Skip to content

Commit f9fe84d

Browse files
P1llusP1llus
authored
updating manifest files for filebeat threatintel module (elastic#24074)
* updating manifest files for filebeat threatintel module * split on new object type in config
1 parent e332d9d commit f9fe84d

6 files changed

Lines changed: 116 additions & 103 deletions

File tree

x-pack/filebeat/module/threatintel/anomali/config/config.yml

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,9 +4,12 @@ type: httpjson
44
config_version: "2"
55
interval: {{ .interval }}
66

7+
{{ if .username }}
78
auth.basic.user: {{ .username }}
9+
{{ end }}
10+
{{ if .password }}
811
auth.basic.password: {{ .password }}
9-
12+
{{ end }}
1013
request.method: GET
1114
{{ if .ssl }}
1215
- request.ssl: {{ .ssl | tojson }}
@@ -32,7 +35,7 @@ request.transforms:
3235
default: '[[ formatDate (now (parseDuration "-{{ .first_interval }}")) "2006-01-02T15:04:05.999Z" ]]'
3336

3437
response.split:
35-
target: body.results
38+
target: body.objects
3639

3740
cursor:
3841
timestamp:

x-pack/filebeat/module/threatintel/anomali/manifest.yml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,8 @@ var:
55
default: httpjson
66
- name: interval
77
default: 60m
8+
- name: first_interval
9+
default: 24h
810
- name: ssl
911
- name: types
1012
default: indicators
@@ -13,7 +15,7 @@ var:
1315
- name: url
1416
default: "https://otx.alienvault.com/api/v1/indicators/export"
1517
- name: tags
16-
default: [threatintel-otx, forwarded]
18+
default: [threatintel-anomali, forwarded]
1719

1820
ingest_pipeline:
1921
- ingest/pipeline.yml

0 commit comments

Comments
 (0)