Skip to content

Commit

Permalink
updating manifest files for filebeat threatintel module (#24074) (#24079
Browse files Browse the repository at this point in the history
)

* updating manifest files for filebeat threatintel module

* split on new object type in config

(cherry picked from commit f9fe84d)
  • Loading branch information
P1llus authored Feb 17, 2021
1 parent d2d34f8 commit 1666f89
Show file tree
Hide file tree
Showing 6 changed files with 116 additions and 103 deletions.
7 changes: 5 additions & 2 deletions x-pack/filebeat/module/threatintel/anomali/config/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,12 @@ type: httpjson
config_version: "2"
interval: {{ .interval }}

{{ if .username }}
auth.basic.user: {{ .username }}
{{ end }}
{{ if .password }}
auth.basic.password: {{ .password }}

{{ end }}
request.method: GET
{{ if .ssl }}
- request.ssl: {{ .ssl | tojson }}
Expand All @@ -32,7 +35,7 @@ request.transforms:
default: '[[ formatDate (now (parseDuration "-{{ .first_interval }}")) "2006-01-02T15:04:05.999Z" ]]'

response.split:
target: body.results
target: body.objects

cursor:
timestamp:
Expand Down
4 changes: 3 additions & 1 deletion x-pack/filebeat/module/threatintel/anomali/manifest.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@ var:
default: httpjson
- name: interval
default: 60m
- name: first_interval
default: 24h
- name: ssl
- name: types
default: indicators
Expand All @@ -13,7 +15,7 @@ var:
- name: url
default: "https://otx.alienvault.com/api/v1/indicators/export"
- name: tags
default: [threatintel-otx, forwarded]
default: [threatintel-anomali, forwarded]

ingest_pipeline:
- ingest/pipeline.yml
Expand Down
Loading

0 comments on commit 1666f89

Please sign in to comment.