Skip to content

Commit

Permalink
Add proxy_url support to threatintel module's malwarebazaar fileset (e…
Browse files Browse the repository at this point in the history 
…lastic#28533)

Adds proxy_url config option to malwarebazaar

Documents all proxy_url options for threat_intel
  • Loading branch information
@adriansr
adriansr committed Oct 20, 2021
1 parent ec8e051 commit 15abbe6
Show file tree
Hide file tree
Showing 5 changed files with 53 additions and 0 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.next.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -777,6 +777,7 @@ for a few releases. Please use other tools provided by Elastic to fetch data fro
- Azure signinlogs - Add support for ManagedIdentitySignInLogs, NonInteractiveUserSignInLogs, and ServicePrincipalSignInLogs. {issue}23653[23653]
- Add `base64Decode` and `base64DecodeNoPad` functions to `httpsjon` templates. {pull}28385[28385]
- Add latency config option for aws-cloudwatch input. {pull}28509[28509]
- Added proxy support to threatintel/malwarebazaar. {pull}28533[28533]

*Heartbeat*

Expand Down
24 changes: 24 additions & 0 deletions filebeat/docs/modules/threatintel.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,10 @@ The URL of the API endpoint to connect with.

How often the API is polled for updated information.

*`var.proxy_url`*::

Optional URL to use as HTTP proxy.

Abuse.ch URL Threat Intel is mapped to the following ECS fields.

[options="header"]
Expand Down Expand Up @@ -104,6 +108,10 @@ The URL of the API endpoint to connect with.

How often the API is polled for updated information.

*`var.proxy_url`*::

Optional URL to use as HTTP proxy.

Abuse.ch Malware Threat Intel is mapped to the following ECS fields.

[options="header"]
Expand Down Expand Up @@ -144,6 +152,10 @@ The URL of the API endpoint to connect with.

How often the API is polled for updated information.

*`var.proxy_url`*::

Optional URL to use as HTTP proxy.

Malware Bazaar Threat Intel is mapped to the following ECS fields.

[options="header"]
Expand Down Expand Up @@ -234,6 +246,10 @@ from the last response as the filter when retrieving new events.
List of filters to apply when retrieving new events from the MISP server, this
field is optional and defaults to all events.

*`var.proxy_url`*::

Optional URL to use as HTTP proxy.

MISP Threat Intel is mapped to the following ECS fields.

[options="header"]
Expand Down Expand Up @@ -310,6 +326,10 @@ possible types to filter on can be found in the
https://cybersecurity.att.com/documentation/usm-appliance/otx/about-otx.htm[AlientVault
OTX documentation].

*`var.proxy_url`*::

Optional URL to use as HTTP proxy.


OTX Threat Intel is mapped to the following ECS fields.

Expand Down Expand Up @@ -391,6 +411,10 @@ possible types to filter on can be found on the
https://oasis-open.github.io/cti-documentation/stix/intro.html#stix-21-objects[Stix
2.1 Object types] page.

*`var.proxy_url`*::

Optional URL to use as HTTP proxy.

Anomali Threat Intel is mapped to the following ECS fields.

[options="header"]
Expand Down
24 changes: 24 additions & 0 deletions x-pack/filebeat/module/threatintel/_meta/docs.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,10 @@ The URL of the API endpoint to connect with.

How often the API is polled for updated information.

*`var.proxy_url`*::

Optional URL to use as HTTP proxy.

Abuse.ch URL Threat Intel is mapped to the following ECS fields.

[options="header"]
Expand Down Expand Up @@ -99,6 +103,10 @@ The URL of the API endpoint to connect with.

How often the API is polled for updated information.

*`var.proxy_url`*::

Optional URL to use as HTTP proxy.

Abuse.ch Malware Threat Intel is mapped to the following ECS fields.

[options="header"]
Expand Down Expand Up @@ -139,6 +147,10 @@ The URL of the API endpoint to connect with.

How often the API is polled for updated information.

*`var.proxy_url`*::

Optional URL to use as HTTP proxy.

Malware Bazaar Threat Intel is mapped to the following ECS fields.

[options="header"]
Expand Down Expand Up @@ -229,6 +241,10 @@ from the last response as the filter when retrieving new events.
List of filters to apply when retrieving new events from the MISP server, this
field is optional and defaults to all events.

*`var.proxy_url`*::

Optional URL to use as HTTP proxy.

MISP Threat Intel is mapped to the following ECS fields.

[options="header"]
Expand Down Expand Up @@ -305,6 +321,10 @@ possible types to filter on can be found in the
https://cybersecurity.att.com/documentation/usm-appliance/otx/about-otx.htm[AlientVault
OTX documentation].

*`var.proxy_url`*::

Optional URL to use as HTTP proxy.


OTX Threat Intel is mapped to the following ECS fields.

Expand Down Expand Up @@ -386,6 +406,10 @@ possible types to filter on can be found on the
https://oasis-open.github.io/cti-documentation/stix/intro.html#stix-21-objects[Stix
2.1 Object types] page.

*`var.proxy_url`*::

Optional URL to use as HTTP proxy.

Anomali Threat Intel is mapped to the following ECS fields.

[options="header"]
Expand Down
3 changes: 3 additions & 0 deletions x-pack/filebeat/module/threatintel/malwarebazaar/config/config.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,9 @@ request.method: POST

request.ssl: {{ .ssl | tojson }}
{{ end }}
{{ if .proxy_url }}
request.proxy_url: {{ .proxy_url }}
{{ end }}
request.url: {{ .url }}
#request.encode_as: application/x-www-form-encoded

Expand Down
1 change: 1 addition & 0 deletions x-pack/filebeat/module/threatintel/malwarebazaar/manifest.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ var:
- name: ssl
- name: tags
default: [threatintel-malwarebazaar, forwarded]
- name: proxy_url

ingest_pipeline:
- ingest/pipeline.yml
Expand Down

0 comments on commit 15abbe6

Please sign in to comment.