diff --git a/packages/apache/changelog.yml b/packages/apache/changelog.yml index be0964f823ed..e07b06e4e887 100644 --- a/packages/apache/changelog.yml +++ b/packages/apache/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.8.1" + changes: + - description: Add support for Splunk authorization tokens + type: enhancement + link: https://github.com/elastic/integrations/pull/1147 - version: "0.8.0" changes: - description: Set event.module and event.dataset diff --git a/packages/apache/data_stream/access/agent/stream/httpjson.yml.hbs b/packages/apache/data_stream/access/agent/stream/httpjson.yml.hbs index 1c14d302ac22..f2d9a1f7c0f7 100644 --- a/packages/apache/data_stream/access/agent/stream/httpjson.yml.hbs +++ b/packages/apache/data_stream/access/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: "2" interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -28,6 +34,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson response.split: target: body.result._raw diff --git a/packages/apache/data_stream/error/agent/stream/httpjson.yml.hbs b/packages/apache/data_stream/error/agent/stream/httpjson.yml.hbs index dae4f0e8b81f..819563812323 100644 --- a/packages/apache/data_stream/error/agent/stream/httpjson.yml.hbs +++ b/packages/apache/data_stream/error/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: 2 interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -28,6 +34,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson response.split: target: body.result._raw diff --git a/packages/apache/manifest.yml b/packages/apache/manifest.yml index 536f14c681b7..f4146e12759c 100644 --- a/packages/apache/manifest.yml +++ b/packages/apache/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: apache title: Apache -version: 0.8.0 +version: 0.8.1 license: basic description: Apache Integration type: integration @@ -47,12 +47,21 @@ policy_templates: type: text title: Splunk REST API Username show_user: true - required: true + required: false - name: password type: password title: Splunk REST API Password - required: true show_user: true + required: false + - name: token + type: password + title: Splunk Authorization Token + description: | + Bearer Token or Session Key, e.g. "Bearer eyJFd3e46..." + or "Splunk 192fd3e...". Cannot be used with username + and password. + show_user: true + required: false - name: ssl type: yaml title: SSL Configuration @@ -60,6 +69,28 @@ policy_templates: multi: false required: false show_user: false + default: | + #certificate_authorities: + # - | + # -----BEGIN CERTIFICATE----- + # MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF + # ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2 + # MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB + # BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n + # fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl + # 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t + # /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP + # PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41 + # CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O + # BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux + # 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D + # 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw + # 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA + # H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu + # 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0 + # yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk + # sxSmbIUfc2SGJGCJD4I= + # -----END CERTIFICATE----- - type: apache/metrics title: Collect metrics from Apache instances description: Collecting Apache status metrics diff --git a/packages/aws/changelog.yml b/packages/aws/changelog.yml index dc3e0f8dff54..45d4e40e3737 100644 --- a/packages/aws/changelog.yml +++ b/packages/aws/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.6.4" + changes: + - description: Add support for Splunk authorization tokens + type: enhancement + link: https://github.com/elastic/integrations/pull/1147 - version: "0.6.3" changes: - description: Fix bug in Third Party ingest pipeline diff --git a/packages/aws/data_stream/cloudtrail/agent/stream/httpjson.yml.hbs b/packages/aws/data_stream/cloudtrail/agent/stream/httpjson.yml.hbs index 828ae64cdc7e..01b317045c41 100644 --- a/packages/aws/data_stream/cloudtrail/agent/stream/httpjson.yml.hbs +++ b/packages/aws/data_stream/cloudtrail/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: 2 interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -27,6 +33,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson response.split: target: body.result._raw diff --git a/packages/aws/manifest.yml b/packages/aws/manifest.yml index 8944a6d82318..1d74a9f07896 100644 --- a/packages/aws/manifest.yml +++ b/packages/aws/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: aws title: AWS -version: 0.6.3 +version: 0.6.4 license: basic description: AWS Integration type: integration @@ -254,12 +254,21 @@ policy_templates: type: text title: Splunk REST API Username show_user: true - required: true + required: false - name: password type: password title: Splunk REST API Password - required: true show_user: true + required: false + - name: token + type: password + title: Splunk Authorization Token + description: | + Bearer Token or Session Key, e.g. "Bearer eyJFd3e46..." + or "Splunk 192fd3e...". Cannot be used with username + and password. + show_user: true + required: false - name: ssl type: yaml title: SSL Configuration @@ -267,5 +276,27 @@ policy_templates: required: false show_user: false description: i.e. certificate_authorities, supported_protocols, verification_mode etc. + default: | + #certificate_authorities: + # - | + # -----BEGIN CERTIFICATE----- + # MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF + # ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2 + # MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB + # BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n + # fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl + # 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t + # /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP + # PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41 + # CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O + # BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux + # 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D + # 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw + # 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA + # H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu + # 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0 + # yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk + # sxSmbIUfc2SGJGCJD4I= + # -----END CERTIFICATE----- owner: github: elastic/integrations diff --git a/packages/nginx/changelog.yml b/packages/nginx/changelog.yml index 58ff301bec2f..ceeeca5f6dac 100644 --- a/packages/nginx/changelog.yml +++ b/packages/nginx/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.6.2" + changes: + - description: Add support for Splunk authorization tokens + type: enhancement + link: https://github.com/elastic/integrations/pull/1147 - version: "0.6.1" changes: - description: Fix bug in Third Party REST API ingest pipeline diff --git a/packages/nginx/data_stream/access/agent/stream/httpjson.yml.hbs b/packages/nginx/data_stream/access/agent/stream/httpjson.yml.hbs index 828ae64cdc7e..01b317045c41 100644 --- a/packages/nginx/data_stream/access/agent/stream/httpjson.yml.hbs +++ b/packages/nginx/data_stream/access/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: 2 interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -27,6 +33,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson response.split: target: body.result._raw diff --git a/packages/nginx/data_stream/error/agent/stream/httpjson.yml.hbs b/packages/nginx/data_stream/error/agent/stream/httpjson.yml.hbs index 828ae64cdc7e..01b317045c41 100644 --- a/packages/nginx/data_stream/error/agent/stream/httpjson.yml.hbs +++ b/packages/nginx/data_stream/error/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: 2 interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -27,6 +33,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson response.split: target: body.result._raw diff --git a/packages/nginx/manifest.yml b/packages/nginx/manifest.yml index 6bd178cfabfc..e32ee54bcf98 100644 --- a/packages/nginx/manifest.yml +++ b/packages/nginx/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: nginx title: Nginx -version: 0.6.1 +version: 0.6.2 license: basic description: Nginx Integration type: integration @@ -52,12 +52,21 @@ policy_templates: type: text title: Splunk REST API Username show_user: true - required: true + required: false - name: password type: password title: Splunk REST API Password - required: true show_user: true + required: false + - name: token + type: password + title: Splunk Authorization Token + description: | + Bearer Token or Session Key, e.g. "Bearer eyJFd3e46..." + or "Splunk 192fd3e...". Cannot be used with username + and password. + show_user: true + required: false - name: ssl type: yaml title: SSL Configuration @@ -65,6 +74,28 @@ policy_templates: multi: false required: false show_user: false + default: | + #certificate_authorities: + # - | + # -----BEGIN CERTIFICATE----- + # MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF + # ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2 + # MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB + # BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n + # fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl + # 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t + # /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP + # PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41 + # CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O + # BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux + # 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D + # 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw + # 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA + # H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu + # 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0 + # yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk + # sxSmbIUfc2SGJGCJD4I= + # -----END CERTIFICATE----- - type: nginx/metrics vars: - name: hosts diff --git a/packages/system/changelog.yml b/packages/system/changelog.yml index d01184614751..6d86224be6ed 100644 --- a/packages/system/changelog.yml +++ b/packages/system/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.13.5" + changes: + - description: Add support for Splunk authorization tokens + type: enhancement + link: https://github.com/elastic/integrations/pull/1147 - version: "0.13.4" changes: - description: Use `wildcard` type for relevant ECS fields in `security` stream. diff --git a/packages/system/data_stream/application/agent/stream/httpjson.yml.hbs b/packages/system/data_stream/application/agent/stream/httpjson.yml.hbs index 4699123187c6..31df0a42b98d 100644 --- a/packages/system/data_stream/application/agent/stream/httpjson.yml.hbs +++ b/packages/system/data_stream/application/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: "2" interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -28,6 +34,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson tags: {{#each tags as |tag i|}} diff --git a/packages/system/data_stream/security/agent/stream/httpjson.yml.hbs b/packages/system/data_stream/security/agent/stream/httpjson.yml.hbs index bc1ae023e7ec..5099bbca52f0 100644 --- a/packages/system/data_stream/security/agent/stream/httpjson.yml.hbs +++ b/packages/system/data_stream/security/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: "2" interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -28,6 +34,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson tags: {{#each tags as |tag i|}} diff --git a/packages/system/data_stream/system/agent/stream/httpjson.yml.hbs b/packages/system/data_stream/system/agent/stream/httpjson.yml.hbs index 4699123187c6..31df0a42b98d 100644 --- a/packages/system/data_stream/system/agent/stream/httpjson.yml.hbs +++ b/packages/system/data_stream/system/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: "2" interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -28,6 +34,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson tags: {{#each tags as |tag i|}} diff --git a/packages/system/manifest.yml b/packages/system/manifest.yml index 32d80b510a7c..a1aa0af39012 100644 --- a/packages/system/manifest.yml +++ b/packages/system/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: system title: System -version: 0.13.4 +version: 0.13.5 license: basic description: System Integration type: integration @@ -71,12 +71,21 @@ policy_templates: type: text title: Splunk REST API Username show_user: true - required: true + required: false - name: password type: password title: Splunk REST API Password - required: true show_user: true + required: false + - name: token + type: password + title: Splunk Authorization Token + description: | + Bearer Token or Session Key, e.g. "Bearer eyJFd3e46..." + or "Splunk 192fd3e...". Cannot be used with username + and password. + show_user: true + required: false - name: preserve_original_event required: true show_user: true @@ -92,5 +101,27 @@ policy_templates: multi: false required: false show_user: false + default: | + #certificate_authorities: + # - | + # -----BEGIN CERTIFICATE----- + # MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF + # ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2 + # MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB + # BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n + # fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl + # 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t + # /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP + # PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41 + # CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O + # BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux + # 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D + # 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw + # 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA + # H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu + # 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0 + # yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk + # sxSmbIUfc2SGJGCJD4I= + # -----END CERTIFICATE----- owner: github: elastic/integrations diff --git a/packages/windows/changelog.yml b/packages/windows/changelog.yml index 03ff00d43b4c..892543a33f87 100644 --- a/packages/windows/changelog.yml +++ b/packages/windows/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.9.2" + changes: + - description: Add support for Splunk authorization tokens + type: enhancement + link: https://github.com/elastic/integrations/pull/1147 - version: "0.9.1" changes: - description: Use new `wildcard` type. diff --git a/packages/windows/data_stream/forwarded/agent/stream/httpjson.yml.hbs b/packages/windows/data_stream/forwarded/agent/stream/httpjson.yml.hbs index eba87c3420dc..8a210f8b9bd8 100644 --- a/packages/windows/data_stream/forwarded/agent/stream/httpjson.yml.hbs +++ b/packages/windows/data_stream/forwarded/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: "2" interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -28,6 +34,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson {{#if tags.length}} tags: diff --git a/packages/windows/data_stream/powershell/agent/stream/httpjson.yml.hbs b/packages/windows/data_stream/powershell/agent/stream/httpjson.yml.hbs index eba87c3420dc..8a210f8b9bd8 100644 --- a/packages/windows/data_stream/powershell/agent/stream/httpjson.yml.hbs +++ b/packages/windows/data_stream/powershell/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: "2" interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -28,6 +34,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson {{#if tags.length}} tags: diff --git a/packages/windows/data_stream/powershell_operational/agent/stream/httpjson.yml.hbs b/packages/windows/data_stream/powershell_operational/agent/stream/httpjson.yml.hbs index eba87c3420dc..8a210f8b9bd8 100644 --- a/packages/windows/data_stream/powershell_operational/agent/stream/httpjson.yml.hbs +++ b/packages/windows/data_stream/powershell_operational/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: "2" interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -28,6 +34,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson {{#if tags.length}} tags: diff --git a/packages/windows/data_stream/sysmon_operational/agent/stream/httpjson.yml.hbs b/packages/windows/data_stream/sysmon_operational/agent/stream/httpjson.yml.hbs index b55de57deab3..e05d1a82d258 100644 --- a/packages/windows/data_stream/sysmon_operational/agent/stream/httpjson.yml.hbs +++ b/packages/windows/data_stream/sysmon_operational/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: "2" interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -28,6 +34,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson {{#if tags.length}} tags: diff --git a/packages/windows/manifest.yml b/packages/windows/manifest.yml index 8dfd544b0753..36f40e05ec69 100644 --- a/packages/windows/manifest.yml +++ b/packages/windows/manifest.yml @@ -1,6 +1,6 @@ name: windows title: Windows -version: 0.9.1 +version: 0.9.2 description: Windows Integration type: integration categories: @@ -47,12 +47,21 @@ policy_templates: type: text title: Splunk REST API Username show_user: true - required: true + required: false - name: password type: password title: Splunk REST API Password - required: true show_user: true + required: false + - name: token + type: password + title: Splunk Authorization Token + description: | + Bearer Token or Session Key, e.g. "Bearer eyJFd3e46..." + or "Splunk 192fd3e...". Cannot be used with username + and password. + show_user: true + required: false - name: ssl type: yaml title: SSL Configuration @@ -60,5 +69,27 @@ policy_templates: multi: false required: false show_user: false + default: | + #certificate_authorities: + # - | + # -----BEGIN CERTIFICATE----- + # MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF + # ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2 + # MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB + # BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n + # fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl + # 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t + # /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP + # PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41 + # CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O + # BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux + # 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D + # 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw + # 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA + # H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu + # 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0 + # yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk + # sxSmbIUfc2SGJGCJD4I= + # -----END CERTIFICATE----- owner: github: elastic/integrations diff --git a/packages/winlog/changelog.yml b/packages/winlog/changelog.yml index 6348399fa0b2..e480f5a57dda 100644 --- a/packages/winlog/changelog.yml +++ b/packages/winlog/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.2.2" + changes: + - description: Add support for Splunk authorization tokens + type: enhancement + link: https://github.com/elastic/integrations/pull/1147 - version: "0.2.1" changes: - description: Change Splunk input to use the decode_xml_wineventlog processor. diff --git a/packages/winlog/data_stream/winlog/agent/stream/httpjson.yml.hbs b/packages/winlog/data_stream/winlog/agent/stream/httpjson.yml.hbs index 95f2ef195b6f..658059da1d55 100644 --- a/packages/winlog/data_stream/winlog/agent/stream/httpjson.yml.hbs +++ b/packages/winlog/data_stream/winlog/agent/stream/httpjson.yml.hbs @@ -2,8 +2,14 @@ data_stream: dataset: {{data_stream.dataset}} config_version: "2" interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -30,6 +36,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson tags: {{#each tags as |tag i|}} diff --git a/packages/winlog/manifest.yml b/packages/winlog/manifest.yml index ca3de0b9b90b..baa62be7f0f7 100644 --- a/packages/winlog/manifest.yml +++ b/packages/winlog/manifest.yml @@ -4,7 +4,7 @@ title: Custom Windows event logs description: |- Collect your custom Windows event logs. type: integration -version: 0.2.1 +version: 0.2.2 release: experimental conditions: kibana.version: '^7.13.0' @@ -35,12 +35,21 @@ policy_templates: type: text title: Splunk REST API Username show_user: true - required: true + required: false - name: password type: password title: Splunk REST API Password - required: true show_user: true + required: false + - name: token + type: password + title: Splunk Authorization Token + description: | + Bearer Token or Session Key, e.g. "Bearer eyJFd3e46..." + or "Splunk 192fd3e...". Cannot be used with username + and password. + show_user: true + required: false - name: ssl type: yaml title: SSL Configuration @@ -48,6 +57,28 @@ policy_templates: multi: false required: false show_user: false + default: | + #certificate_authorities: + # - | + # -----BEGIN CERTIFICATE----- + # MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF + # ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2 + # MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB + # BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n + # fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl + # 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t + # /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP + # PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41 + # CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O + # BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux + # 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D + # 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw + # 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA + # H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu + # 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0 + # yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk + # sxSmbIUfc2SGJGCJD4I= + # -----END CERTIFICATE----- icons: - src: "/img/logo_windows.svg" type: "image/svg+xml" diff --git a/packages/zeek/changelog.yml b/packages/zeek/changelog.yml index 5a00d46b55df..9876f4706677 100644 --- a/packages/zeek/changelog.yml +++ b/packages/zeek/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.8.4" + changes: + - description: Add support for Splunk authorization tokens + type: enhancement + link: https://github.com/elastic/integrations/pull/1147 - version: "0.8.3" changes: - description: Fix Third Party Api ingest pipeline diff --git a/packages/zeek/data_stream/capture_loss/agent/stream/httpjson.yml.hbs b/packages/zeek/data_stream/capture_loss/agent/stream/httpjson.yml.hbs index 4c651f4917bd..a2f2528bfb26 100644 --- a/packages/zeek/data_stream/capture_loss/agent/stream/httpjson.yml.hbs +++ b/packages/zeek/data_stream/capture_loss/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: 2 interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -27,6 +33,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson response.split: target: body.result._raw diff --git a/packages/zeek/data_stream/connection/agent/stream/httpjson.yml.hbs b/packages/zeek/data_stream/connection/agent/stream/httpjson.yml.hbs index 4c651f4917bd..a2f2528bfb26 100644 --- a/packages/zeek/data_stream/connection/agent/stream/httpjson.yml.hbs +++ b/packages/zeek/data_stream/connection/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: 2 interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -27,6 +33,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson response.split: target: body.result._raw diff --git a/packages/zeek/data_stream/dce_rpc/agent/stream/httpjson.yml.hbs b/packages/zeek/data_stream/dce_rpc/agent/stream/httpjson.yml.hbs index 4c651f4917bd..a2f2528bfb26 100644 --- a/packages/zeek/data_stream/dce_rpc/agent/stream/httpjson.yml.hbs +++ b/packages/zeek/data_stream/dce_rpc/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: 2 interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -27,6 +33,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson response.split: target: body.result._raw diff --git a/packages/zeek/data_stream/dhcp/agent/stream/httpjson.yml.hbs b/packages/zeek/data_stream/dhcp/agent/stream/httpjson.yml.hbs index be2401d92744..cf2030f28d7d 100644 --- a/packages/zeek/data_stream/dhcp/agent/stream/httpjson.yml.hbs +++ b/packages/zeek/data_stream/dhcp/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: 2 interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -27,6 +33,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson response.split: target: body.result._raw diff --git a/packages/zeek/data_stream/dnp3/agent/stream/httpjson.yml.hbs b/packages/zeek/data_stream/dnp3/agent/stream/httpjson.yml.hbs index 4c651f4917bd..a2f2528bfb26 100644 --- a/packages/zeek/data_stream/dnp3/agent/stream/httpjson.yml.hbs +++ b/packages/zeek/data_stream/dnp3/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: 2 interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -27,6 +33,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson response.split: target: body.result._raw diff --git a/packages/zeek/data_stream/dns/agent/stream/httpjson.yml.hbs b/packages/zeek/data_stream/dns/agent/stream/httpjson.yml.hbs index 4c651f4917bd..a2f2528bfb26 100644 --- a/packages/zeek/data_stream/dns/agent/stream/httpjson.yml.hbs +++ b/packages/zeek/data_stream/dns/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: 2 interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -27,6 +33,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson response.split: target: body.result._raw diff --git a/packages/zeek/data_stream/dpd/agent/stream/httpjson.yml.hbs b/packages/zeek/data_stream/dpd/agent/stream/httpjson.yml.hbs index 4c651f4917bd..a2f2528bfb26 100644 --- a/packages/zeek/data_stream/dpd/agent/stream/httpjson.yml.hbs +++ b/packages/zeek/data_stream/dpd/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: 2 interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -27,6 +33,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson response.split: target: body.result._raw diff --git a/packages/zeek/data_stream/files/agent/stream/httpjson.yml.hbs b/packages/zeek/data_stream/files/agent/stream/httpjson.yml.hbs index 4c651f4917bd..a2f2528bfb26 100644 --- a/packages/zeek/data_stream/files/agent/stream/httpjson.yml.hbs +++ b/packages/zeek/data_stream/files/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: 2 interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -27,6 +33,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson response.split: target: body.result._raw diff --git a/packages/zeek/data_stream/ftp/agent/stream/httpjson.yml.hbs b/packages/zeek/data_stream/ftp/agent/stream/httpjson.yml.hbs index 4c651f4917bd..a2f2528bfb26 100644 --- a/packages/zeek/data_stream/ftp/agent/stream/httpjson.yml.hbs +++ b/packages/zeek/data_stream/ftp/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: 2 interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -27,6 +33,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson response.split: target: body.result._raw diff --git a/packages/zeek/data_stream/http/agent/stream/httpjson.yml.hbs b/packages/zeek/data_stream/http/agent/stream/httpjson.yml.hbs index 4c651f4917bd..a2f2528bfb26 100644 --- a/packages/zeek/data_stream/http/agent/stream/httpjson.yml.hbs +++ b/packages/zeek/data_stream/http/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: 2 interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -27,6 +33,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson response.split: target: body.result._raw diff --git a/packages/zeek/data_stream/intel/agent/stream/httpjson.yml.hbs b/packages/zeek/data_stream/intel/agent/stream/httpjson.yml.hbs index 4c651f4917bd..a2f2528bfb26 100644 --- a/packages/zeek/data_stream/intel/agent/stream/httpjson.yml.hbs +++ b/packages/zeek/data_stream/intel/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: 2 interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -27,6 +33,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson response.split: target: body.result._raw diff --git a/packages/zeek/data_stream/irc/agent/stream/httpjson.yml.hbs b/packages/zeek/data_stream/irc/agent/stream/httpjson.yml.hbs index 4c651f4917bd..a2f2528bfb26 100644 --- a/packages/zeek/data_stream/irc/agent/stream/httpjson.yml.hbs +++ b/packages/zeek/data_stream/irc/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: 2 interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -27,6 +33,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson response.split: target: body.result._raw diff --git a/packages/zeek/data_stream/kerberos/agent/stream/httpjson.yml.hbs b/packages/zeek/data_stream/kerberos/agent/stream/httpjson.yml.hbs index 4c651f4917bd..a2f2528bfb26 100644 --- a/packages/zeek/data_stream/kerberos/agent/stream/httpjson.yml.hbs +++ b/packages/zeek/data_stream/kerberos/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: 2 interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -27,6 +33,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson response.split: target: body.result._raw diff --git a/packages/zeek/data_stream/modbus/agent/stream/httpjson.yml.hbs b/packages/zeek/data_stream/modbus/agent/stream/httpjson.yml.hbs index 4c651f4917bd..a2f2528bfb26 100644 --- a/packages/zeek/data_stream/modbus/agent/stream/httpjson.yml.hbs +++ b/packages/zeek/data_stream/modbus/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: 2 interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -27,6 +33,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson response.split: target: body.result._raw diff --git a/packages/zeek/data_stream/mysql/agent/stream/httpjson.yml.hbs b/packages/zeek/data_stream/mysql/agent/stream/httpjson.yml.hbs index 4c651f4917bd..a2f2528bfb26 100644 --- a/packages/zeek/data_stream/mysql/agent/stream/httpjson.yml.hbs +++ b/packages/zeek/data_stream/mysql/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: 2 interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -27,6 +33,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson response.split: target: body.result._raw diff --git a/packages/zeek/data_stream/notice/agent/stream/httpjson.yml.hbs b/packages/zeek/data_stream/notice/agent/stream/httpjson.yml.hbs index 4c651f4917bd..a2f2528bfb26 100644 --- a/packages/zeek/data_stream/notice/agent/stream/httpjson.yml.hbs +++ b/packages/zeek/data_stream/notice/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: 2 interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -27,6 +33,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson response.split: target: body.result._raw diff --git a/packages/zeek/data_stream/ntlm/agent/stream/httpjson.yml.hbs b/packages/zeek/data_stream/ntlm/agent/stream/httpjson.yml.hbs index 4c651f4917bd..a2f2528bfb26 100644 --- a/packages/zeek/data_stream/ntlm/agent/stream/httpjson.yml.hbs +++ b/packages/zeek/data_stream/ntlm/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: 2 interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -27,6 +33,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson response.split: target: body.result._raw diff --git a/packages/zeek/data_stream/ocsp/agent/stream/httpjson.yml.hbs b/packages/zeek/data_stream/ocsp/agent/stream/httpjson.yml.hbs index 4c651f4917bd..a2f2528bfb26 100644 --- a/packages/zeek/data_stream/ocsp/agent/stream/httpjson.yml.hbs +++ b/packages/zeek/data_stream/ocsp/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: 2 interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -27,6 +33,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson response.split: target: body.result._raw diff --git a/packages/zeek/data_stream/pe/agent/stream/httpjson.yml.hbs b/packages/zeek/data_stream/pe/agent/stream/httpjson.yml.hbs index 4c651f4917bd..a2f2528bfb26 100644 --- a/packages/zeek/data_stream/pe/agent/stream/httpjson.yml.hbs +++ b/packages/zeek/data_stream/pe/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: 2 interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -27,6 +33,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson response.split: target: body.result._raw diff --git a/packages/zeek/data_stream/radius/agent/stream/httpjson.yml.hbs b/packages/zeek/data_stream/radius/agent/stream/httpjson.yml.hbs index 4c651f4917bd..a2f2528bfb26 100644 --- a/packages/zeek/data_stream/radius/agent/stream/httpjson.yml.hbs +++ b/packages/zeek/data_stream/radius/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: 2 interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -27,6 +33,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson response.split: target: body.result._raw diff --git a/packages/zeek/data_stream/rdp/agent/stream/httpjson.yml.hbs b/packages/zeek/data_stream/rdp/agent/stream/httpjson.yml.hbs index 828ae64cdc7e..01b317045c41 100644 --- a/packages/zeek/data_stream/rdp/agent/stream/httpjson.yml.hbs +++ b/packages/zeek/data_stream/rdp/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: 2 interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -27,6 +33,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson response.split: target: body.result._raw diff --git a/packages/zeek/data_stream/rfb/agent/stream/httpjson.yml.hbs b/packages/zeek/data_stream/rfb/agent/stream/httpjson.yml.hbs index 4c651f4917bd..a2f2528bfb26 100644 --- a/packages/zeek/data_stream/rfb/agent/stream/httpjson.yml.hbs +++ b/packages/zeek/data_stream/rfb/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: 2 interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -27,6 +33,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson response.split: target: body.result._raw diff --git a/packages/zeek/data_stream/sip/agent/stream/httpjson.yml.hbs b/packages/zeek/data_stream/sip/agent/stream/httpjson.yml.hbs index 4c651f4917bd..a2f2528bfb26 100644 --- a/packages/zeek/data_stream/sip/agent/stream/httpjson.yml.hbs +++ b/packages/zeek/data_stream/sip/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: 2 interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -27,6 +33,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson response.split: target: body.result._raw diff --git a/packages/zeek/data_stream/smb_cmd/agent/stream/httpjson.yml.hbs b/packages/zeek/data_stream/smb_cmd/agent/stream/httpjson.yml.hbs index 4c651f4917bd..a2f2528bfb26 100644 --- a/packages/zeek/data_stream/smb_cmd/agent/stream/httpjson.yml.hbs +++ b/packages/zeek/data_stream/smb_cmd/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: 2 interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -27,6 +33,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson response.split: target: body.result._raw diff --git a/packages/zeek/data_stream/smb_files/agent/stream/httpjson.yml.hbs b/packages/zeek/data_stream/smb_files/agent/stream/httpjson.yml.hbs index 4c651f4917bd..a2f2528bfb26 100644 --- a/packages/zeek/data_stream/smb_files/agent/stream/httpjson.yml.hbs +++ b/packages/zeek/data_stream/smb_files/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: 2 interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -27,6 +33,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson response.split: target: body.result._raw diff --git a/packages/zeek/data_stream/smb_mapping/agent/stream/httpjson.yml.hbs b/packages/zeek/data_stream/smb_mapping/agent/stream/httpjson.yml.hbs index 4c651f4917bd..a2f2528bfb26 100644 --- a/packages/zeek/data_stream/smb_mapping/agent/stream/httpjson.yml.hbs +++ b/packages/zeek/data_stream/smb_mapping/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: 2 interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -27,6 +33,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson response.split: target: body.result._raw diff --git a/packages/zeek/data_stream/smtp/agent/stream/httpjson.yml.hbs b/packages/zeek/data_stream/smtp/agent/stream/httpjson.yml.hbs index 4c651f4917bd..a2f2528bfb26 100644 --- a/packages/zeek/data_stream/smtp/agent/stream/httpjson.yml.hbs +++ b/packages/zeek/data_stream/smtp/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: 2 interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -27,6 +33,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson response.split: target: body.result._raw diff --git a/packages/zeek/data_stream/snmp/agent/stream/httpjson.yml.hbs b/packages/zeek/data_stream/snmp/agent/stream/httpjson.yml.hbs index 4c651f4917bd..a2f2528bfb26 100644 --- a/packages/zeek/data_stream/snmp/agent/stream/httpjson.yml.hbs +++ b/packages/zeek/data_stream/snmp/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: 2 interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -27,6 +33,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson response.split: target: body.result._raw diff --git a/packages/zeek/data_stream/socks/agent/stream/httpjson.yml.hbs b/packages/zeek/data_stream/socks/agent/stream/httpjson.yml.hbs index 4c651f4917bd..a2f2528bfb26 100644 --- a/packages/zeek/data_stream/socks/agent/stream/httpjson.yml.hbs +++ b/packages/zeek/data_stream/socks/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: 2 interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -27,6 +33,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson response.split: target: body.result._raw diff --git a/packages/zeek/data_stream/ssh/agent/stream/httpjson.yml.hbs b/packages/zeek/data_stream/ssh/agent/stream/httpjson.yml.hbs index 4c651f4917bd..a2f2528bfb26 100644 --- a/packages/zeek/data_stream/ssh/agent/stream/httpjson.yml.hbs +++ b/packages/zeek/data_stream/ssh/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: 2 interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -27,6 +33,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson response.split: target: body.result._raw diff --git a/packages/zeek/data_stream/ssl/agent/stream/httpjson.yml.hbs b/packages/zeek/data_stream/ssl/agent/stream/httpjson.yml.hbs index 4c651f4917bd..a2f2528bfb26 100644 --- a/packages/zeek/data_stream/ssl/agent/stream/httpjson.yml.hbs +++ b/packages/zeek/data_stream/ssl/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: 2 interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -27,6 +33,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson response.split: target: body.result._raw diff --git a/packages/zeek/data_stream/stats/agent/stream/httpjson.yml.hbs b/packages/zeek/data_stream/stats/agent/stream/httpjson.yml.hbs index 4c651f4917bd..a2f2528bfb26 100644 --- a/packages/zeek/data_stream/stats/agent/stream/httpjson.yml.hbs +++ b/packages/zeek/data_stream/stats/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: 2 interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -27,6 +33,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson response.split: target: body.result._raw diff --git a/packages/zeek/data_stream/syslog/agent/stream/httpjson.yml.hbs b/packages/zeek/data_stream/syslog/agent/stream/httpjson.yml.hbs index 4c651f4917bd..a2f2528bfb26 100644 --- a/packages/zeek/data_stream/syslog/agent/stream/httpjson.yml.hbs +++ b/packages/zeek/data_stream/syslog/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: 2 interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -27,6 +33,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson response.split: target: body.result._raw diff --git a/packages/zeek/data_stream/traceroute/agent/stream/httpjson.yml.hbs b/packages/zeek/data_stream/traceroute/agent/stream/httpjson.yml.hbs index 4c651f4917bd..a2f2528bfb26 100644 --- a/packages/zeek/data_stream/traceroute/agent/stream/httpjson.yml.hbs +++ b/packages/zeek/data_stream/traceroute/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: 2 interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -27,6 +33,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson response.split: target: body.result._raw diff --git a/packages/zeek/data_stream/tunnel/agent/stream/httpjson.yml.hbs b/packages/zeek/data_stream/tunnel/agent/stream/httpjson.yml.hbs index 4c651f4917bd..a2f2528bfb26 100644 --- a/packages/zeek/data_stream/tunnel/agent/stream/httpjson.yml.hbs +++ b/packages/zeek/data_stream/tunnel/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: 2 interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -27,6 +33,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson response.split: target: body.result._raw diff --git a/packages/zeek/data_stream/weird/agent/stream/httpjson.yml.hbs b/packages/zeek/data_stream/weird/agent/stream/httpjson.yml.hbs index 4c651f4917bd..a2f2528bfb26 100644 --- a/packages/zeek/data_stream/weird/agent/stream/httpjson.yml.hbs +++ b/packages/zeek/data_stream/weird/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: 2 interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -27,6 +33,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson response.split: target: body.result._raw diff --git a/packages/zeek/data_stream/x509/agent/stream/httpjson.yml.hbs b/packages/zeek/data_stream/x509/agent/stream/httpjson.yml.hbs index 4c651f4917bd..a2f2528bfb26 100644 --- a/packages/zeek/data_stream/x509/agent/stream/httpjson.yml.hbs +++ b/packages/zeek/data_stream/x509/agent/stream/httpjson.yml.hbs @@ -1,7 +1,13 @@ config_version: 2 interval: {{interval}} +{{#unless token}} +{{#if username}} +{{#if password}} auth.basic.user: {{username}} auth.basic.password: {{password}} +{{/if}} +{{/if}} +{{/unless}} cursor: index_earliest: value: '[[.last_event.result.max_indextime]]' @@ -27,6 +33,15 @@ request.transforms: - set: target: header.Content-Type value: application/x-www-form-urlencoded +{{#unless username}} +{{#unless password}} +{{#if token}} + - set: + target: header.Authorization + value: {{token}} +{{/if}} +{{/unless}} +{{/unless}} response.decode_as: application/x-ndjson response.split: target: body.result._raw diff --git a/packages/zeek/manifest.yml b/packages/zeek/manifest.yml index a38e848074e0..4aefdaf00ba4 100644 --- a/packages/zeek/manifest.yml +++ b/packages/zeek/manifest.yml @@ -1,6 +1,6 @@ name: zeek title: Zeek -version: 0.8.3 +version: 0.8.4 release: beta description: Zeek Integration type: integration @@ -54,12 +54,21 @@ policy_templates: type: text title: Splunk REST API Username show_user: true - required: true + required: false - name: password type: password title: Splunk REST API Password - required: true show_user: true + required: false + - name: token + type: password + title: Splunk Authorization Token + description: | + Bearer Token or Session Key, e.g. "Bearer eyJFd3e46..." + or "Splunk 192fd3e...". Cannot be used with username + and password. + show_user: true + required: false - name: ssl type: yaml title: SSL Configuration @@ -67,5 +76,27 @@ policy_templates: multi: false required: false show_user: false + default: | + #certificate_authorities: + # - | + # -----BEGIN CERTIFICATE----- + # MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF + # ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2 + # MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB + # BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n + # fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl + # 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t + # /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP + # PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41 + # CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O + # BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux + # 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D + # 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw + # 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA + # H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu + # 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0 + # yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk + # sxSmbIUfc2SGJGCJD4I= + # -----END CERTIFICATE----- owner: github: elastic/security-external-integrations