misp-category\",\"phase_name\":\"file\"}],\"labels\":[\"misp:name=\\\"file\\\"\",\"misp:meta-category=\\\"file\\\"\",\"misp:to_ids=\\\"True\\\"\"],\"modified\":\"2023-09-29T08:48:42.000Z\",\"pattern\":\"[file:hashes.MD5 = '7196b26572d2c357a17599b9a0d71d33' AND file:hashes.SHA1 = 'a3ee3d4bc8057cfde073a7acf3232cfb3cbb10c0' AND file:hashes.SHA256 = '6c9eab41d2e06702313ee6513a8b98adc083ee7bcd2c85821a8a3136c20d687e' AND file:name = 'KihqQGHs7zYOxqqNE0b9zO4w6d7ysXUWrfDf6vLOAW4MU3Fs.mp3' AND file:parent_directory_ref.path = 'Comchit ltr no 4200 dt 23-09-2023' AND file:x_misp_fullpath = 'Comchit ltr no 4200 dt 23-09-2023/KihqQGHs7zYOxqqNE0b9zO4w6d7ysXUWrfDf6vLOAW4MU3Fs.mp3' AND file:extensions.'windows-pebinary-ext'.imphash = 'fcab131627362db5898b1bcc15d7fd72' AND file:extensions.'windows-pebinary-ext'.pe_type = 'dll' AND file:extensions.'windows-pebinary-ext'.x_misp_compilation_timestamp = '2023-09-25 07:03:56+00:00' AND file:extensions.'windows-pebinary-ext'.x_misp_authentihash = '6c744b262dbf76fb20346a93cbedbb0668c90b5bb5027485109e3cfb41f48d8c']\",\"pattern_type\":\"stix\",\"pattern_version\":\"2.1\",\"spec_version\":\"indicator\",\"type\":\"indicator\",\"valid_from\":\"2023-09-26T07:00:04Z\"}",
         "type": [
@@ -68,4 +68,4 @@
             "type": "file"
         }
     }
-}
\ No newline at end of file
+}
diff --git a/packages/ti_eset/data_stream/botnet/agent/stream/httpjson.yml.hbs b/packages/ti_eset/data_stream/botnet/agent/stream/httpjson.yml.hbs
index 5037e0838d2..c7687e7d4f6 100644
--- a/packages/ti_eset/data_stream/botnet/agent/stream/httpjson.yml.hbs
+++ b/packages/ti_eset/data_stream/botnet/agent/stream/httpjson.yml.hbs
@@ -44,8 +44,9 @@ response.pagination:
   - set:
       target: url.params.added_after
       value: >-
-        [[ if .last_response.body.more ]][[ .last_response.header.Get "X-TAXII-Date-Added-Last" ]][[ end ]]
+        [[ if index .last_response.body "more" ]][[ if .last_response.body.more ]][[ .last_response.header.Get "X-TAXII-Date-Added-Last" ]][[ end ]][[ end ]]
       fail_on_template_error: true
+      do_not_log_failure: true
 
 response.split:
   target: body.objects
diff --git a/packages/ti_eset/data_stream/botnet/sample_event.json b/packages/ti_eset/data_stream/botnet/sample_event.json
index b0b51a20f0b..237df11bac1 100644
--- a/packages/ti_eset/data_stream/botnet/sample_event.json
+++ b/packages/ti_eset/data_stream/botnet/sample_event.json
@@ -1,24 +1,24 @@
 {
     "@timestamp": "2023-10-18T02:05:09.000Z",
     "agent": {
-        "ephemeral_id": "e3582713-6bf8-43c3-af56-ccec81f7e8f4",
-        "id": "8299ae35-ee0e-4107-9acb-1b6acfdda1fb",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "bea850c5-7b99-4fe0-b62a-70e8f816f892",
+        "id": "75de7f03-46a5-4fc6-88cb-6ec688bc8813",
+        "name": "elastic-agent-97208",
         "type": "filebeat",
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "data_stream": {
         "dataset": "ti_eset.botnet",
-        "namespace": "22700",
+        "namespace": "21530",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "8299ae35-ee0e-4107-9acb-1b6acfdda1fb",
+        "id": "75de7f03-46a5-4fc6-88cb-6ec688bc8813",
         "snapshot": false,
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "eset": {
         "id": "indicator--80dc09fa-563f-4a9c-ad1d-655d8dffa37f",
@@ -32,9 +32,9 @@
         "category": [
             "threat"
         ],
-        "created": "2024-08-02T05:02:05.881Z",
+        "created": "2025-10-07T05:23:54.209Z",
         "dataset": "ti_eset.botnet",
-        "ingested": "2024-08-02T05:02:17Z",
+        "ingested": "2025-10-07T05:23:57Z",
         "kind": "enrichment",
         "original": "{\"created\":\"2023-10-18T02:05:09.000Z\",\"description\":\"Each of these file hashes indicates that a variant of Win32/Rescoms.B backdoor is present.\",\"id\":\"indicator--80dc09fa-563f-4a9c-ad1d-655d8dffa37f\",\"labels\":[\"malicious-activity\"],\"modified\":\"2023-10-18T02:05:09.000Z\",\"name\":\"373d34874d7bc89fd4cefa6272ee80bf\",\"pattern\":\"[file:hashes.'SHA-256'='b0e914d1bbe19433cc9df64ea1ca07fe77f7b150b511b786e46e007941a62bd7'] OR [file:hashes.'SHA-1'='373d34874d7bc89fd4cefa6272ee80bf'] OR [file:hashes.'MD5'='373d34874d7bc89fd4cefa6272ee80bf']\",\"pattern_type\":\"stix\",\"pattern_version\":\"2.1\",\"spec_version\":\"indicator\",\"type\":\"indicator\",\"valid_from\":\"2023-10-18T02:05:09Z\",\"valid_until\":\"2023-10-20T02:05:09Z\"}",
         "type": [
@@ -70,4 +70,4 @@
             "type": "file"
         }
     }
-}
\ No newline at end of file
+}
diff --git a/packages/ti_eset/data_stream/cc/agent/stream/httpjson.yml.hbs b/packages/ti_eset/data_stream/cc/agent/stream/httpjson.yml.hbs
index 5037e0838d2..c7687e7d4f6 100644
--- a/packages/ti_eset/data_stream/cc/agent/stream/httpjson.yml.hbs
+++ b/packages/ti_eset/data_stream/cc/agent/stream/httpjson.yml.hbs
@@ -44,8 +44,9 @@ response.pagination:
   - set:
       target: url.params.added_after
       value: >-
-        [[ if .last_response.body.more ]][[ .last_response.header.Get "X-TAXII-Date-Added-Last" ]][[ end ]]
+        [[ if index .last_response.body "more" ]][[ if .last_response.body.more ]][[ .last_response.header.Get "X-TAXII-Date-Added-Last" ]][[ end ]][[ end ]]
       fail_on_template_error: true
+      do_not_log_failure: true
 
 response.split:
   target: body.objects
diff --git a/packages/ti_eset/data_stream/cc/sample_event.json b/packages/ti_eset/data_stream/cc/sample_event.json
index e8a18fff4bd..d256a4fbec4 100644
--- a/packages/ti_eset/data_stream/cc/sample_event.json
+++ b/packages/ti_eset/data_stream/cc/sample_event.json
@@ -1,24 +1,24 @@
 {
     "@timestamp": "2023-10-19T02:00:09.000Z",
     "agent": {
-        "ephemeral_id": "95cbae2d-d7d2-4290-85f5-52760bcda80a",
-        "id": "8299ae35-ee0e-4107-9acb-1b6acfdda1fb",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "b3edd383-6fe5-42f1-98e5-e36a924959ba",
+        "id": "c5567d77-e4ac-453b-b1d3-aa2ea2cf9dfb",
+        "name": "elastic-agent-90683",
         "type": "filebeat",
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "data_stream": {
         "dataset": "ti_eset.cc",
-        "namespace": "98813",
+        "namespace": "30355",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "8299ae35-ee0e-4107-9acb-1b6acfdda1fb",
+        "id": "c5567d77-e4ac-453b-b1d3-aa2ea2cf9dfb",
         "snapshot": false,
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "eset": {
         "id": "indicator--34e0eaa0-d35d-4039-b801-8f05d4e16bea",
@@ -32,9 +32,9 @@
         "category": [
             "threat"
         ],
-        "created": "2024-08-02T05:04:32.167Z",
+        "created": "2025-10-07T05:24:54.170Z",
         "dataset": "ti_eset.cc",
-        "ingested": "2024-08-02T05:04:44Z",
+        "ingested": "2025-10-07T05:24:57Z",
         "kind": "enrichment",
         "original": "{\"created\":\"2023-10-19T02:00:09.000Z\",\"description\":\"C\\u0026C of Win32/Smokeloader.H trojan\",\"id\":\"indicator--34e0eaa0-d35d-4039-b801-8f05d4e16bea\",\"labels\":[\"malicious-activity\"],\"modified\":\"2023-10-19T02:00:09.000Z\",\"name\":\"https://example.com/some/path\",\"pattern\":\"[url:value='https://example.com/some/path']\",\"pattern_type\":\"stix\",\"pattern_version\":\"2.1\",\"spec_version\":\"indicator\",\"type\":\"indicator\",\"valid_from\":\"2023-10-19T02:00:09Z\",\"valid_until\":\"2023-10-21T02:00:09Z\"}",
         "type": [
@@ -66,4 +66,4 @@
             }
         }
     }
-}
\ No newline at end of file
+}
diff --git a/packages/ti_eset/data_stream/domains/agent/stream/httpjson.yml.hbs b/packages/ti_eset/data_stream/domains/agent/stream/httpjson.yml.hbs
index 5037e0838d2..c7687e7d4f6 100644
--- a/packages/ti_eset/data_stream/domains/agent/stream/httpjson.yml.hbs
+++ b/packages/ti_eset/data_stream/domains/agent/stream/httpjson.yml.hbs
@@ -44,8 +44,9 @@ response.pagination:
   - set:
       target: url.params.added_after
       value: >-
-        [[ if .last_response.body.more ]][[ .last_response.header.Get "X-TAXII-Date-Added-Last" ]][[ end ]]
+        [[ if index .last_response.body "more" ]][[ if .last_response.body.more ]][[ .last_response.header.Get "X-TAXII-Date-Added-Last" ]][[ end ]][[ end ]]
       fail_on_template_error: true
+      do_not_log_failure: true
 
 response.split:
   target: body.objects
diff --git a/packages/ti_eset/data_stream/domains/sample_event.json b/packages/ti_eset/data_stream/domains/sample_event.json
index f8e1ab633d9..afa103e5d77 100644
--- a/packages/ti_eset/data_stream/domains/sample_event.json
+++ b/packages/ti_eset/data_stream/domains/sample_event.json
@@ -1,24 +1,24 @@
 {
     "@timestamp": "2023-10-19T02:00:28.000Z",
     "agent": {
-        "ephemeral_id": "76bad86d-2d9f-43d9-aa2b-f14fd7fc62ca",
-        "id": "8299ae35-ee0e-4107-9acb-1b6acfdda1fb",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "73444b7b-a480-4ea7-b838-e041791c2cd8",
+        "id": "32093ab2-602b-4282-ab43-c353c6ca2de4",
+        "name": "elastic-agent-56675",
         "type": "filebeat",
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "data_stream": {
         "dataset": "ti_eset.domains",
-        "namespace": "67132",
+        "namespace": "76832",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "8299ae35-ee0e-4107-9acb-1b6acfdda1fb",
+        "id": "32093ab2-602b-4282-ab43-c353c6ca2de4",
         "snapshot": false,
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "eset": {
         "id": "indicator--dfb05726-f2be-43c8-a5b2-48e78cc05286",
@@ -32,9 +32,9 @@
         "category": [
             "threat"
         ],
-        "created": "2024-08-02T05:06:46.514Z",
+        "created": "2025-10-07T05:25:53.540Z",
         "dataset": "ti_eset.domains",
-        "ingested": "2024-08-02T05:06:58Z",
+        "ingested": "2025-10-07T05:25:56Z",
         "kind": "enrichment",
         "original": "{\"created\":\"2023-10-19T02:00:28.000Z\",\"description\":\"Host is known to be actively distributing adware or other medium-risk software.\",\"id\":\"indicator--dfb05726-f2be-43c8-a5b2-48e78cc05286\",\"labels\":[\"malicious-activity\"],\"modified\":\"2023-10-19T02:00:28.000Z\",\"name\":\"example.com\",\"pattern\":\"[domain-name:value='example.com']\",\"pattern_type\":\"stix\",\"pattern_version\":\"2.1\",\"spec_version\":\"indicator\",\"type\":\"indicator\",\"valid_from\":\"2023-10-19T02:00:28Z\",\"valid_until\":\"2023-10-21T02:00:28Z\"}",
         "type": [
@@ -67,4 +67,4 @@
             }
         }
     }
-}
\ No newline at end of file
+}
diff --git a/packages/ti_eset/data_stream/files/agent/stream/httpjson.yml.hbs b/packages/ti_eset/data_stream/files/agent/stream/httpjson.yml.hbs
index 5037e0838d2..c7687e7d4f6 100644
--- a/packages/ti_eset/data_stream/files/agent/stream/httpjson.yml.hbs
+++ b/packages/ti_eset/data_stream/files/agent/stream/httpjson.yml.hbs
@@ -44,8 +44,9 @@ response.pagination:
   - set:
       target: url.params.added_after
       value: >-
-        [[ if .last_response.body.more ]][[ .last_response.header.Get "X-TAXII-Date-Added-Last" ]][[ end ]]
+        [[ if index .last_response.body "more" ]][[ if .last_response.body.more ]][[ .last_response.header.Get "X-TAXII-Date-Added-Last" ]][[ end ]][[ end ]]
       fail_on_template_error: true
+      do_not_log_failure: true
 
 response.split:
   target: body.objects
diff --git a/packages/ti_eset/data_stream/files/sample_event.json b/packages/ti_eset/data_stream/files/sample_event.json
index b782bda2517..8dfe35838b0 100644
--- a/packages/ti_eset/data_stream/files/sample_event.json
+++ b/packages/ti_eset/data_stream/files/sample_event.json
@@ -1,24 +1,24 @@
 {
     "@timestamp": "2023-10-19T02:00:38.000Z",
     "agent": {
-        "ephemeral_id": "dbb7a40e-8e54-45da-9658-416a3183fbab",
-        "id": "8299ae35-ee0e-4107-9acb-1b6acfdda1fb",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "11ca0f0e-0d11-4dd3-b2d4-64f567328b32",
+        "id": "d13f581e-ff6e-4b91-9ec0-41af4d9ec6dd",
+        "name": "elastic-agent-44731",
         "type": "filebeat",
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "data_stream": {
         "dataset": "ti_eset.files",
-        "namespace": "64810",
+        "namespace": "39976",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "8299ae35-ee0e-4107-9acb-1b6acfdda1fb",
+        "id": "d13f581e-ff6e-4b91-9ec0-41af4d9ec6dd",
         "snapshot": false,
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "eset": {
         "id": "indicator--5d7e9ad6-7b48-42fa-8598-d474e8da1b0f",
@@ -32,9 +32,9 @@
         "category": [
             "threat"
         ],
-        "created": "2024-08-02T05:09:00.102Z",
+        "created": "2025-10-07T05:26:44.370Z",
         "dataset": "ti_eset.files",
-        "ingested": "2024-08-02T05:09:12Z",
+        "ingested": "2025-10-07T05:26:47Z",
         "kind": "enrichment",
         "original": "{\"created\":\"2023-10-19T02:00:38.000Z\",\"description\":\"Each of these file hashes indicates that a variant of HTML/Phishing.Agent.EVU trojan is present.\",\"id\":\"indicator--5d7e9ad6-7b48-42fa-8598-d474e8da1b0f\",\"labels\":[\"malicious-activity\"],\"modified\":\"2023-10-19T02:00:38.000Z\",\"name\":\"b0e914d1bbe19433cc9df64ea1ca07fe77f7b150b511b786e46e007941a62bd7\",\"pattern\":\"[file:hashes.'SHA-256'='b0e914d1bbe19433cc9df64ea1ca07fe77f7b150b511b786e46e007941a62bd7'] OR [file:hashes.'SHA-1'='b0e914d1bbe19433cc9df64ea1ca07fe77f7b150b511b786e46e007941a62bd7'] OR [file:hashes.'MD5'='b0e914d1bbe19433cc9df64ea1ca07fe77f7b150b511b786e46e007941a62bd7']\",\"pattern_type\":\"stix\",\"pattern_version\":\"2.1\",\"spec_version\":\"indicator\",\"type\":\"indicator\",\"valid_from\":\"2023-10-19T02:00:38Z\",\"valid_until\":\"2023-10-21T02:00:38Z\"}",
         "type": [
@@ -70,4 +70,4 @@
             "type": "file"
         }
     }
-}
\ No newline at end of file
+}
diff --git a/packages/ti_eset/data_stream/ip/agent/stream/httpjson.yml.hbs b/packages/ti_eset/data_stream/ip/agent/stream/httpjson.yml.hbs
index 5037e0838d2..c7687e7d4f6 100644
--- a/packages/ti_eset/data_stream/ip/agent/stream/httpjson.yml.hbs
+++ b/packages/ti_eset/data_stream/ip/agent/stream/httpjson.yml.hbs
@@ -44,8 +44,9 @@ response.pagination:
   - set:
       target: url.params.added_after
       value: >-
-        [[ if .last_response.body.more ]][[ .last_response.header.Get "X-TAXII-Date-Added-Last" ]][[ end ]]
+        [[ if index .last_response.body "more" ]][[ if .last_response.body.more ]][[ .last_response.header.Get "X-TAXII-Date-Added-Last" ]][[ end ]][[ end ]]
       fail_on_template_error: true
+      do_not_log_failure: true
 
 response.split:
   target: body.objects
diff --git a/packages/ti_eset/data_stream/ip/sample_event.json b/packages/ti_eset/data_stream/ip/sample_event.json
index d572226f46e..bb2e66ec475 100644
--- a/packages/ti_eset/data_stream/ip/sample_event.json
+++ b/packages/ti_eset/data_stream/ip/sample_event.json
@@ -1,24 +1,24 @@
 {
     "@timestamp": "2023-10-19T02:20:06.000Z",
     "agent": {
-        "ephemeral_id": "960f3ac1-589e-4bc0-a8d2-ba6745729a1a",
-        "id": "8299ae35-ee0e-4107-9acb-1b6acfdda1fb",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "3c72f0b8-ccdc-4db2-93bd-ace8c478a0a8",
+        "id": "62646616-f5ca-4969-9058-a59df4d18be7",
+        "name": "elastic-agent-58112",
         "type": "filebeat",
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "data_stream": {
         "dataset": "ti_eset.ip",
-        "namespace": "85610",
+        "namespace": "34125",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "8299ae35-ee0e-4107-9acb-1b6acfdda1fb",
+        "id": "62646616-f5ca-4969-9058-a59df4d18be7",
         "snapshot": false,
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "eset": {
         "id": "indicator--905fad40-d804-4b89-ac9d-b616e0b8f6d3",
@@ -32,9 +32,9 @@
         "category": [
             "threat"
         ],
-        "created": "2024-08-02T05:11:15.412Z",
+        "created": "2025-10-07T05:27:33.661Z",
         "dataset": "ti_eset.ip",
-        "ingested": "2024-08-02T05:11:27Z",
+        "ingested": "2025-10-07T05:27:36Z",
         "kind": "enrichment",
         "original": "{\"created\":\"2023-10-19T02:20:06.000Z\",\"description\":\"Web services scanning and attacks\",\"id\":\"indicator--905fad40-d804-4b89-ac9d-b616e0b8f6d3\",\"labels\":[\"malicious-activity\"],\"modified\":\"2023-10-19T02:20:06.000Z\",\"name\":\"5.2.75.227\",\"pattern\":\"[ipv4-addr:value='5.2.75.227']\",\"pattern_type\":\"stix\",\"pattern_version\":\"2.1\",\"spec_version\":\"indicator\",\"type\":\"indicator\",\"valid_from\":\"2023-10-19T02:20:06Z\",\"valid_until\":\"2023-10-21T02:20:06Z\"}",
         "type": [
@@ -64,4 +64,4 @@
             "type": "ipv4-addr"
         }
     }
-}
\ No newline at end of file
+}
diff --git a/packages/ti_eset/data_stream/url/agent/stream/httpjson.yml.hbs b/packages/ti_eset/data_stream/url/agent/stream/httpjson.yml.hbs
index 5037e0838d2..c7687e7d4f6 100644
--- a/packages/ti_eset/data_stream/url/agent/stream/httpjson.yml.hbs
+++ b/packages/ti_eset/data_stream/url/agent/stream/httpjson.yml.hbs
@@ -44,8 +44,9 @@ response.pagination:
   - set:
       target: url.params.added_after
       value: >-
-        [[ if .last_response.body.more ]][[ .last_response.header.Get "X-TAXII-Date-Added-Last" ]][[ end ]]
+        [[ if index .last_response.body "more" ]][[ if .last_response.body.more ]][[ .last_response.header.Get "X-TAXII-Date-Added-Last" ]][[ end ]][[ end ]]
       fail_on_template_error: true
+      do_not_log_failure: true
 
 response.split:
   target: body.objects
diff --git a/packages/ti_eset/data_stream/url/sample_event.json b/packages/ti_eset/data_stream/url/sample_event.json
index 42fe543e0ba..a4dfa033e3c 100644
--- a/packages/ti_eset/data_stream/url/sample_event.json
+++ b/packages/ti_eset/data_stream/url/sample_event.json
@@ -1,24 +1,24 @@
 {
     "@timestamp": "2023-10-19T02:00:13.000Z",
     "agent": {
-        "ephemeral_id": "9dbf7300-beb1-41a6-ab96-8fd3b1fa2108",
-        "id": "8299ae35-ee0e-4107-9acb-1b6acfdda1fb",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "5c8679f1-6925-42cb-8688-444f99a1bba1",
+        "id": "73974f2f-fe42-40a5-a461-3d277a6d1dcf",
+        "name": "elastic-agent-87584",
         "type": "filebeat",
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "data_stream": {
         "dataset": "ti_eset.url",
-        "namespace": "17964",
+        "namespace": "85559",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "8299ae35-ee0e-4107-9acb-1b6acfdda1fb",
+        "id": "73974f2f-fe42-40a5-a461-3d277a6d1dcf",
         "snapshot": false,
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "eset": {
         "id": "indicator--8986619a-150b-453c-aaa8-bfe8694d05cc",
@@ -32,9 +32,9 @@
         "category": [
             "threat"
         ],
-        "created": "2024-08-02T05:13:29.831Z",
+        "created": "2025-10-07T05:28:22.084Z",
         "dataset": "ti_eset.url",
-        "ingested": "2024-08-02T05:13:41Z",
+        "ingested": "2025-10-07T05:28:25Z",
         "kind": "enrichment",
         "original": "{\"created\":\"2023-10-19T02:00:13.000Z\",\"description\":\"Host actively distributes high-severity threat in the form of executable code.\",\"id\":\"indicator--8986619a-150b-453c-aaa8-bfe8694d05cc\",\"labels\":[\"benign\"],\"modified\":\"2023-10-19T02:00:13.000Z\",\"name\":\"https://example.com/some/path\",\"pattern\":\"[url:value='https://example.com/some/path']\",\"pattern_type\":\"stix\",\"pattern_version\":\"2.1\",\"spec_version\":\"indicator\",\"type\":\"indicator\",\"valid_from\":\"2023-10-19T02:00:13Z\",\"valid_until\":\"2023-10-21T02:00:13Z\"}",
         "type": [
@@ -66,4 +66,4 @@
             }
         }
     }
-}
\ No newline at end of file
+}
diff --git a/packages/ti_eset/docs/README.md b/packages/ti_eset/docs/README.md
index 9f08b44a010..aff6ed31395 100644
--- a/packages/ti_eset/docs/README.md
+++ b/packages/ti_eset/docs/README.md
@@ -93,24 +93,24 @@ An example event for `botnet` looks as following:
 {
     "@timestamp": "2023-10-18T02:05:09.000Z",
     "agent": {
-        "ephemeral_id": "e3582713-6bf8-43c3-af56-ccec81f7e8f4",
-        "id": "8299ae35-ee0e-4107-9acb-1b6acfdda1fb",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "bea850c5-7b99-4fe0-b62a-70e8f816f892",
+        "id": "75de7f03-46a5-4fc6-88cb-6ec688bc8813",
+        "name": "elastic-agent-97208",
         "type": "filebeat",
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "data_stream": {
         "dataset": "ti_eset.botnet",
-        "namespace": "22700",
+        "namespace": "21530",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "8299ae35-ee0e-4107-9acb-1b6acfdda1fb",
+        "id": "75de7f03-46a5-4fc6-88cb-6ec688bc8813",
         "snapshot": false,
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "eset": {
         "id": "indicator--80dc09fa-563f-4a9c-ad1d-655d8dffa37f",
@@ -124,9 +124,9 @@ An example event for `botnet` looks as following:
         "category": [
             "threat"
         ],
-        "created": "2024-08-02T05:02:05.881Z",
+        "created": "2025-10-07T05:23:54.209Z",
         "dataset": "ti_eset.botnet",
-        "ingested": "2024-08-02T05:02:17Z",
+        "ingested": "2025-10-07T05:23:57Z",
         "kind": "enrichment",
         "original": "{\"created\":\"2023-10-18T02:05:09.000Z\",\"description\":\"Each of these file hashes indicates that a variant of Win32/Rescoms.B backdoor is present.\",\"id\":\"indicator--80dc09fa-563f-4a9c-ad1d-655d8dffa37f\",\"labels\":[\"malicious-activity\"],\"modified\":\"2023-10-18T02:05:09.000Z\",\"name\":\"373d34874d7bc89fd4cefa6272ee80bf\",\"pattern\":\"[file:hashes.'SHA-256'='b0e914d1bbe19433cc9df64ea1ca07fe77f7b150b511b786e46e007941a62bd7'] OR [file:hashes.'SHA-1'='373d34874d7bc89fd4cefa6272ee80bf'] OR [file:hashes.'MD5'='373d34874d7bc89fd4cefa6272ee80bf']\",\"pattern_type\":\"stix\",\"pattern_version\":\"2.1\",\"spec_version\":\"indicator\",\"type\":\"indicator\",\"valid_from\":\"2023-10-18T02:05:09Z\",\"valid_until\":\"2023-10-20T02:05:09Z\"}",
         "type": [
@@ -197,24 +197,24 @@ An example event for `cc` looks as following:
 {
     "@timestamp": "2023-10-19T02:00:09.000Z",
     "agent": {
-        "ephemeral_id": "95cbae2d-d7d2-4290-85f5-52760bcda80a",
-        "id": "8299ae35-ee0e-4107-9acb-1b6acfdda1fb",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "b3edd383-6fe5-42f1-98e5-e36a924959ba",
+        "id": "c5567d77-e4ac-453b-b1d3-aa2ea2cf9dfb",
+        "name": "elastic-agent-90683",
         "type": "filebeat",
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "data_stream": {
         "dataset": "ti_eset.cc",
-        "namespace": "98813",
+        "namespace": "30355",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "8299ae35-ee0e-4107-9acb-1b6acfdda1fb",
+        "id": "c5567d77-e4ac-453b-b1d3-aa2ea2cf9dfb",
         "snapshot": false,
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "eset": {
         "id": "indicator--34e0eaa0-d35d-4039-b801-8f05d4e16bea",
@@ -228,9 +228,9 @@ An example event for `cc` looks as following:
         "category": [
             "threat"
         ],
-        "created": "2024-08-02T05:04:32.167Z",
+        "created": "2025-10-07T05:24:54.170Z",
         "dataset": "ti_eset.cc",
-        "ingested": "2024-08-02T05:04:44Z",
+        "ingested": "2025-10-07T05:24:57Z",
         "kind": "enrichment",
         "original": "{\"created\":\"2023-10-19T02:00:09.000Z\",\"description\":\"C\\u0026C of Win32/Smokeloader.H trojan\",\"id\":\"indicator--34e0eaa0-d35d-4039-b801-8f05d4e16bea\",\"labels\":[\"malicious-activity\"],\"modified\":\"2023-10-19T02:00:09.000Z\",\"name\":\"https://example.com/some/path\",\"pattern\":\"[url:value='https://example.com/some/path']\",\"pattern_type\":\"stix\",\"pattern_version\":\"2.1\",\"spec_version\":\"indicator\",\"type\":\"indicator\",\"valid_from\":\"2023-10-19T02:00:09Z\",\"valid_until\":\"2023-10-21T02:00:09Z\"}",
         "type": [
@@ -297,24 +297,24 @@ An example event for `domains` looks as following:
 {
     "@timestamp": "2023-10-19T02:00:28.000Z",
     "agent": {
-        "ephemeral_id": "76bad86d-2d9f-43d9-aa2b-f14fd7fc62ca",
-        "id": "8299ae35-ee0e-4107-9acb-1b6acfdda1fb",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "73444b7b-a480-4ea7-b838-e041791c2cd8",
+        "id": "32093ab2-602b-4282-ab43-c353c6ca2de4",
+        "name": "elastic-agent-56675",
         "type": "filebeat",
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "data_stream": {
         "dataset": "ti_eset.domains",
-        "namespace": "67132",
+        "namespace": "76832",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "8299ae35-ee0e-4107-9acb-1b6acfdda1fb",
+        "id": "32093ab2-602b-4282-ab43-c353c6ca2de4",
         "snapshot": false,
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "eset": {
         "id": "indicator--dfb05726-f2be-43c8-a5b2-48e78cc05286",
@@ -328,9 +328,9 @@ An example event for `domains` looks as following:
         "category": [
             "threat"
         ],
-        "created": "2024-08-02T05:06:46.514Z",
+        "created": "2025-10-07T05:25:53.540Z",
         "dataset": "ti_eset.domains",
-        "ingested": "2024-08-02T05:06:58Z",
+        "ingested": "2025-10-07T05:25:56Z",
         "kind": "enrichment",
         "original": "{\"created\":\"2023-10-19T02:00:28.000Z\",\"description\":\"Host is known to be actively distributing adware or other medium-risk software.\",\"id\":\"indicator--dfb05726-f2be-43c8-a5b2-48e78cc05286\",\"labels\":[\"malicious-activity\"],\"modified\":\"2023-10-19T02:00:28.000Z\",\"name\":\"example.com\",\"pattern\":\"[domain-name:value='example.com']\",\"pattern_type\":\"stix\",\"pattern_version\":\"2.1\",\"spec_version\":\"indicator\",\"type\":\"indicator\",\"valid_from\":\"2023-10-19T02:00:28Z\",\"valid_until\":\"2023-10-21T02:00:28Z\"}",
         "type": [
@@ -398,24 +398,24 @@ An example event for `files` looks as following:
 {
     "@timestamp": "2023-10-19T02:00:38.000Z",
     "agent": {
-        "ephemeral_id": "dbb7a40e-8e54-45da-9658-416a3183fbab",
-        "id": "8299ae35-ee0e-4107-9acb-1b6acfdda1fb",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "11ca0f0e-0d11-4dd3-b2d4-64f567328b32",
+        "id": "d13f581e-ff6e-4b91-9ec0-41af4d9ec6dd",
+        "name": "elastic-agent-44731",
         "type": "filebeat",
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "data_stream": {
         "dataset": "ti_eset.files",
-        "namespace": "64810",
+        "namespace": "39976",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "8299ae35-ee0e-4107-9acb-1b6acfdda1fb",
+        "id": "d13f581e-ff6e-4b91-9ec0-41af4d9ec6dd",
         "snapshot": false,
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "eset": {
         "id": "indicator--5d7e9ad6-7b48-42fa-8598-d474e8da1b0f",
@@ -429,9 +429,9 @@ An example event for `files` looks as following:
         "category": [
             "threat"
         ],
-        "created": "2024-08-02T05:09:00.102Z",
+        "created": "2025-10-07T05:26:44.370Z",
         "dataset": "ti_eset.files",
-        "ingested": "2024-08-02T05:09:12Z",
+        "ingested": "2025-10-07T05:26:47Z",
         "kind": "enrichment",
         "original": "{\"created\":\"2023-10-19T02:00:38.000Z\",\"description\":\"Each of these file hashes indicates that a variant of HTML/Phishing.Agent.EVU trojan is present.\",\"id\":\"indicator--5d7e9ad6-7b48-42fa-8598-d474e8da1b0f\",\"labels\":[\"malicious-activity\"],\"modified\":\"2023-10-19T02:00:38.000Z\",\"name\":\"b0e914d1bbe19433cc9df64ea1ca07fe77f7b150b511b786e46e007941a62bd7\",\"pattern\":\"[file:hashes.'SHA-256'='b0e914d1bbe19433cc9df64ea1ca07fe77f7b150b511b786e46e007941a62bd7'] OR [file:hashes.'SHA-1'='b0e914d1bbe19433cc9df64ea1ca07fe77f7b150b511b786e46e007941a62bd7'] OR [file:hashes.'MD5'='b0e914d1bbe19433cc9df64ea1ca07fe77f7b150b511b786e46e007941a62bd7']\",\"pattern_type\":\"stix\",\"pattern_version\":\"2.1\",\"spec_version\":\"indicator\",\"type\":\"indicator\",\"valid_from\":\"2023-10-19T02:00:38Z\",\"valid_until\":\"2023-10-21T02:00:38Z\"}",
         "type": [
@@ -502,24 +502,24 @@ An example event for `ip` looks as following:
 {
     "@timestamp": "2023-10-19T02:20:06.000Z",
     "agent": {
-        "ephemeral_id": "960f3ac1-589e-4bc0-a8d2-ba6745729a1a",
-        "id": "8299ae35-ee0e-4107-9acb-1b6acfdda1fb",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "3c72f0b8-ccdc-4db2-93bd-ace8c478a0a8",
+        "id": "62646616-f5ca-4969-9058-a59df4d18be7",
+        "name": "elastic-agent-58112",
         "type": "filebeat",
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "data_stream": {
         "dataset": "ti_eset.ip",
-        "namespace": "85610",
+        "namespace": "34125",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "8299ae35-ee0e-4107-9acb-1b6acfdda1fb",
+        "id": "62646616-f5ca-4969-9058-a59df4d18be7",
         "snapshot": false,
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "eset": {
         "id": "indicator--905fad40-d804-4b89-ac9d-b616e0b8f6d3",
@@ -533,9 +533,9 @@ An example event for `ip` looks as following:
         "category": [
             "threat"
         ],
-        "created": "2024-08-02T05:11:15.412Z",
+        "created": "2025-10-07T05:27:33.661Z",
         "dataset": "ti_eset.ip",
-        "ingested": "2024-08-02T05:11:27Z",
+        "ingested": "2025-10-07T05:27:36Z",
         "kind": "enrichment",
         "original": "{\"created\":\"2023-10-19T02:20:06.000Z\",\"description\":\"Web services scanning and attacks\",\"id\":\"indicator--905fad40-d804-4b89-ac9d-b616e0b8f6d3\",\"labels\":[\"malicious-activity\"],\"modified\":\"2023-10-19T02:20:06.000Z\",\"name\":\"5.2.75.227\",\"pattern\":\"[ipv4-addr:value='5.2.75.227']\",\"pattern_type\":\"stix\",\"pattern_version\":\"2.1\",\"spec_version\":\"indicator\",\"type\":\"indicator\",\"valid_from\":\"2023-10-19T02:20:06Z\",\"valid_until\":\"2023-10-21T02:20:06Z\"}",
         "type": [
@@ -603,24 +603,24 @@ An example event for `apt` looks as following:
 {
     "@timestamp": "2023-09-29T08:48:42.000Z",
     "agent": {
-        "ephemeral_id": "bd2c939d-5911-4c25-b463-5e05b9c631d1",
-        "id": "8299ae35-ee0e-4107-9acb-1b6acfdda1fb",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "a679c1a0-9912-432a-8b96-c086ca315b48",
+        "id": "cf4d8f48-a3a0-4e2b-a1c8-227f0e6989dc",
+        "name": "elastic-agent-89667",
         "type": "filebeat",
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "data_stream": {
         "dataset": "ti_eset.apt",
-        "namespace": "69523",
+        "namespace": "24024",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "8299ae35-ee0e-4107-9acb-1b6acfdda1fb",
+        "id": "cf4d8f48-a3a0-4e2b-a1c8-227f0e6989dc",
         "snapshot": false,
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "eset": {
         "id": "indicator--a4cb9aa8-b12e-4141-ae33-509dfd9dd382",
@@ -633,9 +633,9 @@ An example event for `apt` looks as following:
         "category": [
             "threat"
         ],
-        "created": "2024-08-02T04:59:53.515Z",
+        "created": "2025-10-07T05:22:55.697Z",
         "dataset": "ti_eset.apt",
-        "ingested": "2024-08-02T05:00:03Z",
+        "ingested": "2025-10-07T05:22:56Z",
         "kind": "enrichment",
         "original": "{\"created\":\"2023-09-29T08:48:42.000Z\",\"created_by_ref\":\"identity--55f6ea5e-51ac-4344-bc8c-4170950d210f\",\"id\":\"indicator--a4cb9aa8-b12e-4141-ae33-509dfd9dd382\",\"kill_chain_phases\":[{\"kill_chain_name\":\"misp-category\",\"phase_name\":\"file\"}],\"labels\":[\"misp:name=\\\"file\\\"\",\"misp:meta-category=\\\"file\\\"\",\"misp:to_ids=\\\"True\\\"\"],\"modified\":\"2023-09-29T08:48:42.000Z\",\"pattern\":\"[file:hashes.MD5 = '7196b26572d2c357a17599b9a0d71d33' AND file:hashes.SHA1 = 'a3ee3d4bc8057cfde073a7acf3232cfb3cbb10c0' AND file:hashes.SHA256 = '6c9eab41d2e06702313ee6513a8b98adc083ee7bcd2c85821a8a3136c20d687e' AND file:name = 'KihqQGHs7zYOxqqNE0b9zO4w6d7ysXUWrfDf6vLOAW4MU3Fs.mp3' AND file:parent_directory_ref.path = 'Comchit ltr no 4200 dt 23-09-2023' AND file:x_misp_fullpath = 'Comchit ltr no 4200 dt 23-09-2023/KihqQGHs7zYOxqqNE0b9zO4w6d7ysXUWrfDf6vLOAW4MU3Fs.mp3' AND file:extensions.'windows-pebinary-ext'.imphash = 'fcab131627362db5898b1bcc15d7fd72' AND file:extensions.'windows-pebinary-ext'.pe_type = 'dll' AND file:extensions.'windows-pebinary-ext'.x_misp_compilation_timestamp = '2023-09-25 07:03:56+00:00' AND file:extensions.'windows-pebinary-ext'.x_misp_authentihash = '6c744b262dbf76fb20346a93cbedbb0668c90b5bb5027485109e3cfb41f48d8c']\",\"pattern_type\":\"stix\",\"pattern_version\":\"2.1\",\"spec_version\":\"indicator\",\"type\":\"indicator\",\"valid_from\":\"2023-09-26T07:00:04Z\"}",
         "type": [
@@ -705,24 +705,24 @@ An example event for `url` looks as following:
 {
     "@timestamp": "2023-10-19T02:00:13.000Z",
     "agent": {
-        "ephemeral_id": "9dbf7300-beb1-41a6-ab96-8fd3b1fa2108",
-        "id": "8299ae35-ee0e-4107-9acb-1b6acfdda1fb",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "5c8679f1-6925-42cb-8688-444f99a1bba1",
+        "id": "73974f2f-fe42-40a5-a461-3d277a6d1dcf",
+        "name": "elastic-agent-87584",
         "type": "filebeat",
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "data_stream": {
         "dataset": "ti_eset.url",
-        "namespace": "17964",
+        "namespace": "85559",
         "type": "logs"
     },
     "ecs": {
         "version": "8.11.0"
     },
     "elastic_agent": {
-        "id": "8299ae35-ee0e-4107-9acb-1b6acfdda1fb",
+        "id": "73974f2f-fe42-40a5-a461-3d277a6d1dcf",
         "snapshot": false,
-        "version": "8.13.0"
+        "version": "8.19.4"
     },
     "eset": {
         "id": "indicator--8986619a-150b-453c-aaa8-bfe8694d05cc",
@@ -736,9 +736,9 @@ An example event for `url` looks as following:
         "category": [
             "threat"
         ],
-        "created": "2024-08-02T05:13:29.831Z",
+        "created": "2025-10-07T05:28:22.084Z",
         "dataset": "ti_eset.url",
-        "ingested": "2024-08-02T05:13:41Z",
+        "ingested": "2025-10-07T05:28:25Z",
         "kind": "enrichment",
         "original": "{\"created\":\"2023-10-19T02:00:13.000Z\",\"description\":\"Host actively distributes high-severity threat in the form of executable code.\",\"id\":\"indicator--8986619a-150b-453c-aaa8-bfe8694d05cc\",\"labels\":[\"benign\"],\"modified\":\"2023-10-19T02:00:13.000Z\",\"name\":\"https://example.com/some/path\",\"pattern\":\"[url:value='https://example.com/some/path']\",\"pattern_type\":\"stix\",\"pattern_version\":\"2.1\",\"spec_version\":\"indicator\",\"type\":\"indicator\",\"valid_from\":\"2023-10-19T02:00:13Z\",\"valid_until\":\"2023-10-21T02:00:13Z\"}",
         "type": [
diff --git a/packages/ti_eset/manifest.yml b/packages/ti_eset/manifest.yml
index 96347898493..f9f3726e6ee 100644
--- a/packages/ti_eset/manifest.yml
+++ b/packages/ti_eset/manifest.yml
@@ -1,7 +1,7 @@
 format_version: 3.0.3
 name: ti_eset
 title: "ESET Threat Intelligence"
-version: "1.7.0"
+version: "1.8.0"
 description: "Ingest threat intelligence indicators from ESET Threat Intelligence with Elastic Agent."
 type: integration
 categories:
@@ -9,7 +9,7 @@ categories:
   - threat_intel
 conditions:
   kibana:
-    version: "^8.13.0 || ^9.0.0"
+    version: "^8.19.4 || ~9.0.7 || ^9.1.4"
   elastic:
     subscription: "basic"
 screenshots:
diff --git a/packages/zerofox/changelog.yml b/packages/zerofox/changelog.yml
index 9089b23d63e..8167e8f806f 100644
--- a/packages/zerofox/changelog.yml
+++ b/packages/zerofox/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.29.0"
+  changes:
+    - description: Prevent updating fleet health status to degraded.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/15584
 - version: "1.28.0"
   changes:
     - description: Update Kibana constraint to support 9.0.0.
diff --git a/packages/zerofox/data_stream/alerts/agent/stream/httpjson.yml.hbs b/packages/zerofox/data_stream/alerts/agent/stream/httpjson.yml.hbs
index 37bf94365b9..df78e9ebb67 100644
--- a/packages/zerofox/data_stream/alerts/agent/stream/httpjson.yml.hbs
+++ b/packages/zerofox/data_stream/alerts/agent/stream/httpjson.yml.hbs
@@ -27,8 +27,9 @@ response.split:
 response.pagination:
   - set:
       target: url.value
-      value: "[[.last_response.body.next]]"
+      value: '[[if index .last_response.body "next"]][[.last_response.body.next]][[end]]'
       fail_on_template_error: true
+      do_not_log_failure: true
 
 cursor:
   last_execution_datetime:
diff --git a/packages/zerofox/data_stream/alerts/sample_event.json b/packages/zerofox/data_stream/alerts/sample_event.json
new file mode 100644
index 00000000000..edad03b9ecb
--- /dev/null
+++ b/packages/zerofox/data_stream/alerts/sample_event.json
@@ -0,0 +1,81 @@
+{
+    "@timestamp": "2021-04-29T18:56:51.000Z",
+    "agent": {
+        "ephemeral_id": "a62f495c-eaad-478c-97dd-b7eba7181fc1",
+        "id": "c112a16d-2878-45b4-9477-6eea4107d28e",
+        "name": "elastic-agent-17275",
+        "type": "filebeat",
+        "version": "8.19.4"
+    },
+    "data_stream": {
+        "dataset": "zerofox.alerts",
+        "namespace": "66460",
+        "type": "logs"
+    },
+    "ecs": {
+        "version": "8.11.0"
+    },
+    "elastic_agent": {
+        "id": "c112a16d-2878-45b4-9477-6eea4107d28e",
+        "snapshot": false,
+        "version": "8.19.4"
+    },
+    "event": {
+        "agent_id_status": "verified",
+        "created": "2017-01-10T11:00:00.000Z",
+        "dataset": "zerofox.alerts",
+        "id": "123456789",
+        "ingested": "2025-10-07T06:10:01Z",
+        "kind": "alert",
+        "original": "{\"alert_type\":\"search query\",\"asset\":{\"entity_group\":{\"id\":2857,\"name\":\"Default\"},\"id\":123456,\"image\":\"https://cdn.zerofox.com/media/entityimages/1.jpg\",\"labels\":[{\"id\":17700,\"name\":\"Brand\"}],\"name\":\"abc.com\"},\"asset_term\":\"\",\"assignee\":\"\",\"business_network\":\"\",\"content_actions\":[],\"content_created_at\":\"2017-01-10T11:00:00+00:00\",\"darkweb_term\":\"\",\"entity\":{\"entity_group\":{\"id\":2857,\"name\":\"Default\"},\"id\":123456,\"image\":\"https://cdn.zerofox.com/media/entityimages/1.jpg\",\"labels\":[{\"id\":17700,\"name\":\"Brand\"}],\"name\":\"abc.com\"},\"entity_account\":\"\",\"entity_email_receiver_id\":\"\",\"entity_term\":\"\",\"escalated\":false,\"id\":123456789,\"last_modified\":\"2021-04-29T18:56:52Z\",\"logs\":[{\"action\":\"modify tags\",\"actor\":\"ZeroFox Platform Specialist\",\"id\":205171631,\"subject\":\"\",\"timestamp\":\"2021-04-29T18:56:52+00:00\"},{\"action\":\"open\",\"actor\":\"\",\"id\":205171630,\"subject\":\"\",\"timestamp\":\"2021-04-29T18:56:51+00:00\"}],\"metadata\":\"{}\",\"network\":\"domains\",\"notes\":\"\",\"offending_content_url\":\"hxxp://abc.biz?entity=123456\",\"perpetrator\":{\"content\":\"Variation of protected domain abc.com found: abc.biz\",\"display_name\":\"Concealed\",\"id\":123456789,\"name\":\"Concealed\",\"network\":\"domains\",\"timestamp\":\"2017-01-10T11:00:00+00:00\",\"type\":\"page\",\"url\":\"hxxp://abc.biz?entity=123456\"},\"protected_account\":\"\",\"protected_locations\":\"\",\"protected_social_object\":\"\",\"reviewed\":false,\"reviews\":[],\"rule_group_id\":457,\"rule_id\":38160,\"rule_name\":\"Advanced Domain Analysis - Typosquat Match\",\"severity\":4,\"status\":\"Open\",\"tags\":[],\"timestamp\":\"2021-04-29T18:56:51+00:00\"}",
+        "severity": 4,
+        "url": "hxxp://abc.biz?entity=123456"
+    },
+    "input": {
+        "type": "httpjson"
+    },
+    "network": {
+        "name": "domains"
+    },
+    "rule": {
+        "category": "search query",
+        "id": "38160",
+        "name": "Advanced Domain Analysis - Typosquat Match",
+        "ruleset": "457"
+    },
+    "tags": [
+        "forwarded",
+        "preserve_original_event"
+    ],
+    "zerofox": {
+        "entity": {
+            "entity_group": {
+                "id": "2857",
+                "name": "Default"
+            },
+            "id": "123456",
+            "image": "https://cdn.zerofox.com/media/entityimages/1.jpg",
+            "labels": [
+                {
+                    "id": "17700",
+                    "name": "Brand"
+                }
+            ],
+            "name": "abc.com"
+        },
+        "escalated": false,
+        "last_modified": "2021-04-29T18:56:52.000Z",
+        "perpetrator": {
+            "content": "Variation of protected domain abc.com found: abc.biz",
+            "display_name": "Concealed",
+            "id": "123456789",
+            "name": "Concealed",
+            "network": "domains",
+            "timestamp": "2017-01-10T11:00:00.000Z",
+            "type": "page",
+            "url": "hxxp://abc.biz?entity=123456"
+        },
+        "reviewed": false,
+        "status": "Open"
+    }
+}
diff --git a/packages/zerofox/manifest.yml b/packages/zerofox/manifest.yml
index 9ba9b8c6ca2..a0759eab3a1 100644
--- a/packages/zerofox/manifest.yml
+++ b/packages/zerofox/manifest.yml
@@ -1,6 +1,6 @@
 name: zerofox
 title: ZeroFox
-version: "1.28.0"
+version: "1.29.0"
 description: Collect logs from ZeroFox with Elastic Agent.
 type: integration
 format_version: "3.0.2"
@@ -17,7 +17,7 @@ categories:
   - threat_intel
 conditions:
   kibana:
-    version: "^8.13.0 || ^9.0.0"
+    version: "^8.19.4 || ~9.0.7 || ^9.1.4"
 policy_templates:
   - name: zerofox
     title: ZeroFox Alerts
diff --git a/packages/zeronetworks/changelog.yml b/packages/zeronetworks/changelog.yml
index 678a7c598ca..a55cd192e88 100644
--- a/packages/zeronetworks/changelog.yml
+++ b/packages/zeronetworks/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.19.0"
+  changes:
+    - description: Prevent updating fleet health status to degraded.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/15584
 - version: "1.18.0"
   changes:
     - description: Update Kibana constraint to support 9.0.0.
diff --git a/packages/zeronetworks/data_stream/audit/agent/stream/httpjson.yml.hbs b/packages/zeronetworks/data_stream/audit/agent/stream/httpjson.yml.hbs
index 66cca1c5db8..b536cda9bfc 100644
--- a/packages/zeronetworks/data_stream/audit/agent/stream/httpjson.yml.hbs
+++ b/packages/zeronetworks/data_stream/audit/agent/stream/httpjson.yml.hbs
@@ -38,8 +38,9 @@ response.split:
 response.pagination:
 - set:
     target: url.params._cursor
-    value: '[[.last_response.body.scrollCursor]]'
+    value: '[[if index .last_response.body "scrollCursor"]][[.last_response.body.scrollCursor]][[end]]'
     fail_on_template_error: true
+    do_not_log_failure: true
 - set:
       target: url.params.from
       value: '[[.last_response.url.params.Get "from"]]'
diff --git a/packages/zeronetworks/data_stream/audit/sample_event.json b/packages/zeronetworks/data_stream/audit/sample_event.json
index 3e1fe9bf69f..cdf8094f131 100644
--- a/packages/zeronetworks/data_stream/audit/sample_event.json
+++ b/packages/zeronetworks/data_stream/audit/sample_event.json
@@ -1,24 +1,24 @@
 {
-    "@timestamp": "2023-04-27T15:04:03.485Z",
+    "@timestamp": "2024-04-01T08:30:36.440Z",
     "agent": {
-        "ephemeral_id": "af052c05-cb5a-434c-9e19-2454b4592a31",
-        "id": "c87040a9-dbdf-434b-82f5-fe7ab2593514",
-        "name": "docker-fleet-agent",
+        "ephemeral_id": "a38ccde9-f8fa-4bef-aa6b-7f5fa5112dde",
+        "id": "2aed75d3-6141-487d-990c-3f5f38044cef",
+        "name": "elastic-agent-54361",
         "type": "filebeat",
-        "version": "8.6.2"
+        "version": "8.19.4"
     },
     "data_stream": {
         "dataset": "zeronetworks.audit",
-        "namespace": "ep",
+        "namespace": "74591",
         "type": "logs"
     },
     "ecs": {
-        "version": "8.11.0"
+        "version": "8.0.0"
     },
     "elastic_agent": {
-        "id": "c87040a9-dbdf-434b-82f5-fe7ab2593514",
+        "id": "2aed75d3-6141-487d-990c-3f5f38044cef",
         "snapshot": false,
-        "version": "8.6.2"
+        "version": "8.19.4"
     },
     "event": {
         "action": "Inbound JIT rule created",
@@ -27,15 +27,16 @@
             "configuration"
         ],
         "code": "20",
-        "created": "2023-04-28T11:52:26.765Z",
+        "created": "2025-10-07T05:45:50.161Z",
         "dataset": "zeronetworks.audit",
-        "id": "nNEVgeCshUyM2KOBAQBKFvxZMHM=",
-        "ingested": "2023-04-28T11:52:27Z",
+        "id": "ccwxT6c+5Wje/n/lKFLui+RZwD8=",
+        "ingested": "2025-10-07T05:45:51Z",
         "kind": "event",
-        "original": "{\"auditType\":20,\"destinationEntitiesList\":[{\"id\":\"a:a:8ErCHXe8\",\"name\":\"DC01\"}],\"details\":\"{\\\"rule\\\":{\\\"localEntityNames\\\":{\\\"id\\\":\\\"a:a:8ErCHXe8\\\",\\\"name\\\":\\\"DC01\\\"},\\\"remoteEntityNames\\\":[{\\\"id\\\":\\\"a:a:OtfLGUBq\\\",\\\"name\\\":\\\"WC01\\\"}],\\\"ports\\\":[{\\\"protocol_type\\\":6,\\\"ports\\\":\\\"3389\\\"}],\\\"expiration\\\":1682611443458,\\\"description\\\":\\\"\\\",\\\"localProcesses\\\":[\\\"*\\\"],\\\"created_by\\\":{\\\"id\\\":\\\"u:a:RVVXGo4w\\\",\\\"name\\\":\\\"zero\\\"},\\\"enforcementSource\\\":1,\\\"createdAt\\\":1682607843460,\\\"approvedBy\\\":null,\\\"usedMfaMethod\\\":5,\\\"excludedLocalEntityNames\\\":[],\\\"state\\\":1,\\\"updatedAt\\\":1682607843460,\\\"updatedBy\\\":{},\\\"ruleClass\\\":3}}\",\"enforcementSource\":1,\"isoTimestamp\":\"2023-04-27T15:04:03.485Z\",\"parentObjectId\":\"1bedf6e4-2ed5-4e3a-987c-469baefd057b\",\"performedBy\":{\"id\":\"u:a:RVVXGo4w\",\"name\":\"zero\"},\"reportedObjectGeneration\":124139243,\"reportedObjectId\":\"ed39a792-b60d-4185-b658-1b15f020e58e\",\"timestamp\":1682607843485,\"userRole\":6}",
+        "original": "{\"auditType\":20,\"destinationEntitiesList\":[{\"id\":\"a:a:9ebab20f\",\"name\":\"SHARE\"}],\"details\":\"{\\\"rule\\\":{\\\"localEntityNames\\\":{\\\"id\\\":\\\"a:a:9ebab20f\\\",\\\"name\\\":\\\"SHARE\\\"},\\\"remoteEntityNames\\\":[{\\\"id\\\":\\\"a:a:Y5UYoaWk\\\",\\\"name\\\":\\\"SURFACE\\\"}],\\\"ports\\\":[{\\\"protocol_type\\\":6,\\\"ports\\\":\\\"3389\\\"}],\\\"expiration\\\":1711974636423,\\\"description\\\":\\\"RDP/WinRM MFA\\\",\\\"localProcesses\\\":[\\\"*\\\"],\\\"created_by\\\":{\\\"id\\\":\\\"u:a:OOdYqjWI\\\",\\\"name\\\":\\\"Benny Lakunishok\\\"},\\\"enforcementSource\\\":1,\\\"createdAt\\\":1711960236426,\\\"usedMfaMethod\\\":3,\\\"excludedLocalEntityNames\\\":[],\\\"state\\\":1,\\\"updatedAt\\\":1711960236426,\\\"updatedBy\\\":{},\\\"approvedAt\\\":0,\\\"approvedBy\\\":null,\\\"ruleClass\\\":3}}\",\"enforcementSource\":1,\"isoTimestamp\":\"2024-04-01T08:30:36.440Z\",\"parentObjectId\":\"75bde6e6-83d6-401b-b63b-c2ed062e80fb\",\"performedBy\":{\"id\":\"u:a:OOdYqjWI\",\"name\":\"Benny Lakunishok\"},\"reportedObjectGeneration\":15201363,\"reportedObjectId\":\"21cbb13b-848a-49f0-8fe1-1dc369987403\",\"timestamp\":1711960236440,\"userRole\":6}",
         "outcome": "success",
         "type": [
-            "info"
+            "info",
+            "change"
         ]
     },
     "input": {
@@ -43,8 +44,8 @@
     },
     "related": {
         "user": [
-            "u:a:RVVXGo4w",
-            "zero"
+            "u:a:OOdYqjWI",
+            "Benny Lakunishok"
         ]
     },
     "tags": [
@@ -53,27 +54,29 @@
         "preserve_original_event"
     ],
     "user": {
-        "full_name": "zero",
-        "id": "u:a:RVVXGo4w"
+        "full_name": "Benny Lakunishok",
+        "id": "u:a:OOdYqjWI"
     },
     "zeronetworks": {
         "audit": {
             "destinationEntitiesList": {
-                "id": "a:a:8ErCHXe8",
-                "name": "DC01"
+                "id": "a:a:9ebab20f",
+                "name": "SHARE"
             },
             "details": {
                 "rule": {
-                    "createdAt": 1682607843460,
+                    "approvedAt": 0,
+                    "createdAt": 1711960236426,
                     "created_by": {
-                        "id": "u:a:RVVXGo4w",
-                        "name": "zero"
+                        "id": "u:a:OOdYqjWI",
+                        "name": "Benny Lakunishok"
                     },
+                    "description": "RDP/WinRM MFA",
                     "enforcementSource": 1,
-                    "expiration": 1682611443458,
+                    "expiration": 1711974636423,
                     "localEntityNames": {
-                        "id": "a:a:8ErCHXe8",
-                        "name": "DC01"
+                        "id": "a:a:9ebab20f",
+                        "name": "SHARE"
                     },
                     "localProcesses": [
                         "*"
@@ -86,21 +89,21 @@
                     ],
                     "remoteEntityNames": [
                         {
-                            "id": "a:a:OtfLGUBq",
-                            "name": "WC01"
+                            "id": "a:a:Y5UYoaWk",
+                            "name": "SURFACE"
                         }
                     ],
                     "ruleClass": 3,
                     "state": 1,
-                    "updatedAt": 1682607843460,
-                    "usedMfaMethod": 5
+                    "updatedAt": 1711960236426,
+                    "usedMfaMethod": 3
                 }
             },
             "enforcementSource": 1,
-            "parentObjectId": "1bedf6e4-2ed5-4e3a-987c-469baefd057b",
-            "reportedObjectGeneration": 124139243,
-            "reportedObjectId": "ed39a792-b60d-4185-b658-1b15f020e58e",
+            "parentObjectId": "75bde6e6-83d6-401b-b63b-c2ed062e80fb",
+            "reportedObjectGeneration": 15201363,
+            "reportedObjectId": "21cbb13b-848a-49f0-8fe1-1dc369987403",
             "userRole": 6
         }
     }
-}
\ No newline at end of file
+}
diff --git a/packages/zeronetworks/manifest.yml b/packages/zeronetworks/manifest.yml
index 6ad74adde15..0c6ec1018bb 100644
--- a/packages/zeronetworks/manifest.yml
+++ b/packages/zeronetworks/manifest.yml
@@ -1,7 +1,7 @@
 format_version: "3.0.2"
 name: zeronetworks
 title: "Zero Networks"
-version: "1.18.0"
+version: "1.19.0"
 source:
   license: "Elastic-2.0"
 description: "Zero Networks Logs integration"
@@ -14,7 +14,7 @@ categories:
   - network_security
 conditions:
   kibana:
-    version: "^8.13.0 || ^9.0.0"
+    version: "^8.19.4 || ~9.0.7 || ^9.1.4"
   elastic:
     subscription: "basic"
 screenshots: