Add third-party REST API #545
Conversation
leehinman
force-pushed
the
apache_httpjson_poc
branch
from
687f5b7 to
a04e10d
Compare
leehinman
changed the title
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
Trends 🧪 |
leehinman
force-pushed
the
apache_httpjson_poc
branch
from
a04e10d to
cc7d8c2
Compare
leehinman
force-pushed
the
apache_httpjson_poc
branch
4 times, most recently
from
d32aa06 to
faa2773
Compare
|
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
There was a problem hiding this comment.
I would really like to see some tests that exercise the httpjson part of the config. This is the idea I had when I was thinking about how to test some other packages that use httpjson (like google workspace and okta): https://github.com/andrewkroh/stream/issues/9
| ssl.verification_mode: {{ssl.verification_mode}} | ||
| {{/if}} | ||
| {{#if ssl.certificate_authorities}} | ||
| ssl.certificate_authorites: |
packages/apache/manifest.yml
Outdated
| title: Splunk REST API Password | ||
| required: true | ||
| show_user: true | ||
| - name: ssl.enabled |
There was a problem hiding this comment.
There are quite a few possible SSL options available. I suggest hiding the SSL options under an advanced setting and letting users configure it as YAML. Passing PEM encoded CA certs too is a little easier IMO with the textbox it gives you.
integrations/packages/zoom/data_stream/webhook/manifest.yml
Lines 40 to 50 in 8770467
There was a problem hiding this comment.
Done, see if the screenshot is what you were thinking
| @@ -17,3 +17,29 @@ streams: | |||
| template_path: log.yml.hbs | |||
| title: Apache access logs | |||
| description: Collect Apache access logs | |||
| - input: httpjson | |||
| title: Apache access logs via Splunk Enterprise REST API | |||
There was a problem hiding this comment.
We should probably mark this with "(experimental)". Once we have a few more necessary package/fleet features we'll be able to implement this an independent package and remove these.
- apache - nginx - zeek - aws/cloudtrail
leehinman
force-pushed
the
apache_httpjson_poc
branch
from
faa2773 to
ce66995
Compare
This reverts commit 399e8b0.
* Add third-party REST API - apache - nginx - zeek - aws/cloudtrail
What does this PR do?
Adds third-party REST API to several packages. This allows pulling data from Splunk REST API.
Checklist
Screenshots
Add Apache Integration Screen
Third-Party REST API Configuration
Example ingested document
{ "_index": "filebeat-8.0.0-2021.01.11-000001", "_type": "_doc", "_id": "d9a88109c64ba572d8319e3325901415ff78f6b6fae8346d38c28c98010ee0b0", "_version": 1, "_score": null, "_source": { "agent": { "name": "Lees-MacBook-Pro.local", "id": "7b45f55c-a54b-4f81-a8e5-8b4033d14305", "type": "filebeat", "ephemeral_id": "3170de0e-eb99-4784-b17e-eb4292443378", "version": "8.0.0" }, "source": { "address": "127.0.0.1", "ip": "127.0.0.1" }, "fileset": { "name": "access" }, "url": { "original": "/" }, "tags": [ "forwarded" ], "input": { "type": "httpjson" }, "file": { "path": "/var/log/apache2/access.log" }, "apache": { "access": {} }, "@timestamp": "2021-01-12T17:45:52.000Z", "ecs": { "version": "1.7.0" }, "service": { "type": "apache" }, "host": { "name": "ubuntu-bionic" }, "http": { "request": { "referrer": "-", "method": "GET" }, "response": { "status_code": 200, "body": { "bytes": 11173 } }, "version": "1.1" }, "event": { "ingested": "2021-01-12T17:46:01.271439318Z", "kind": "event", "created": "2021-01-12T17:46:00.241Z", "module": "apache", "category": "web", "dataset": "apache.access", "outcome": "success" }, "user": { "name": "-" }, "user_agent": { "original": "curl/7.58.0", "name": "curl", "device": { "name": "Other" }, "version": "7.58.0" } }, "fields": { "event.ingested": [ "2021-01-12T17:46:01.271Z" ], "@timestamp": [ "2021-01-12T17:45:52.000Z" ], "event.created": [ "2021-01-12T17:46:00.241Z" ] }, "sort": [ 1610473552000 ] }