Add proxy_url support to threatintel module's malwarebazaar fileset (e…

…lastic#28533) (elastic#28565) Adds proxy_url config option to malwarebazaar Documents all proxy_url options for threat_intel (cherry picked from commit 15abbe6) Co-authored-by: Adrian Serrano <[email protected]>
leweafan · Oct 20, 2021 · c3d627f · c3d627f
1 parent 1c5643a
commit c3d627f
Showing 5 changed files with 53 additions and 0 deletions.
diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
@@ -451,6 +451,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 - Azure signinlogs - Add support for ManagedIdentitySignInLogs, NonInteractiveUserSignInLogs, and ServicePrincipalSignInLogs. {issue}23653[23653]
 - Add `base64Decode` and `base64DecodeNoPad` functions to `httpsjon` templates. {pull}28385[28385]
 - Add latency config option for aws-cloudwatch input. {pull}28509[28509]
+- Added proxy support to threatintel/malwarebazaar. {pull}28533[28533]
 
 
 *Heartbeat*

diff --git a/filebeat/docs/modules/threatintel.asciidoc b/filebeat/docs/modules/threatintel.asciidoc
@@ -64,6 +64,10 @@ The URL of the API endpoint to connect with.
 
 How often the API is polled for updated information.
 
+*`var.proxy_url`*::
+
+Optional URL to use as HTTP proxy.
+
 Abuse.ch URL Threat Intel is mapped to the following ECS fields.
 
 [options="header"]
@@ -104,6 +108,10 @@ The URL of the API endpoint to connect with.
 
 How often the API is polled for updated information.
 
+*`var.proxy_url`*::
+
+Optional URL to use as HTTP proxy.
+
 Abuse.ch Malware Threat Intel is mapped to the following ECS fields.
 
 [options="header"]
@@ -144,6 +152,10 @@ The URL of the API endpoint to connect with.
 
 How often the API is polled for updated information.
 
+*`var.proxy_url`*::
+
+Optional URL to use as HTTP proxy.
+
 Malware Bazaar Threat Intel is mapped to the following ECS fields.
 
 [options="header"]
@@ -234,6 +246,10 @@ from the last response as the filter when retrieving new events.
 List of filters to apply when retrieving new events from the MISP server, this
 field is optional and defaults to all events.
 
+*`var.proxy_url`*::
+
+Optional URL to use as HTTP proxy.
+
 MISP Threat Intel is mapped to the following ECS fields.
 
 [options="header"]
@@ -310,6 +326,10 @@ possible types to filter on can be found in the
 https://cybersecurity.att.com/documentation/usm-appliance/otx/about-otx.htm[AlientVault
 OTX documentation].
 
+*`var.proxy_url`*::
+
+Optional URL to use as HTTP proxy.
+
 
 OTX Threat Intel is mapped to the following ECS fields.
 
@@ -391,6 +411,10 @@ possible types to filter on can be found on the
 https://oasis-open.github.io/cti-documentation/stix/intro.html#stix-21-objects[Stix
 2.1 Object types] page.
 
+*`var.proxy_url`*::
+
+Optional URL to use as HTTP proxy.
+
 Anomali Threat Intel is mapped to the following ECS fields.
 
 [options="header"]

diff --git a/x-pack/filebeat/module/threatintel/_meta/docs.asciidoc b/x-pack/filebeat/module/threatintel/_meta/docs.asciidoc
@@ -59,6 +59,10 @@ The URL of the API endpoint to connect with.
 
 How often the API is polled for updated information.
 
+*`var.proxy_url`*::
+
+Optional URL to use as HTTP proxy.
+
 Abuse.ch URL Threat Intel is mapped to the following ECS fields.
 
 [options="header"]
@@ -99,6 +103,10 @@ The URL of the API endpoint to connect with.
 
 How often the API is polled for updated information.
 
+*`var.proxy_url`*::
+
+Optional URL to use as HTTP proxy.
+
 Abuse.ch Malware Threat Intel is mapped to the following ECS fields.
 
 [options="header"]
@@ -139,6 +147,10 @@ The URL of the API endpoint to connect with.
 
 How often the API is polled for updated information.
 
+*`var.proxy_url`*::
+
+Optional URL to use as HTTP proxy.
+
 Malware Bazaar Threat Intel is mapped to the following ECS fields.
 
 [options="header"]
@@ -229,6 +241,10 @@ from the last response as the filter when retrieving new events.
 List of filters to apply when retrieving new events from the MISP server, this
 field is optional and defaults to all events.
 
+*`var.proxy_url`*::
+
+Optional URL to use as HTTP proxy.
+
 MISP Threat Intel is mapped to the following ECS fields.
 
 [options="header"]
@@ -305,6 +321,10 @@ possible types to filter on can be found in the
 https://cybersecurity.att.com/documentation/usm-appliance/otx/about-otx.htm[AlientVault
 OTX documentation].
 
+*`var.proxy_url`*::
+
+Optional URL to use as HTTP proxy.
+
 
 OTX Threat Intel is mapped to the following ECS fields.
 
@@ -386,6 +406,10 @@ possible types to filter on can be found on the
 https://oasis-open.github.io/cti-documentation/stix/intro.html#stix-21-objects[Stix
 2.1 Object types] page.
 
+*`var.proxy_url`*::
+
+Optional URL to use as HTTP proxy.
+
 Anomali Threat Intel is mapped to the following ECS fields.
 
 [options="header"]

diff --git a/x-pack/filebeat/module/threatintel/malwarebazaar/config/config.yml b/x-pack/filebeat/module/threatintel/malwarebazaar/config/config.yml
@@ -9,6 +9,9 @@ request.method: POST
 
 request.ssl: {{ .ssl | tojson }}
 {{ end }}
+{{ if .proxy_url }}
+request.proxy_url: {{ .proxy_url }}
+{{ end }}
 request.url: {{ .url }}
 #request.encode_as: application/x-www-form-encoded
 

diff --git a/x-pack/filebeat/module/threatintel/malwarebazaar/manifest.yml b/x-pack/filebeat/module/threatintel/malwarebazaar/manifest.yml
@@ -10,6 +10,7 @@ var:
   - name: ssl
   - name: tags
     default: [threatintel-malwarebazaar, forwarded]
+  - name: proxy_url
 
 ingest_pipeline:
   - ingest/pipeline.yml