From 7e17d1fe96066034c804919446f8f3150357abe9 Mon Sep 17 00:00:00 2001 From: Adrian Serrano Date: Wed, 5 Aug 2020 18:02:46 +0200 Subject: [PATCH] [Filebeat][ATP Module]Setting user agent field required by the API (#20440) (#20446) Setting user-agent field required by ATP API for monitoring purposes (cherry picked from commit 6a9a20e47a8a28a0368c1f992ce585a271d09b07) Co-authored-by: Marius Iversen --- .../filebeat/module/microsoft/defender_atp/config/atp.yml | 2 +- x-pack/filebeat/module/microsoft/defender_atp/manifest.yml | 7 +++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/x-pack/filebeat/module/microsoft/defender_atp/config/atp.yml b/x-pack/filebeat/module/microsoft/defender_atp/config/atp.yml index 5210fc53e759..5108ebdad073 100644 --- a/x-pack/filebeat/module/microsoft/defender_atp/config/atp.yml +++ b/x-pack/filebeat/module/microsoft/defender_atp/config/atp.yml @@ -11,7 +11,7 @@ url: {{ .url }} oauth2: {{ .oauth2 | tojson }} oauth2.provider: azure oauth2.azure.resource: https://api.securitycenter.windows.com/ - +http_headers: {{ .http_headers | tojson }} date_cursor.field: lastUpdateTime date_cursor.url_field: '$filter' date_cursor.value_template: {{ .date_cursor.value_template }} diff --git a/x-pack/filebeat/module/microsoft/defender_atp/manifest.yml b/x-pack/filebeat/module/microsoft/defender_atp/manifest.yml index 99cca9da1af1..22db34487109 100644 --- a/x-pack/filebeat/module/microsoft/defender_atp/manifest.yml +++ b/x-pack/filebeat/module/microsoft/defender_atp/manifest.yml @@ -6,14 +6,17 @@ var: - name: interval default: 5m - name: date_cursor - default: + default: value_template: "lastUpdateTime gt {{.}}" - name: tags default: [defender-atp, forwarded] + - name: http_headers + default: + User-Agent: MdatpPartner-Elastic-Filebeat/1.0.0 - name: url default: "https://api.securitycenter.windows.com/api/alerts?$expand=evidence" - name: oauth2 - + ingest_pipeline: ingest/pipeline.yml input: config/atp.yml