elastic · semd · Jun 19, 2026
diff --git a/.gitignore b/.gitignore
@@ -18,10 +18,12 @@ node_modules/
 *.log
 npm-debug.log*
 
-# Internal scripts and metadata
-scripts/
+# Internal scratch metadata
 workflow-metadata.json
 
+# Build output (generated by scripts/build-catalog.mjs; uploaded to the CDN)
+dist/
+
 # Environment and secrets
 .env
 .env.*

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
diff --git a/README.md b/README.md
diff --git a/docs/importing.md b/docs/importing.md
@@ -73,7 +73,7 @@ The simplest way to import a single workflow.
 
 ### Example: Importing Hash Threat Check
 
-1. Open [`workflows/security/detection/hash-threat-check.yaml`](../workflows/security/detection/hash-threat-check.yaml)
+1. Open [`examples/security/detection/hash-threat-check.yaml`](../examples/security/detection/hash-threat-check.yaml)
 2. Copy the content
 3. In Kibana, create new workflow and paste
 4. Update the VirusTotal API key:
@@ -104,7 +104,7 @@ curl -X POST "https://YOUR_KIBANA_URL/api/workflows" \
 
 ```bash
 # Read file and escape for JSON
-YAML_CONTENT=$(cat workflows/detection/hash-threat-check.yaml)
+YAML_CONTENT=$(cat examples/security/detection/hash-threat-check.yaml)
 
 curl -X POST "https://YOUR_KIBANA_URL/api/workflows" \
   -H "kbn-xsrf: true" \
@@ -123,7 +123,7 @@ EOF
 ```bash
 # Install jq if not available: brew install jq (macOS) or apt install jq (Linux)
 
-cat workflows/detection/hash-threat-check.yaml | \
+cat examples/security/detection/hash-threat-check.yaml | \
   jq -Rs '{yaml: .}' | \
   curl -X POST "https://YOUR_KIBANA_URL/api/workflows" \
     -H "kbn-xsrf: true" \
@@ -239,7 +239,7 @@ Import multiple workflows at once.
 
 KIBANA_URL="${KIBANA_URL:-https://your-kibana-url}"
 API_KEY="${API_KEY:-your-api-key}"
-WORKFLOW_DIR="${1:-workflows}"
+WORKFLOW_DIR="${1:-examples}"
 
 import_workflow() {
   local file="$1"
@@ -280,10 +280,10 @@ echo "Import complete!"
 
 ```bash
 # Import all workflows
-./bulk_import.sh workflows/
+./bulk_import.sh examples/
 
 # Import specific category
-./bulk_import.sh workflows/detection/
+./bulk_import.sh examples/security/detection/
 
 # With environment variables
 KIBANA_URL=https://my-kibana.example.com API_KEY=abc123 ./bulk_import.sh
@@ -364,7 +364,7 @@ def bulk_import(directory):
     print(f"Import complete: {success} succeeded, {failed} failed")
 
 if __name__ == "__main__":
-    directory = sys.argv[1] if len(sys.argv) > 1 else "workflows"
+    directory = sys.argv[1] if len(sys.argv) > 1 else "examples"
     bulk_import(directory)
 ```
 
@@ -470,7 +470,7 @@ Error: YAML parsing failed
 
 **Solution:** Validate YAML with an online validator or `yamllint`:
 ```bash
-yamllint workflows/detection/my-workflow.yaml
+yamllint examples/security/detection/my-workflow.yaml
 ```
 
 #### 2. Missing Required Fields

diff --git a/workflows/ai-agents/README.md → examples/ai-agents/README.md b/workflows/ai-agents/README.md → examples/ai-agents/README.md
diff --git a/...ows/ai-agents/call-subagent-workflow.yaml → ...les/ai-agents/call-subagent-workflow.yaml b/...ows/ai-agents/call-subagent-workflow.yaml → ...les/ai-agents/call-subagent-workflow.yaml
diff --git a/workflows/ai-agents/invoke-an-agent.yaml → examples/ai-agents/invoke-an-agent.yaml b/workflows/ai-agents/invoke-an-agent.yaml → examples/ai-agents/invoke-an-agent.yaml
diff --git a/workflows/data/README.md → examples/data/README.md b/workflows/data/README.md → examples/data/README.md
diff --git a/workflows/data/getdocument.yaml → examples/data/getdocument.yaml b/workflows/data/getdocument.yaml → examples/data/getdocument.yaml
diff --git a/workflows/data/log-injection.yaml → examples/data/log-injection.yaml b/workflows/data/log-injection.yaml → examples/data/log-injection.yaml
diff --git a/workflows/data/rss-feed-ingest.yaml → examples/data/rss-feed-ingest.yaml b/workflows/data/rss-feed-ingest.yaml → examples/data/rss-feed-ingest.yaml
diff --git a/workflows/examples/README.md → examples/examples/README.md b/workflows/examples/README.md → examples/examples/README.md
diff --git a/workflows/examples/national-parks-demo.yaml → examples/examples/national-parks-demo.yaml b/workflows/examples/national-parks-demo.yaml → examples/examples/national-parks-demo.yaml
diff --git a/workflows/integrations/amazon-s3/README.md → examples/integrations/amazon-s3/README.md b/workflows/integrations/amazon-s3/README.md → examples/integrations/amazon-s3/README.md
diff --git a/...integrations/amazon-s3/download-file.yaml → ...integrations/amazon-s3/download-file.yaml b/...integrations/amazon-s3/download-file.yaml → ...integrations/amazon-s3/download-file.yaml
diff --git a/workflows/integrations/caldera/README.md → examples/integrations/caldera/README.md b/workflows/integrations/caldera/README.md → examples/integrations/caldera/README.md
diff --git a/...tions/caldera/create-caldera-ability.yaml → ...tions/caldera/create-caldera-ability.yaml b/...tions/caldera/create-caldera-ability.yaml → ...tions/caldera/create-caldera-ability.yaml
diff --git a/...ons/caldera/create-caldera-adversary.yaml → ...ons/caldera/create-caldera-adversary.yaml b/...ons/caldera/create-caldera-adversary.yaml → ...ons/caldera/create-caldera-adversary.yaml
diff --git a/...ons/caldera/create-caldera-operation.yaml → ...ons/caldera/create-caldera-operation.yaml b/...ons/caldera/create-caldera-operation.yaml → ...ons/caldera/create-caldera-operation.yaml
diff --git a/...caldera/get-caldera-operation-report.yaml → ...caldera/get-caldera-operation-report.yaml b/...caldera/get-caldera-operation-report.yaml → ...caldera/get-caldera-operation-report.yaml
diff --git a/...s/integrations/confluence-cloud/README.md → ...s/integrations/confluence-cloud/README.md b/...s/integrations/confluence-cloud/README.md → ...s/integrations/confluence-cloud/README.md
diff --git a/...ations/confluence-cloud/get-resource.yaml → ...ations/confluence-cloud/get-resource.yaml b/...ations/confluence-cloud/get-resource.yaml → ...ations/confluence-cloud/get-resource.yaml
diff --git a/...tions/confluence-cloud/list-resource.yaml → ...tions/confluence-cloud/list-resource.yaml b/...tions/confluence-cloud/list-resource.yaml → ...tions/confluence-cloud/list-resource.yaml
diff --git a/workflows/integrations/firebase/README.md → examples/integrations/firebase/README.md b/workflows/integrations/firebase/README.md → examples/integrations/firebase/README.md
diff --git a/...rant-and-fetch-firebase-bearer-token.yaml → ...rant-and-fetch-firebase-bearer-token.yaml b/...rant-and-fetch-firebase-bearer-token.yaml → ...rant-and-fetch-firebase-bearer-token.yaml
diff --git a/...firebase/grant-firebase-bearer-token.yaml → ...firebase/grant-firebase-bearer-token.yaml b/...firebase/grant-firebase-bearer-token.yaml → ...firebase/grant-firebase-bearer-token.yaml
diff --git a/workflows/integrations/firecrawl/README.md → examples/integrations/firecrawl/README.md b/workflows/integrations/firecrawl/README.md → examples/integrations/firecrawl/README.md
diff --git a/workflows/integrations/firecrawl/crawl.yaml → examples/integrations/firecrawl/crawl.yaml b/workflows/integrations/firecrawl/crawl.yaml → examples/integrations/firecrawl/crawl.yaml
diff --git a/workflows/integrations/github/README.md → examples/integrations/github/README.md b/workflows/integrations/github/README.md → examples/integrations/github/README.md
diff --git a/...ows/integrations/github/get-resource.yaml → ...les/integrations/github/get-resource.yaml b/...ows/integrations/github/get-resource.yaml → ...les/integrations/github/get-resource.yaml
diff --git a/...s/integrations/github/list-resources.yaml → ...s/integrations/github/list-resources.yaml b/...s/integrations/github/list-resources.yaml → ...s/integrations/github/list-resources.yaml
diff --git a/workflows/integrations/github/search.yaml → examples/integrations/github/search.yaml b/workflows/integrations/github/search.yaml → examples/integrations/github/search.yaml
diff --git a/...ws/integrations/google-calendar/README.md → ...es/integrations/google-calendar/README.md b/...ws/integrations/google-calendar/README.md → ...es/integrations/google-calendar/README.md
diff --git a/...tegrations/google-calendar/free-busy.yaml → ...tegrations/google-calendar/free-busy.yaml b/...tegrations/google-calendar/free-busy.yaml → ...tegrations/google-calendar/free-busy.yaml
diff --git a/...tegrations/google-calendar/get-event.yaml → ...tegrations/google-calendar/get-event.yaml b/...tegrations/google-calendar/get-event.yaml → ...tegrations/google-calendar/get-event.yaml
diff --git a/...tions/google-calendar/list-calendars.yaml → ...tions/google-calendar/list-calendars.yaml b/...tions/google-calendar/list-calendars.yaml → ...tions/google-calendar/list-calendars.yaml
diff --git a/...grations/google-calendar/list-events.yaml → ...grations/google-calendar/list-events.yaml b/...grations/google-calendar/list-events.yaml → ...grations/google-calendar/list-events.yaml
diff --git a/.../integrations/google-calendar/search.yaml → .../integrations/google-calendar/search.yaml b/.../integrations/google-calendar/search.yaml → .../integrations/google-calendar/search.yaml
diff --git a/...tegrations/google-cloud-storage/README.md → ...tegrations/google-cloud-storage/README.md b/...tegrations/google-cloud-storage/README.md → ...tegrations/google-cloud-storage/README.md
diff --git a/...ations/google-cloud-storage/download.yaml → ...ations/google-cloud-storage/download.yaml b/...ations/google-cloud-storage/download.yaml → ...ations/google-cloud-storage/download.yaml
diff --git a/...le-cloud-storage/get-object-metadata.yaml → ...le-cloud-storage/get-object-metadata.yaml b/...le-cloud-storage/get-object-metadata.yaml → ...le-cloud-storage/get-object-metadata.yaml
diff --git a/...ns/google-cloud-storage/list-buckets.yaml → ...ns/google-cloud-storage/list-buckets.yaml b/...ns/google-cloud-storage/list-buckets.yaml → ...ns/google-cloud-storage/list-buckets.yaml
diff --git a/...ns/google-cloud-storage/list-objects.yaml → ...ns/google-cloud-storage/list-objects.yaml b/...ns/google-cloud-storage/list-objects.yaml → ...ns/google-cloud-storage/list-objects.yaml
diff --git a/...s/google-cloud-storage/list-projects.yaml → ...s/google-cloud-storage/list-projects.yaml b/...s/google-cloud-storage/list-projects.yaml → ...s/google-cloud-storage/list-projects.yaml
diff --git a/...flows/integrations/google-drive/README.md → examples/integrations/google-drive/README.md b/...flows/integrations/google-drive/README.md → examples/integrations/google-drive/README.md
diff --git a/...s/integrations/google-drive/download.yaml → ...s/integrations/google-drive/download.yaml b/...s/integrations/google-drive/download.yaml → ...s/integrations/google-drive/download.yaml
diff --git a/workflows/integrations/jenkins/README.md → examples/integrations/jenkins/README.md b/workflows/integrations/jenkins/README.md → examples/integrations/jenkins/README.md
diff --git a/...jenkins/trigger-jenkins-build-simple.yaml → ...jenkins/trigger-jenkins-build-simple.yaml b/...jenkins/trigger-jenkins-build-simple.yaml → ...jenkins/trigger-jenkins-build-simple.yaml
diff --git a/workflows/integrations/jira-cloud/README.md → examples/integrations/jira-cloud/README.md b/workflows/integrations/jira-cloud/README.md → examples/integrations/jira-cloud/README.md
diff --git a/...integrations/jira-cloud/get-resource.yaml → ...integrations/jira-cloud/get-resource.yaml b/...integrations/jira-cloud/get-resource.yaml → ...integrations/jira-cloud/get-resource.yaml
diff --git a/workflows/integrations/jira/README.md → examples/integrations/jira/README.md b/workflows/integrations/jira/README.md → examples/integrations/jira/README.md
diff --git a/...integrations/jira/create-jira-ticket.yaml → ...integrations/jira/create-jira-ticket.yaml b/...integrations/jira/create-jira-ticket.yaml → ...integrations/jira/create-jira-ticket.yaml
diff --git a/...ws/integrations/microsoft-teams/README.md → ...es/integrations/microsoft-teams/README.md b/...ws/integrations/microsoft-teams/README.md → ...es/integrations/microsoft-teams/README.md
diff --git a/...tions/microsoft-teams/list-resources.yaml → ...tions/microsoft-teams/list-resources.yaml b/...tions/microsoft-teams/list-resources.yaml → ...tions/microsoft-teams/list-resources.yaml
diff --git a/...ions/microsoft-teams/search-messages.yaml → ...ions/microsoft-teams/search-messages.yaml b/...ions/microsoft-teams/search-messages.yaml → ...ions/microsoft-teams/search-messages.yaml
diff --git a/workflows/integrations/pagerduty/README.md → examples/integrations/pagerduty/README.md b/workflows/integrations/pagerduty/README.md → examples/integrations/pagerduty/README.md
diff --git a/...ows/integrations/pagerduty/get-by-id.yaml → ...les/integrations/pagerduty/get-by-id.yaml b/...ows/integrations/pagerduty/get-by-id.yaml → ...les/integrations/pagerduty/get-by-id.yaml
diff --git a/...ns/pagerduty/get-escalation-policies.yaml → ...ns/pagerduty/get-escalation-policies.yaml b/...ns/pagerduty/get-escalation-policies.yaml → ...ns/pagerduty/get-escalation-policies.yaml
diff --git a/...integrations/pagerduty/get-incidents.yaml → ...integrations/pagerduty/get-incidents.yaml b/...integrations/pagerduty/get-incidents.yaml → ...integrations/pagerduty/get-incidents.yaml
diff --git a/...s/integrations/pagerduty/get-oncalls.yaml → ...s/integrations/pagerduty/get-oncalls.yaml b/...s/integrations/pagerduty/get-oncalls.yaml → ...s/integrations/pagerduty/get-oncalls.yaml
diff --git a/...integrations/pagerduty/get-schedules.yaml → ...integrations/pagerduty/get-schedules.yaml b/...integrations/pagerduty/get-schedules.yaml → ...integrations/pagerduty/get-schedules.yaml
diff --git a/workflows/integrations/pagerduty/search.yaml → examples/integrations/pagerduty/search.yaml b/workflows/integrations/pagerduty/search.yaml → examples/integrations/pagerduty/search.yaml
diff --git a/workflows/integrations/servicenow/README.md → examples/integrations/servicenow/README.md b/workflows/integrations/servicenow/README.md → examples/integrations/servicenow/README.md
diff --git a/...tegrations/servicenow/get-attachment.yaml → ...tegrations/servicenow/get-attachment.yaml b/...tegrations/servicenow/get-attachment.yaml → ...tegrations/servicenow/get-attachment.yaml
diff --git a/.../servicenow/get-record-with-comments.yaml → .../servicenow/get-record-with-comments.yaml b/.../servicenow/get-record-with-comments.yaml → .../servicenow/get-record-with-comments.yaml
diff --git a/.../integrations/sharepoint-online/README.md → .../integrations/sharepoint-online/README.md b/.../integrations/sharepoint-online/README.md → .../integrations/sharepoint-online/README.md
diff --git a/...egrations/sharepoint-online/download.yaml → ...egrations/sharepoint-online/download.yaml b/...egrations/sharepoint-online/download.yaml → ...egrations/sharepoint-online/download.yaml
diff --git a/...ons/sharepoint-online/list-resources.yaml → ...ons/sharepoint-online/list-resources.yaml b/...ons/sharepoint-online/list-resources.yaml → ...ons/sharepoint-online/list-resources.yaml
diff --git a/.../integrations/sharepoint-server/README.md → .../integrations/sharepoint-server/README.md b/.../integrations/sharepoint-server/README.md → .../integrations/sharepoint-server/README.md
diff --git a/...egrations/sharepoint-server/download.yaml → ...egrations/sharepoint-server/download.yaml b/...egrations/sharepoint-server/download.yaml → ...egrations/sharepoint-server/download.yaml
diff --git a/...ons/sharepoint-server/list-resources.yaml → ...ons/sharepoint-server/list-resources.yaml b/...ons/sharepoint-server/list-resources.yaml → ...ons/sharepoint-server/list-resources.yaml
diff --git a/workflows/integrations/slack/README.md → examples/integrations/slack/README.md b/workflows/integrations/slack/README.md → examples/integrations/slack/README.md
diff --git a/...ons/slack/add-users-to-slack-channel.yaml → ...ons/slack/add-users-to-slack-channel.yaml b/...ons/slack/add-users-to-slack-channel.yaml → ...ons/slack/add-users-to-slack-channel.yaml
diff --git a/...egrations/slack/create-slack-channel.yaml → ...egrations/slack/create-slack-channel.yaml b/...egrations/slack/create-slack-channel.yaml → ...egrations/slack/create-slack-channel.yaml
diff --git a/...-to-slack-channel-with-blocks-format.yaml → ...-to-slack-channel-with-blocks-format.yaml b/...-to-slack-channel-with-blocks-format.yaml → ...-to-slack-channel-with-blocks-format.yaml
diff --git a/workflows/integrations/snowflake/README.md → examples/integrations/snowflake/README.md b/workflows/integrations/snowflake/README.md → examples/integrations/snowflake/README.md
diff --git a/...egrations/snowflake/search-snowflake.yaml → ...egrations/snowflake/search-snowflake.yaml b/...egrations/snowflake/search-snowflake.yaml → ...egrations/snowflake/search-snowflake.yaml
diff --git a/workflows/integrations/splunk/README.md → examples/integrations/splunk/README.md b/workflows/integrations/splunk/README.md → examples/integrations/splunk/README.md
diff --git a/...rations/splunk/inspect-splunk-fields.yaml → ...rations/splunk/inspect-splunk-fields.yaml b/...rations/splunk/inspect-splunk-fields.yaml → ...rations/splunk/inspect-splunk-fields.yaml
diff --git a/...egrations/splunk/list-splunk-indices.yaml → ...egrations/splunk/list-splunk-indices.yaml b/...egrations/splunk/list-splunk-indices.yaml → ...egrations/splunk/list-splunk-indices.yaml
diff --git a/...ws/integrations/splunk/search-splunk.yaml → ...es/integrations/splunk/search-splunk.yaml b/...ws/integrations/splunk/search-splunk.yaml → ...es/integrations/splunk/search-splunk.yaml
diff --git a/...ment-with-virustotal-and-ai-analysis.yaml → ...ment-with-virustotal-and-ai-analysis.yaml b/...ment-with-virustotal-and-ai-analysis.yaml → ...ment-with-virustotal-and-ai-analysis.yaml
diff --git a/...ows/integrations/splunk/splunk-query.yaml → ...les/integrations/splunk/splunk-query.yaml b/...ows/integrations/splunk/splunk-query.yaml → ...les/integrations/splunk/splunk-query.yaml
diff --git a/workflows/integrations/tavily/README.md → examples/integrations/tavily/README.md b/workflows/integrations/tavily/README.md → examples/integrations/tavily/README.md
diff --git a/workflows/integrations/tavily/search.yaml → examples/integrations/tavily/search.yaml b/workflows/integrations/tavily/search.yaml → examples/integrations/tavily/search.yaml
diff --git a/workflows/integrations/zendesk/README.md → examples/integrations/zendesk/README.md b/workflows/integrations/zendesk/README.md → examples/integrations/zendesk/README.md
diff --git a/...ws/integrations/zendesk/list-tickets.yaml → ...es/integrations/zendesk/list-tickets.yaml b/...ws/integrations/zendesk/list-tickets.yaml → ...es/integrations/zendesk/list-tickets.yaml
diff --git a/workflows/integrations/zendesk/search.yaml → examples/integrations/zendesk/search.yaml b/workflows/integrations/zendesk/search.yaml → examples/integrations/zendesk/search.yaml
diff --git a/workflows/integrations/zoom/README.md → examples/integrations/zoom/README.md b/workflows/integrations/zoom/README.md → examples/integrations/zoom/README.md
diff --git a/workflows/integrations/zoom/get-meeting.yaml → examples/integrations/zoom/get-meeting.yaml b/workflows/integrations/zoom/get-meeting.yaml → examples/integrations/zoom/get-meeting.yaml
diff --git a/...ows/integrations/zoom/list-resources.yaml → ...les/integrations/zoom/list-resources.yaml b/...ows/integrations/zoom/list-resources.yaml → ...les/integrations/zoom/list-resources.yaml
diff --git a/workflows/observability/README.md → examples/observability/README.md b/workflows/observability/README.md → examples/observability/README.md
diff --git a/workflows/observability/ai-steps-demo.yaml → examples/observability/ai-steps-demo.yaml b/workflows/observability/ai-steps-demo.yaml → examples/observability/ai-steps-demo.yaml
diff --git a/...ity/root-cause-analysis-rca-workflow.yaml → ...ity/root-cause-analysis-rca-workflow.yaml b/...ity/root-cause-analysis-rca-workflow.yaml → ...ity/root-cause-analysis-rca-workflow.yaml
diff --git a/workflows/search/README.md → examples/search/README.md b/workflows/search/README.md → examples/search/README.md
diff --git a/workflows/search/eql-to-esql.yaml → examples/search/eql-to-esql.yaml b/workflows/search/eql-to-esql.yaml → examples/search/eql-to-esql.yaml
diff --git a/...ery-output-table-values-to-new-index.yaml → ...ery-output-table-values-to-new-index.yaml b/...ery-output-table-values-to-new-index.yaml → ...ery-output-table-values-to-new-index.yaml
diff --git a/...ows/search/semantic-knowledge-search.yaml → ...les/search/semantic-knowledge-search.yaml b/...ows/search/semantic-knowledge-search.yaml → ...les/search/semantic-knowledge-search.yaml
diff --git a/workflows/search/web-search.yaml → examples/search/web-search.yaml b/workflows/search/web-search.yaml → examples/search/web-search.yaml
diff --git a/workflows/security/compliance/README.md → examples/security/compliance/README.md b/workflows/security/compliance/README.md → examples/security/compliance/README.md
diff --git a/...rity/compliance/pci-daily-assessment.yaml → ...rity/compliance/pci-daily-assessment.yaml b/...rity/compliance/pci-daily-assessment.yaml → ...rity/compliance/pci-daily-assessment.yaml
diff --git a/...ompliance/pci-violation-case-creator.yaml → ...ompliance/pci-violation-case-creator.yaml b/...ompliance/pci-violation-case-creator.yaml → ...ompliance/pci-violation-case-creator.yaml
diff --git a/workflows/security/detection/README.md → examples/security/detection/README.md b/workflows/security/detection/README.md → examples/security/detection/README.md
diff --git a/.../security/detection/add-alert-tag-fp.yaml → .../security/detection/add-alert-tag-fp.yaml b/.../security/detection/add-alert-tag-fp.yaml → .../security/detection/add-alert-tag-fp.yaml
diff --git a/.../security/detection/add-alert-tag-tp.yaml → .../security/detection/add-alert-tag-tp.yaml b/.../security/detection/add-alert-tag-tp.yaml → .../security/detection/add-alert-tag-tp.yaml
diff --git a/...security/detection/create-alert-note.yaml → ...security/detection/create-alert-note.yaml b/...security/detection/create-alert-note.yaml → ...security/detection/create-alert-note.yaml
diff --git a/...security/detection/hash-threat-check.yaml → ...security/detection/hash-threat-check.yaml b/...security/detection/hash-threat-check.yaml → ...security/detection/hash-threat-check.yaml
diff --git a/...ecurity/detection/manually-run-rules.yaml → ...ecurity/detection/manually-run-rules.yaml b/...ecurity/detection/manually-run-rules.yaml → ...ecurity/detection/manually-run-rules.yaml
diff --git a/...detection/mark-alert-as-acknowledged.yaml → ...detection/mark-alert-as-acknowledged.yaml b/...detection/mark-alert-as-acknowledged.yaml → ...detection/mark-alert-as-acknowledged.yaml
diff --git a/...urity/detection/mark-alert-as-closed.yaml → ...urity/detection/mark-alert-as-closed.yaml b/...urity/detection/mark-alert-as-closed.yaml → ...urity/detection/mark-alert-as-closed.yaml
diff --git a/...y/detection/snmp-link-status-monitor.yaml → ...y/detection/snmp-link-status-monitor.yaml b/...y/detection/snmp-link-status-monitor.yaml → ...y/detection/snmp-link-status-monitor.yaml
diff --git a/workflows/security/enrichment/README.md → examples/security/enrichment/README.md b/workflows/security/enrichment/README.md → examples/security/enrichment/README.md
diff --git a/...ecurity/enrichment/geoipfromdiscover.yaml → ...ecurity/enrichment/geoipfromdiscover.yaml b/...ecurity/enrichment/geoipfromdiscover.yaml → ...ecurity/enrichment/geoipfromdiscover.yaml
diff --git a/...urity/enrichment/ip-reputation-check.yaml → ...urity/enrichment/ip-reputation-check.yaml b/...urity/enrichment/ip-reputation-check.yaml → ...urity/enrichment/ip-reputation-check.yaml
diff --git a/...ity/enrichment/rootcausefromdiscover.yaml → ...ity/enrichment/rootcausefromdiscover.yaml b/...ity/enrichment/rootcausefromdiscover.yaml → ...ity/enrichment/rootcausefromdiscover.yaml
diff --git a/...y/enrichment/send-hash-to-virustotal.yaml → ...y/enrichment/send-hash-to-virustotal.yaml b/...y/enrichment/send-hash-to-virustotal.yaml → ...y/enrichment/send-hash-to-virustotal.yaml
diff --git a/...ity/enrichment/send-ip-to-virustotal.yaml → ...ity/enrichment/send-ip-to-virustotal.yaml b/...ity/enrichment/send-ip-to-virustotal.yaml → ...ity/enrichment/send-ip-to-virustotal.yaml
diff --git a/workflows/security/response/README.md → examples/security/response/README.md b/workflows/security/response/README.md → examples/security/response/README.md
diff --git a/...urity/response/ad-automated-triaging.yaml → ...urity/response/ad-automated-triaging.yaml b/...urity/response/ad-automated-triaging.yaml → ...urity/response/ad-automated-triaging.yaml
diff --git a/...security/response/case-workflow-prod.yaml → ...security/response/case-workflow-prod.yaml b/...security/response/case-workflow-prod.yaml → ...security/response/case-workflow-prod.yaml
diff --git a/...ows/security/response/createcasetool.yaml → ...les/security/response/createcasetool.yaml b/...ows/security/response/createcasetool.yaml → ...les/security/response/createcasetool.yaml
diff --git a/...security/response/traditional-triage.yaml → ...security/response/traditional-triage.yaml b/...security/response/traditional-triage.yaml → ...security/response/traditional-triage.yaml
diff --git a/workflows/utilities/README.md → examples/utilities/README.md b/workflows/utilities/README.md → examples/utilities/README.md
diff --git a/workflows/utilities/digest-workflow.yaml → examples/utilities/digest-workflow.yaml b/workflows/utilities/digest-workflow.yaml → examples/utilities/digest-workflow.yaml
diff --git a/...flows/utilities/execute-and-retrieve.yaml → examples/utilities/execute-and-retrieve.yaml b/...flows/utilities/execute-and-retrieve.yaml → examples/utilities/execute-and-retrieve.yaml
diff --git a/workflows/utilities/execute.yaml → examples/utilities/execute.yaml b/workflows/utilities/execute.yaml → examples/utilities/execute.yaml
diff --git a/workflows/utilities/get-action-status.yaml → examples/utilities/get-action-status.yaml b/workflows/utilities/get-action-status.yaml → examples/utilities/get-action-status.yaml
diff --git a/workflows/utilities/get-time.yaml → examples/utilities/get-time.yaml b/workflows/utilities/get-time.yaml → examples/utilities/get-time.yaml
diff --git a/workflows/utilities/index-commits.yaml → examples/utilities/index-commits.yaml b/workflows/utilities/index-commits.yaml → examples/utilities/index-commits.yaml
diff --git a/...ows/utilities/invoke-other-workflows.yaml → ...les/utilities/invoke-other-workflows.yaml b/...ows/utilities/invoke-other-workflows.yaml → ...les/utilities/invoke-other-workflows.yaml
diff --git a/...ows/utilities/save-emulation-results.yaml → ...les/utilities/save-emulation-results.yaml b/...ows/utilities/save-emulation-results.yaml → ...les/utilities/save-emulation-results.yaml
diff --git a/...flows/utilities/summarize-hackernews.yaml → examples/utilities/summarize-hackernews.yaml b/...flows/utilities/summarize-hackernews.yaml → examples/utilities/summarize-hackernews.yaml
diff --git a/...s/utilities/update-emulation-results.yaml → ...s/utilities/update-emulation-results.yaml b/...s/utilities/update-emulation-results.yaml → ...s/utilities/update-emulation-results.yaml
diff --git a/workflows/utilities/url-threat-scan.yaml → examples/utilities/url-threat-scan.yaml b/workflows/utilities/url-threat-scan.yaml → examples/utilities/url-threat-scan.yaml
diff --git a/kibana-versions.json b/kibana-versions.json
@@ -0,0 +1,5 @@
+{
+  "latest": "main",
+  "oldest": "9.5.0",
+  "cataloguePer": "minor"
+}
diff --git a/library/workflows/root-cause-analysis/root-cause-analysis.yaml b/library/workflows/root-cause-analysis/root-cause-analysis.yaml
@@ -8,6 +8,7 @@ template-metadata:
     possible root causes, then file a Case with the agent's analysis,
     a generated title and description, the alert attached, and a
     structured summary of the agent's reasoning steps as comments.
+  solutions: [security, observability]
   categories: [root-cause-analysis, ai-agent, case-management]
   install:
     form:

diff --git a/library/workflows/semantic-knowledge-search/semantic-knowledge-search.yaml b/library/workflows/semantic-knowledge-search/semantic-knowledge-search.yaml
@@ -7,7 +7,6 @@ template-metadata:
     Run a semantic search against a knowledge-base index using a natural
     language query, with optional namespace and knowledge-type filters
     applied as Elasticsearch term clauses.
-  solutions: [search]
   categories: [search]
   install:
     form:

diff --git a/library/workflows/web-search/web-search.yaml b/library/workflows/web-search/web-search.yaml
@@ -7,6 +7,7 @@ template-metadata:
     Run a web search via the Brave Search API and return the raw result
     set. Useful as a building block for enrichment, research, or
     LLM-grounding workflows.
+  solutions: []
   categories: [search]
   icon: brave
   install:

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -0,0 +1,18 @@
+{
+  "name": "@elastic/workflows-library",
+  "version": "0.0.0",
+  "private": true,
+  "description": "Source repo for the Kibana Workflow Template Library",
+  "license": "Apache-2.0",
+  "type": "module",
+  "engines": {
+    "node": ">=20"
+  },
+  "scripts": {
+    "build:catalog": "node scripts/build-catalog.mjs"
+  },
+  "dependencies": {
+    "js-yaml": "^4.2.0",
+    "semver": "^7.8.4"
+  }
+}