Add proxy_url support to threatintel module's malwarebazaar fileset

CHANGELOG.next.asciidoc

@@ -774,6 +774,7 @@ for a few releases. Please use other tools provided by Elastic to fetch data fro
 - Add support for secondary object attribute handling in ThreatIntel MISP module {pull}28124[28124]
 - Add `base64Decode` and `base64DecodeNoPad` functions to `httpsjon` templates. {pull}28385[28385]
 - Add latency config option for aws-cloudwatch input. {pull}28509[28509]
+- Added proxy support to threatintel/malwarebazaar. {pull}28533[28533]
 
 *Heartbeat*
 

filebeat/docs/modules/threatintel.asciidoc

@@ -64,6 +64,10 @@ The URL of the API endpoint to connect with.
 
 How often the API is polled for updated information.
 
+*`var.proxy_url`*::
+
+Optional URL to use as HTTP proxy.
+
 Abuse.ch URL Threat Intel is mapped to the following ECS fields.
 
 [options="header"]
@@ -104,6 +108,10 @@ The URL of the API endpoint to connect with.
 
 How often the API is polled for updated information.
 
+*`var.proxy_url`*::
+
+Optional URL to use as HTTP proxy.
+
 Abuse.ch Malware Threat Intel is mapped to the following ECS fields.
 
 [options="header"]
@@ -144,6 +152,10 @@ The URL of the API endpoint to connect with.
 
 How often the API is polled for updated information.
 
+*`var.proxy_url`*::
+
+Optional URL to use as HTTP proxy.
+
 Malware Bazaar Threat Intel is mapped to the following ECS fields.
 
 [options="header"]
@@ -234,6 +246,10 @@ from the last response as the filter when retrieving new events.
 List of filters to apply when retrieving new events from the MISP server, this
 field is optional and defaults to all events.
 
+*`var.proxy_url`*::
+
+Optional URL to use as HTTP proxy.
+
 MISP Threat Intel is mapped to the following ECS fields.
 
 [options="header"]
@@ -310,6 +326,10 @@ possible types to filter on can be found in the
 https://cybersecurity.att.com/documentation/usm-appliance/otx/about-otx.htm[AlientVault
 OTX documentation].
 
+*`var.proxy_url`*::
+
+Optional URL to use as HTTP proxy.
+
 
 OTX Threat Intel is mapped to the following ECS fields.
 
@@ -391,6 +411,10 @@ possible types to filter on can be found on the
 https://oasis-open.github.io/cti-documentation/stix/intro.html#stix-21-objects[Stix
 2.1 Object types] page.
 
+*`var.proxy_url`*::
+
+Optional URL to use as HTTP proxy.
+
 Anomali Threat Intel is mapped to the following ECS fields.
 
 [options="header"]

x-pack/filebeat/module/threatintel/_meta/docs.asciidoc

@@ -59,6 +59,10 @@ The URL of the API endpoint to connect with.
 
 How often the API is polled for updated information.
 
+*`var.proxy_url`*::
+
+Optional URL to use as HTTP proxy.
+
 Abuse.ch URL Threat Intel is mapped to the following ECS fields.
 
 [options="header"]
@@ -99,6 +103,10 @@ The URL of the API endpoint to connect with.
 
 How often the API is polled for updated information.
 
+*`var.proxy_url`*::
+
+Optional URL to use as HTTP proxy.
+
 Abuse.ch Malware Threat Intel is mapped to the following ECS fields.
 
 [options="header"]
@@ -139,6 +147,10 @@ The URL of the API endpoint to connect with.
 
 How often the API is polled for updated information.
 
+*`var.proxy_url`*::
+
+Optional URL to use as HTTP proxy.
+
 Malware Bazaar Threat Intel is mapped to the following ECS fields.
 
 [options="header"]
@@ -229,6 +241,10 @@ from the last response as the filter when retrieving new events.
 List of filters to apply when retrieving new events from the MISP server, this
 field is optional and defaults to all events.
 
+*`var.proxy_url`*::
+
+Optional URL to use as HTTP proxy.
+
 MISP Threat Intel is mapped to the following ECS fields.
 
 [options="header"]
@@ -305,6 +321,10 @@ possible types to filter on can be found in the
 https://cybersecurity.att.com/documentation/usm-appliance/otx/about-otx.htm[AlientVault
 OTX documentation].
 
+*`var.proxy_url`*::
+
+Optional URL to use as HTTP proxy.
+
 
 OTX Threat Intel is mapped to the following ECS fields.
 
@@ -386,6 +406,10 @@ possible types to filter on can be found on the
 https://oasis-open.github.io/cti-documentation/stix/intro.html#stix-21-objects[Stix
 2.1 Object types] page.
 
+*`var.proxy_url`*::
+
+Optional URL to use as HTTP proxy.
+
 Anomali Threat Intel is mapped to the following ECS fields.
 
 [options="header"]

x-pack/filebeat/module/threatintel/malwarebazaar/config/config.yml

@@ -8,6 +8,9 @@ request.method: POST
 
 request.ssl: {{ .ssl | tojson }}
 {{ end }}
+{{ if .proxy_url }}
+request.proxy_url: {{ .proxy_url }}
+{{ end }}
 request.url: {{ .url }}
 #request.encode_as: application/x-www-form-encoded
 

x-pack/filebeat/module/threatintel/malwarebazaar/manifest.yml

@@ -10,6 +10,7 @@ var:
   - name: ssl
   - name: tags
     default: [threatintel-malwarebazaar, forwarded]
+  - name: proxy_url
 
 ingest_pipeline:
   - ingest/pipeline.yml