Skip to content

Commit 6a9a20e

Browse files
P1llusP1llus
authored
[Filebeat][ATP Module]Setting user agent field required by the API (#20440)
Setting user-agent field required by ATP API for monitoring purposes
1 parent fc0e192 commit 6a9a20e

2 files changed

Lines changed: 6 additions & 3 deletions

File tree

x-pack/filebeat/module/microsoft/defender_atp/config/atp.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ url: {{ .url }}
1111
oauth2: {{ .oauth2 | tojson }}
1212
oauth2.provider: azure
1313
oauth2.azure.resource: https://api.securitycenter.windows.com/
14-
14+
http_headers: {{ .http_headers | tojson }}
1515
date_cursor.field: lastUpdateTime
1616
date_cursor.url_field: '$filter'
1717
date_cursor.value_template: {{ .date_cursor.value_template }}

x-pack/filebeat/module/microsoft/defender_atp/manifest.yml

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,14 +6,17 @@ var:
66
- name: interval
77
default: 5m
88
- name: date_cursor
9-
default:
9+
default:
1010
value_template: "lastUpdateTime gt {{.}}"
1111
- name: tags
1212
default: [defender-atp, forwarded]
13+
- name: http_headers
14+
default:
15+
User-Agent: MdatpPartner-Elastic-Filebeat/1.0.0
1316
- name: url
1417
default: "https://api.securitycenter.windows.com/api/alerts?$expand=evidence"
1518
- name: oauth2
16-
19+
1720

1821
ingest_pipeline: ingest/pipeline.yml
1922
input: config/atp.yml

0 commit comments

Comments
 (0)