From 6e5c4c732548ed845d96d0724cd0399e64fcdcc9 Mon Sep 17 00:00:00 2001 From: Dan Kortschak Date: Thu, 5 Dec 2024 06:49:45 +1030 Subject: [PATCH] ti_mandiant_advantage: add support for proxy configuration (#11993) --- packages/ti_mandiant_advantage/changelog.yml | 9 +++++++-- .../threat_intelligence/agent/stream/httpjson.yml.hbs | 3 +++ .../data_stream/threat_intelligence/manifest.yml | 7 +++++++ packages/ti_mandiant_advantage/manifest.yml | 2 +- 4 files changed, 18 insertions(+), 3 deletions(-) diff --git a/packages/ti_mandiant_advantage/changelog.yml b/packages/ti_mandiant_advantage/changelog.yml index e9dc78c0eac..fdca51f9810 100644 --- a/packages/ti_mandiant_advantage/changelog.yml +++ b/packages/ti_mandiant_advantage/changelog.yml @@ -1,7 +1,12 @@ # newer versions go on top +- version: "1.6.0" + changes: + - description: Add support for proxy configuration. + type: enhancement + link: https://github.com/elastic/integrations/pull/11993 - version: "1.5.0" changes: - - description: Add processor definition possibility + - description: Add processor definition possibility. type: enhancement link: https://github.com/elastic/integrations/pull/11913 - version: "1.4.2" @@ -11,7 +16,7 @@ link: https://github.com/elastic/integrations/pull/11325 - version: "1.4.1" changes: - - description: Add missing fields in transform + - description: Add missing fields in transform. type: bugfix link: https://github.com/elastic/integrations/pull/11008 - description: Fix mapping of sources subfields. diff --git a/packages/ti_mandiant_advantage/data_stream/threat_intelligence/agent/stream/httpjson.yml.hbs b/packages/ti_mandiant_advantage/data_stream/threat_intelligence/agent/stream/httpjson.yml.hbs index 2077ec2f560..5f9125333e5 100644 --- a/packages/ti_mandiant_advantage/data_stream/threat_intelligence/agent/stream/httpjson.yml.hbs +++ b/packages/ti_mandiant_advantage/data_stream/threat_intelligence/agent/stream/httpjson.yml.hbs @@ -6,6 +6,9 @@ request.tracer.filename: "../../logs/httpjson/http-request-trace-*.ndjson" request.method: GET request.url: {{url}}/v4/indicator? request.timeout: 60s +{{#if proxy_url }} +request.proxy_url: {{proxy_url}} +{{/if}} auth.basic.user: {{mati_api_key_id}} auth.basic.password: {{mati_api_key_secret}} request.transforms: diff --git a/packages/ti_mandiant_advantage/data_stream/threat_intelligence/manifest.yml b/packages/ti_mandiant_advantage/data_stream/threat_intelligence/manifest.yml index d1493895867..cca9eea681e 100644 --- a/packages/ti_mandiant_advantage/data_stream/threat_intelligence/manifest.yml +++ b/packages/ti_mandiant_advantage/data_stream/threat_intelligence/manifest.yml @@ -62,6 +62,13 @@ streams: multi: false required: true show_user: false + - name: proxy_url + type: text + title: Proxy URL + multi: false + required: false + show_user: false + description: URL to proxy connections in the form of http\[s\]://:@: - name: include_misp required: true show_user: true diff --git a/packages/ti_mandiant_advantage/manifest.yml b/packages/ti_mandiant_advantage/manifest.yml index 786f8fde76e..d542ffd4595 100644 --- a/packages/ti_mandiant_advantage/manifest.yml +++ b/packages/ti_mandiant_advantage/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.0.2 name: ti_mandiant_advantage title: "Mandiant Advantage" -version: "1.5.0" +version: "1.6.0" source: license: "Elastic-2.0" description: "Collect Threat Intelligence from products within the Mandiant Advantage platform."