diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
index cdfa2073453b..20149d965255 100644
--- a/CHANGELOG.next.asciidoc
+++ b/CHANGELOG.next.asciidoc
@@ -799,6 +799,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 - Support X-Forwarder-For in IIS logs. {pull}19142[192142]
 - Updating field mappings for Cisco AMP module, fixing certain fields. {pull}24661[24661]
 - Added NTP fileset to Zeek module {pull}24224[24224]
+- Add `proxy_url` config for httpjson v2 input. {issue}24615[24615] {pull}24662[24662]
 
 *Heartbeat*
 
diff --git a/x-pack/filebeat/docs/inputs/input-httpjson.asciidoc b/x-pack/filebeat/docs/inputs/input-httpjson.asciidoc
index be5763830ad8..a0ac58f72474 100644
--- a/x-pack/filebeat/docs/inputs/input-httpjson.asciidoc
+++ b/x-pack/filebeat/docs/inputs/input-httpjson.asciidoc
@@ -20,6 +20,7 @@ This input supports:
 * Pagination
 * Retries
 * Rate limiting
+* Proxying
 * Request transformations
 * Response transformations
 
@@ -383,6 +384,22 @@ This specifies SSL/TLS configuration. If the ssl section is missing, the host's
 CAs are used for HTTPS connections. See <<configuration-ssl>> for more
 information.
 
+[float]
+==== `request.proxy_url`
+
+This specifies proxy configuration in the form of `http[s]://<user>:<password>@<server name/ip>:<port>`
+
+["source","yaml",subs="attributes"]
+----
+filebeat.inputs:
+# Fetch your public IP every minute.
+- type: httpjson
+  config_version: 2
+  interval: 1m
+  request.url: https://api.ipify.org/?format=json
+  request.proxy_url: http://proxy.example:8080
+----
+
 [float]
 ==== `request.retry.max_attempts`
 
diff --git a/x-pack/filebeat/input/httpjson/internal/v2/config_request.go b/x-pack/filebeat/input/httpjson/internal/v2/config_request.go
index d2c93363c87c..f64a03d98993 100644
--- a/x-pack/filebeat/input/httpjson/internal/v2/config_request.go
+++ b/x-pack/filebeat/input/httpjson/internal/v2/config_request.go
@@ -88,6 +88,7 @@ type requestConfig struct {
 	RedirectMaxRedirects   int               `config:"redirect.max_redirects"`
 	RateLimit              *rateLimitConfig  `config:"rate_limit"`
 	Transforms             transformsConfig  `config:"transforms"`
+	ProxyURL               *urlConfig        `config:"proxy_url"`
 }
 
 func (c requestConfig) getTimeout() time.Duration {
diff --git a/x-pack/filebeat/input/httpjson/internal/v2/input.go b/x-pack/filebeat/input/httpjson/internal/v2/input.go
index f9c76226818a..e8c8fe510829 100644
--- a/x-pack/filebeat/input/httpjson/internal/v2/input.go
+++ b/x-pack/filebeat/input/httpjson/internal/v2/input.go
@@ -149,17 +149,22 @@ func run(
 
 func newHTTPClient(ctx context.Context, config config, tlsConfig *tlscommon.TLSConfig, log *logp.Logger) (*httpClient, error) {
 	timeout := config.Request.getTimeout()
+	proxy_url := config.Request.ProxyURL
 
 	// Make retryable HTTP client
+	transport := &http.Transport{
+		DialContext: (&net.Dialer{
+			Timeout: timeout,
+		}).DialContext,
+		TLSClientConfig:   tlsConfig.ToConfig(),
+		DisableKeepAlives: true,
+	}
+	if proxy_url != nil && proxy_url.URL != nil {
+		transport.Proxy = http.ProxyURL(proxy_url.URL)
+	}
 	client := &retryablehttp.Client{
 		HTTPClient: &http.Client{
-			Transport: &http.Transport{
-				DialContext: (&net.Dialer{
-					Timeout: timeout,
-				}).DialContext,
-				TLSClientConfig:   tlsConfig.ToConfig(),
-				DisableKeepAlives: true,
-			},
+			Transport:     transport,
 			Timeout:       timeout,
 			CheckRedirect: checkRedirect(config.Request, log),
 		},
diff --git a/x-pack/filebeat/module/cisco/amp/config/config.yml b/x-pack/filebeat/module/cisco/amp/config/config.yml
index 0aa38440947e..bd5f93f7a901 100644
--- a/x-pack/filebeat/module/cisco/amp/config/config.yml
+++ b/x-pack/filebeat/module/cisco/amp/config/config.yml
@@ -17,6 +17,9 @@ request.timeout: {{ .request_timeout }}
 {{ if .ssl }}
 request.ssl: {{ .ssl | tojson }}
 {{ end }}
+{{ if .proxy_url }}
+request.proxy_url: {{ .proxy_url }}
+{{ end }}
 request.transforms:
 - set:
     target: url.params.start_date
diff --git a/x-pack/filebeat/module/cisco/amp/manifest.yml b/x-pack/filebeat/module/cisco/amp/manifest.yml
index 9458f80a17df..1c3b263d34ce 100644
--- a/x-pack/filebeat/module/cisco/amp/manifest.yml
+++ b/x-pack/filebeat/module/cisco/amp/manifest.yml
@@ -18,6 +18,7 @@ var:
     default: 24h
   - name: interval
     default: 60m
+  - name: proxy_url
 
 ingest_pipeline:
   - ingest/pipeline.yml
diff --git a/x-pack/filebeat/module/google_workspace/admin/config/config.yml b/x-pack/filebeat/module/google_workspace/admin/config/config.yml
index 1b992f50d132..b2733ef6a446 100644
--- a/x-pack/filebeat/module/google_workspace/admin/config/config.yml
+++ b/x-pack/filebeat/module/google_workspace/admin/config/config.yml
@@ -11,6 +11,9 @@ request.url: https://www.googleapis.com/admin/reports/v1/activity/users/{{ .user
 {{ if .http_client_timeout }}
 request.timeout: {{ .http_client_timeout }}
 {{ end }}
+{{ if .proxy_url }}
+request.proxy_url: {{ .proxy_url }}
+{{ end }}
 request.transforms:
   - set:
       target: url.params.startTime
diff --git a/x-pack/filebeat/module/google_workspace/admin/manifest.yml b/x-pack/filebeat/module/google_workspace/admin/manifest.yml
index 48570efe4486..c5992776ac07 100644
--- a/x-pack/filebeat/module/google_workspace/admin/manifest.yml
+++ b/x-pack/filebeat/module/google_workspace/admin/manifest.yml
@@ -15,6 +15,7 @@ var:
     default: 2h
   - name: tags
     default: [forwarded]
+  - name: proxy_url
 
 input: config/config.yml
 ingest_pipeline: ../ingest/common.yml
diff --git a/x-pack/filebeat/module/google_workspace/drive/config/config.yml b/x-pack/filebeat/module/google_workspace/drive/config/config.yml
index e88aecca5280..e1d39b69cdb3 100644
--- a/x-pack/filebeat/module/google_workspace/drive/config/config.yml
+++ b/x-pack/filebeat/module/google_workspace/drive/config/config.yml
@@ -11,6 +11,9 @@ request.url: https://www.googleapis.com/admin/reports/v1/activity/users/{{ .user
 {{ if .http_client_timeout }}
 request.timeout: {{ .http_client_timeout }}
 {{ end }}
+{{ if .proxy_url }}
+request.proxy_url: {{ .proxy_url }}
+{{ end }}
 request.transforms:
   - set:
       target: url.params.startTime
diff --git a/x-pack/filebeat/module/google_workspace/drive/manifest.yml b/x-pack/filebeat/module/google_workspace/drive/manifest.yml
index 48570efe4486..c5992776ac07 100644
--- a/x-pack/filebeat/module/google_workspace/drive/manifest.yml
+++ b/x-pack/filebeat/module/google_workspace/drive/manifest.yml
@@ -15,6 +15,7 @@ var:
     default: 2h
   - name: tags
     default: [forwarded]
+  - name: proxy_url
 
 input: config/config.yml
 ingest_pipeline: ../ingest/common.yml
diff --git a/x-pack/filebeat/module/google_workspace/groups/config/config.yml b/x-pack/filebeat/module/google_workspace/groups/config/config.yml
index d40347b89fbc..5b28babd0687 100644
--- a/x-pack/filebeat/module/google_workspace/groups/config/config.yml
+++ b/x-pack/filebeat/module/google_workspace/groups/config/config.yml
@@ -11,6 +11,9 @@ request.url: https://www.googleapis.com/admin/reports/v1/activity/users/{{ .user
 {{ if .http_client_timeout }}
 request.timeout: {{ .http_client_timeout }}
 {{ end }}
+{{ if .proxy_url }}
+request.proxy_url: {{ .proxy_url }}
+{{ end }}
 request.transforms:
   - set:
       target: url.params.startTime
diff --git a/x-pack/filebeat/module/google_workspace/groups/manifest.yml b/x-pack/filebeat/module/google_workspace/groups/manifest.yml
index 48570efe4486..c5992776ac07 100644
--- a/x-pack/filebeat/module/google_workspace/groups/manifest.yml
+++ b/x-pack/filebeat/module/google_workspace/groups/manifest.yml
@@ -15,6 +15,7 @@ var:
     default: 2h
   - name: tags
     default: [forwarded]
+  - name: proxy_url
 
 input: config/config.yml
 ingest_pipeline: ../ingest/common.yml
diff --git a/x-pack/filebeat/module/google_workspace/login/config/config.yml b/x-pack/filebeat/module/google_workspace/login/config/config.yml
index 6f1249bd1950..cab92bb0ec1a 100644
--- a/x-pack/filebeat/module/google_workspace/login/config/config.yml
+++ b/x-pack/filebeat/module/google_workspace/login/config/config.yml
@@ -11,6 +11,9 @@ request.url: https://www.googleapis.com/admin/reports/v1/activity/users/{{ .user
 {{ if .http_client_timeout }}
 request.timeout: {{ .http_client_timeout }}
 {{ end }}
+{{ if .proxy_url }}
+request.proxy_url: {{ .proxy_url }}
+{{ end }}
 request.transforms:
   - set:
       target: url.params.startTime
diff --git a/x-pack/filebeat/module/google_workspace/login/manifest.yml b/x-pack/filebeat/module/google_workspace/login/manifest.yml
index 48570efe4486..c5992776ac07 100644
--- a/x-pack/filebeat/module/google_workspace/login/manifest.yml
+++ b/x-pack/filebeat/module/google_workspace/login/manifest.yml
@@ -15,6 +15,7 @@ var:
     default: 2h
   - name: tags
     default: [forwarded]
+  - name: proxy_url
 
 input: config/config.yml
 ingest_pipeline: ../ingest/common.yml
diff --git a/x-pack/filebeat/module/google_workspace/saml/config/config.yml b/x-pack/filebeat/module/google_workspace/saml/config/config.yml
index d69484c939fe..1ce19e2d05ea 100644
--- a/x-pack/filebeat/module/google_workspace/saml/config/config.yml
+++ b/x-pack/filebeat/module/google_workspace/saml/config/config.yml
@@ -11,6 +11,9 @@ request.url: https://www.googleapis.com/admin/reports/v1/activity/users/{{ .user
 {{ if .http_client_timeout }}
 request.timeout: {{ .http_client_timeout }}
 {{ end }}
+{{ if .proxy_url }}
+request.proxy_url: {{ .proxy_url }}
+{{ end }}
 request.transforms:
   - set:
       target: url.params.startTime
diff --git a/x-pack/filebeat/module/google_workspace/saml/manifest.yml b/x-pack/filebeat/module/google_workspace/saml/manifest.yml
index 48570efe4486..c5992776ac07 100644
--- a/x-pack/filebeat/module/google_workspace/saml/manifest.yml
+++ b/x-pack/filebeat/module/google_workspace/saml/manifest.yml
@@ -15,6 +15,7 @@ var:
     default: 2h
   - name: tags
     default: [forwarded]
+  - name: proxy_url
 
 input: config/config.yml
 ingest_pipeline: ../ingest/common.yml
diff --git a/x-pack/filebeat/module/google_workspace/user_accounts/config/config.yml b/x-pack/filebeat/module/google_workspace/user_accounts/config/config.yml
index f67eb4208331..5f5142478aed 100644
--- a/x-pack/filebeat/module/google_workspace/user_accounts/config/config.yml
+++ b/x-pack/filebeat/module/google_workspace/user_accounts/config/config.yml
@@ -11,6 +11,9 @@ request.url: https://www.googleapis.com/admin/reports/v1/activity/users/{{ .user
 {{ if .http_client_timeout }}
 request.timeout: {{ .http_client_timeout }}
 {{ end }}
+{{ if .proxy_url }}
+request.proxy_url: {{ .proxy_url }}
+{{ end }}
 request.transforms:
   - set:
       target: url.params.startTime
diff --git a/x-pack/filebeat/module/google_workspace/user_accounts/manifest.yml b/x-pack/filebeat/module/google_workspace/user_accounts/manifest.yml
index 48570efe4486..c5992776ac07 100644
--- a/x-pack/filebeat/module/google_workspace/user_accounts/manifest.yml
+++ b/x-pack/filebeat/module/google_workspace/user_accounts/manifest.yml
@@ -15,6 +15,7 @@ var:
     default: 2h
   - name: tags
     default: [forwarded]
+  - name: proxy_url
 
 input: config/config.yml
 ingest_pipeline: ../ingest/common.yml
diff --git a/x-pack/filebeat/module/gsuite/admin/config/config.yml b/x-pack/filebeat/module/gsuite/admin/config/config.yml
index 12e3730dc939..b6a7f3b6c9cc 100644
--- a/x-pack/filebeat/module/gsuite/admin/config/config.yml
+++ b/x-pack/filebeat/module/gsuite/admin/config/config.yml
@@ -23,6 +23,10 @@ date_cursor.initial_interval: {{ .initial_interval }}
 pagination.id_field: nextPageToken
 pagination.url_field: pageToken
 
+{{ if .proxy_url }}
+request.proxy_url: {{ .proxy_url }}
+{{ end }}
+
 {{ else if eq .input "file" }}
 type: log
 paths:
diff --git a/x-pack/filebeat/module/gsuite/admin/manifest.yml b/x-pack/filebeat/module/gsuite/admin/manifest.yml
index 48570efe4486..c5992776ac07 100644
--- a/x-pack/filebeat/module/gsuite/admin/manifest.yml
+++ b/x-pack/filebeat/module/gsuite/admin/manifest.yml
@@ -15,6 +15,7 @@ var:
     default: 2h
   - name: tags
     default: [forwarded]
+  - name: proxy_url
 
 input: config/config.yml
 ingest_pipeline: ../ingest/common.yml
diff --git a/x-pack/filebeat/module/gsuite/drive/config/config.yml b/x-pack/filebeat/module/gsuite/drive/config/config.yml
index 80583ee31b6d..45e5385413ac 100644
--- a/x-pack/filebeat/module/gsuite/drive/config/config.yml
+++ b/x-pack/filebeat/module/gsuite/drive/config/config.yml
@@ -23,6 +23,10 @@ date_cursor.initial_interval: {{ .initial_interval }}
 pagination.id_field: nextPageToken
 pagination.url_field: pageToken
 
+{{ if .proxy_url }}
+request.proxy_url: {{ .proxy_url }}
+{{ end }}
+
 {{ else if eq .input "file" }}
 type: log
 paths:
diff --git a/x-pack/filebeat/module/gsuite/drive/manifest.yml b/x-pack/filebeat/module/gsuite/drive/manifest.yml
index 48570efe4486..c5992776ac07 100644
--- a/x-pack/filebeat/module/gsuite/drive/manifest.yml
+++ b/x-pack/filebeat/module/gsuite/drive/manifest.yml
@@ -15,6 +15,7 @@ var:
     default: 2h
   - name: tags
     default: [forwarded]
+  - name: proxy_url
 
 input: config/config.yml
 ingest_pipeline: ../ingest/common.yml
diff --git a/x-pack/filebeat/module/gsuite/groups/config/config.yml b/x-pack/filebeat/module/gsuite/groups/config/config.yml
index 754825184772..1d5efbbd51bd 100644
--- a/x-pack/filebeat/module/gsuite/groups/config/config.yml
+++ b/x-pack/filebeat/module/gsuite/groups/config/config.yml
@@ -23,6 +23,10 @@ date_cursor.initial_interval: {{ .initial_interval }}
 pagination.id_field: nextPageToken
 pagination.url_field: pageToken
 
+{{ if .proxy_url }}
+request.proxy_url: {{ .proxy_url }}
+{{ end }}
+
 {{ else if eq .input "file" }}
 type: log
 paths:
diff --git a/x-pack/filebeat/module/gsuite/groups/manifest.yml b/x-pack/filebeat/module/gsuite/groups/manifest.yml
index 48570efe4486..c5992776ac07 100644
--- a/x-pack/filebeat/module/gsuite/groups/manifest.yml
+++ b/x-pack/filebeat/module/gsuite/groups/manifest.yml
@@ -15,6 +15,7 @@ var:
     default: 2h
   - name: tags
     default: [forwarded]
+  - name: proxy_url
 
 input: config/config.yml
 ingest_pipeline: ../ingest/common.yml
diff --git a/x-pack/filebeat/module/gsuite/login/config/config.yml b/x-pack/filebeat/module/gsuite/login/config/config.yml
index ab40715bd4ae..565595fc6a4c 100644
--- a/x-pack/filebeat/module/gsuite/login/config/config.yml
+++ b/x-pack/filebeat/module/gsuite/login/config/config.yml
@@ -23,6 +23,10 @@ date_cursor.initial_interval: {{ .initial_interval }}
 pagination.id_field: nextPageToken
 pagination.url_field: pageToken
 
+{{ if .proxy_url }}
+request.proxy_url: {{ .proxy_url }}
+{{ end }}
+
 {{ else if eq .input "file" }}
 type: log
 paths:
diff --git a/x-pack/filebeat/module/gsuite/login/manifest.yml b/x-pack/filebeat/module/gsuite/login/manifest.yml
index 48570efe4486..c5992776ac07 100644
--- a/x-pack/filebeat/module/gsuite/login/manifest.yml
+++ b/x-pack/filebeat/module/gsuite/login/manifest.yml
@@ -15,6 +15,7 @@ var:
     default: 2h
   - name: tags
     default: [forwarded]
+  - name: proxy_url
 
 input: config/config.yml
 ingest_pipeline: ../ingest/common.yml
diff --git a/x-pack/filebeat/module/gsuite/saml/config/config.yml b/x-pack/filebeat/module/gsuite/saml/config/config.yml
index 62f1e7d9f4e6..f83331abbae0 100644
--- a/x-pack/filebeat/module/gsuite/saml/config/config.yml
+++ b/x-pack/filebeat/module/gsuite/saml/config/config.yml
@@ -23,6 +23,10 @@ date_cursor.initial_interval: {{ .initial_interval }}
 pagination.id_field: nextPageToken
 pagination.url_field: pageToken
 
+{{ if .proxy_url }}
+request.proxy_url: {{ .proxy_url }}
+{{ end }}
+
 {{ else if eq .input "file" }}
 type: log
 paths:
diff --git a/x-pack/filebeat/module/gsuite/saml/manifest.yml b/x-pack/filebeat/module/gsuite/saml/manifest.yml
index 48570efe4486..c5992776ac07 100644
--- a/x-pack/filebeat/module/gsuite/saml/manifest.yml
+++ b/x-pack/filebeat/module/gsuite/saml/manifest.yml
@@ -15,6 +15,7 @@ var:
     default: 2h
   - name: tags
     default: [forwarded]
+  - name: proxy_url
 
 input: config/config.yml
 ingest_pipeline: ../ingest/common.yml
diff --git a/x-pack/filebeat/module/gsuite/user_accounts/config/config.yml b/x-pack/filebeat/module/gsuite/user_accounts/config/config.yml
index c6aa5ded1441..32e269007c9b 100644
--- a/x-pack/filebeat/module/gsuite/user_accounts/config/config.yml
+++ b/x-pack/filebeat/module/gsuite/user_accounts/config/config.yml
@@ -23,6 +23,10 @@ date_cursor.initial_interval: {{ .initial_interval }}
 pagination.id_field: nextPageToken
 pagination.url_field: pageToken
 
+{{ if .proxy_url }}
+request.proxy_url: {{ .proxy_url }}
+{{ end }}
+
 {{ else if eq .input "file" }}
 type: log
 paths:
diff --git a/x-pack/filebeat/module/gsuite/user_accounts/manifest.yml b/x-pack/filebeat/module/gsuite/user_accounts/manifest.yml
index 48570efe4486..c5992776ac07 100644
--- a/x-pack/filebeat/module/gsuite/user_accounts/manifest.yml
+++ b/x-pack/filebeat/module/gsuite/user_accounts/manifest.yml
@@ -15,6 +15,7 @@ var:
     default: 2h
   - name: tags
     default: [forwarded]
+  - name: proxy_url
 
 input: config/config.yml
 ingest_pipeline: ../ingest/common.yml
diff --git a/x-pack/filebeat/module/microsoft/defender_atp/config/atp.yml b/x-pack/filebeat/module/microsoft/defender_atp/config/atp.yml
index d1e5c971b802..57a1d61cea3a 100644
--- a/x-pack/filebeat/module/microsoft/defender_atp/config/atp.yml
+++ b/x-pack/filebeat/module/microsoft/defender_atp/config/atp.yml
@@ -9,6 +9,10 @@ auth.oauth2: {{ .oauth2 | tojson }}
 auth.oauth2.provider: azure
 auth.oauth2.azure.resource: https://api.securitycenter.windows.com/
 
+{{ if .proxy_url }}
+request.proxy_url: {{ .proxy_url }}
+{{ end }}
+
 request.url: "https://api.securitycenter.windows.com/api/alerts"
 request.method: GET
 request.transforms:
diff --git a/x-pack/filebeat/module/microsoft/defender_atp/manifest.yml b/x-pack/filebeat/module/microsoft/defender_atp/manifest.yml
index 1c93e4d277a7..2bf5bf65034b 100644
--- a/x-pack/filebeat/module/microsoft/defender_atp/manifest.yml
+++ b/x-pack/filebeat/module/microsoft/defender_atp/manifest.yml
@@ -8,6 +8,7 @@ var:
   - name: tags
     default: [defender-atp, forwarded]
   - name: oauth2
+  - name: proxy_url
 
 ingest_pipeline: ingest/pipeline.yml
 input: config/atp.yml
diff --git a/x-pack/filebeat/module/microsoft/m365_defender/config/defender.yml b/x-pack/filebeat/module/microsoft/m365_defender/config/defender.yml
index 52ebe56c3b19..e35fc8a88a52 100644
--- a/x-pack/filebeat/module/microsoft/m365_defender/config/defender.yml
+++ b/x-pack/filebeat/module/microsoft/m365_defender/config/defender.yml
@@ -9,6 +9,10 @@ auth.oauth2: {{ .oauth2 | tojson }}
 auth.oauth2.provider: azure
 auth.oauth2.azure.resource: https://api.securitycenter.windows.com/
 
+{{ if .proxy_url }}
+request.proxy_url: {{ .proxy_url }}
+{{ end }}
+
 request.url: "https://api.security.microsoft.com/api/incidents"
 request.method: GET
 request.transforms:
diff --git a/x-pack/filebeat/module/microsoft/m365_defender/manifest.yml b/x-pack/filebeat/module/microsoft/m365_defender/manifest.yml
index 99f00620d9d5..e3524259d08c 100644
--- a/x-pack/filebeat/module/microsoft/m365_defender/manifest.yml
+++ b/x-pack/filebeat/module/microsoft/m365_defender/manifest.yml
@@ -8,6 +8,7 @@ var:
   - name: tags
     default: [m365-defender, forwarded]
   - name: oauth2
+  - name: proxy_url
 
 ingest_pipeline: ingest/pipeline.yml
 input: config/defender.yml
diff --git a/x-pack/filebeat/module/misp/threat/config/input.yml b/x-pack/filebeat/module/misp/threat/config/input.yml
index 488f0a249c02..c41a10651d43 100644
--- a/x-pack/filebeat/module/misp/threat/config/input.yml
+++ b/x-pack/filebeat/module/misp/threat/config/input.yml
@@ -6,6 +6,9 @@ interval: {{ .interval }}
 
 request.method: POST
 request.ssl: {{ .ssl | tojson }}
+{{ if .proxy_url }}
+request.proxy_url: {{ .proxy_url }}
+{{ end }}
 request.url: {{ .url }}
 request.timeout: {{ .http_client_timeout }}
 request.body: {{ .http_request_body | tojson }}
diff --git a/x-pack/filebeat/module/misp/threat/manifest.yml b/x-pack/filebeat/module/misp/threat/manifest.yml
index 63e3ef6db6e0..312c800901f7 100644
--- a/x-pack/filebeat/module/misp/threat/manifest.yml
+++ b/x-pack/filebeat/module/misp/threat/manifest.yml
@@ -13,6 +13,7 @@ var:
     default: "60s"
   - name: url
   - name: ssl
+  - name: proxy_url
 
 input: config/input.yml
 ingest_pipeline: ingest/pipeline.json
diff --git a/x-pack/filebeat/module/okta/system/config/input.yml b/x-pack/filebeat/module/okta/system/config/input.yml
index 05ff819fad0a..8321a36a391c 100644
--- a/x-pack/filebeat/module/okta/system/config/input.yml
+++ b/x-pack/filebeat/module/okta/system/config/input.yml
@@ -12,6 +12,11 @@ request.ssl: {{ .ssl | tojson }}
 request.timeout: {{ .http_client_timeout }}
 {{ end }}
 
+
+{{ if .proxy_url }}
+request.proxy_url: {{ .proxy_url }}
+{{ end }}
+
 request.method: GET
 request.url: {{ .url }}
 request.rate_limit:
diff --git a/x-pack/filebeat/module/okta/system/manifest.yml b/x-pack/filebeat/module/okta/system/manifest.yml
index 688f1a9ba445..830c8682de5f 100644
--- a/x-pack/filebeat/module/okta/system/manifest.yml
+++ b/x-pack/filebeat/module/okta/system/manifest.yml
@@ -13,6 +13,7 @@ var:
   - name: tags
     default: [forwarded]
   - name: url
+  - name: proxy_url
   - name: initial_interval
     default: 24h
 
diff --git a/x-pack/filebeat/module/snyk/audit/config/config.yml b/x-pack/filebeat/module/snyk/audit/config/config.yml
index 73cd5423a028..f83c91327a21 100644
--- a/x-pack/filebeat/module/snyk/audit/config/config.yml
+++ b/x-pack/filebeat/module/snyk/audit/config/config.yml
@@ -13,6 +13,9 @@ request.url: https://snyk.io/api/v1/org/{{.audit_id}}/audit?page=1&sortOrder=ASC
 {{ end }}
 request.method: POST
 request.ssl: {{ .ssl | tojson }}
+{{ if .proxy_url }}
+request.proxy_url: {{ .proxy_url }}
+{{ end }}
 request.transforms:
 - set:
     target: header.Authorization
diff --git a/x-pack/filebeat/module/snyk/audit/manifest.yml b/x-pack/filebeat/module/snyk/audit/manifest.yml
index eed5f4c29c95..b8858144bae6 100644
--- a/x-pack/filebeat/module/snyk/audit/manifest.yml
+++ b/x-pack/filebeat/module/snyk/audit/manifest.yml
@@ -21,6 +21,7 @@ var:
   - name: event
     default: ""
   - name: ssl
+  - name: proxy_url
 
 ingest_pipeline:
   - ingest/pipeline.yml
diff --git a/x-pack/filebeat/module/snyk/vulnerabilities/config/config.yml b/x-pack/filebeat/module/snyk/vulnerabilities/config/config.yml
index ca371361192a..b04e945f7e06 100644
--- a/x-pack/filebeat/module/snyk/vulnerabilities/config/config.yml
+++ b/x-pack/filebeat/module/snyk/vulnerabilities/config/config.yml
@@ -7,6 +7,9 @@ interval: {{ .interval }}
 request.url: {{ .url }}
 request.method: POST
 request.ssl: {{ .ssl | tojson }}
+{{ if .proxy_url }}
+request.proxy_url: {{ .proxy_url }}
+{{ end }}
 request.transforms:
 - set:
     target: header.Authorization
diff --git a/x-pack/filebeat/module/snyk/vulnerabilities/manifest.yml b/x-pack/filebeat/module/snyk/vulnerabilities/manifest.yml
index 391333380dc9..771e52b972b5 100644
--- a/x-pack/filebeat/module/snyk/vulnerabilities/manifest.yml
+++ b/x-pack/filebeat/module/snyk/vulnerabilities/manifest.yml
@@ -61,6 +61,7 @@ var:
     default: 0
   - name: max_priority_score
     default: 1000
+  - name: proxy_url
 
 ingest_pipeline:
   - ingest/pipeline.yml
diff --git a/x-pack/filebeat/module/threatintel/abusemalware/config/config.yml b/x-pack/filebeat/module/threatintel/abusemalware/config/config.yml
index 145dfe246ddf..ee9e7d307643 100644
--- a/x-pack/filebeat/module/threatintel/abusemalware/config/config.yml
+++ b/x-pack/filebeat/module/threatintel/abusemalware/config/config.yml
@@ -8,6 +8,9 @@ request.method: GET
 {{ if .ssl }}
 request.ssl: {{ .ssl | tojson }}
 {{ end }}
+{{ if .proxy_url }}
+request.proxy_url: {{ .proxy_url }}
+{{ end }}
 request.url: {{ .url }}
 request.transforms:
 - set:
diff --git a/x-pack/filebeat/module/threatintel/abusemalware/manifest.yml b/x-pack/filebeat/module/threatintel/abusemalware/manifest.yml
index e3159060cd81..5fe3a155180e 100644
--- a/x-pack/filebeat/module/threatintel/abusemalware/manifest.yml
+++ b/x-pack/filebeat/module/threatintel/abusemalware/manifest.yml
@@ -10,6 +10,7 @@ var:
   - name: ssl
   - name: tags
     default: [threatintel-abusemalware, forwarded]
+  - name: proxy_url
 
 ingest_pipeline:
   - ingest/pipeline.yml
diff --git a/x-pack/filebeat/module/threatintel/abuseurl/config/config.yml b/x-pack/filebeat/module/threatintel/abuseurl/config/config.yml
index 96affa7da975..276f5448a1f7 100644
--- a/x-pack/filebeat/module/threatintel/abuseurl/config/config.yml
+++ b/x-pack/filebeat/module/threatintel/abuseurl/config/config.yml
@@ -8,6 +8,9 @@ request.method: GET
 {{ if .ssl }}
 request.ssl: {{ .ssl | tojson }}
 {{ end }}
+{{ if .proxy_url }}
+request.proxy_url: {{ .proxy_url }}
+{{ end }}
 request.url: {{ .url }}
 request.transforms:
 - set:
diff --git a/x-pack/filebeat/module/threatintel/abuseurl/manifest.yml b/x-pack/filebeat/module/threatintel/abuseurl/manifest.yml
index 155e9b4ff3fa..13b5e663c4ac 100644
--- a/x-pack/filebeat/module/threatintel/abuseurl/manifest.yml
+++ b/x-pack/filebeat/module/threatintel/abuseurl/manifest.yml
@@ -10,6 +10,7 @@ var:
   - name: ssl
   - name: tags
     default: [threatintel-abuseurls, forwarded]
+  - name: proxy_url
 
 ingest_pipeline:
   - ingest/pipeline.yml
diff --git a/x-pack/filebeat/module/threatintel/anomali/config/config.yml b/x-pack/filebeat/module/threatintel/anomali/config/config.yml
index fd55b6e07c2e..557b71c31bb4 100644
--- a/x-pack/filebeat/module/threatintel/anomali/config/config.yml
+++ b/x-pack/filebeat/module/threatintel/anomali/config/config.yml
@@ -14,6 +14,9 @@ request.method: GET
 {{ if .ssl }}
 request.ssl: {{ .ssl | tojson }}
 {{ end }}
+{{ if .proxy_url }}
+request.proxy_url: {{ .proxy_url }}
+{{ end }}
 request.url: {{ .url }}
 request.redirect.forward_headers: true
 request.transforms:
diff --git a/x-pack/filebeat/module/threatintel/anomali/manifest.yml b/x-pack/filebeat/module/threatintel/anomali/manifest.yml
index b7b87d8fe66d..1087e00df8a6 100644
--- a/x-pack/filebeat/module/threatintel/anomali/manifest.yml
+++ b/x-pack/filebeat/module/threatintel/anomali/manifest.yml
@@ -16,6 +16,7 @@ var:
     default: "https://otx.alienvault.com/api/v1/indicators/export"
   - name: tags
     default: [threatintel-anomali, forwarded]
+  - name: proxy_url
 
 ingest_pipeline:
   - ingest/pipeline.yml
diff --git a/x-pack/filebeat/module/threatintel/misp/config/config.yml b/x-pack/filebeat/module/threatintel/misp/config/config.yml
index e28c6c1d9a79..54e895b5364e 100644
--- a/x-pack/filebeat/module/threatintel/misp/config/config.yml
+++ b/x-pack/filebeat/module/threatintel/misp/config/config.yml
@@ -8,6 +8,9 @@ request.method: POST
 {{ if .ssl }}
 request.ssl: {{ .ssl | tojson }}
 {{ end }}
+{{ if .proxy_url }}
+request.proxy_url: {{ .proxy_url }}
+{{ end }}
 request.url: {{ .url }}
 request.body:
     limit: 100
diff --git a/x-pack/filebeat/module/threatintel/misp/manifest.yml b/x-pack/filebeat/module/threatintel/misp/manifest.yml
index a39c1fe44963..41443c01df8d 100644
--- a/x-pack/filebeat/module/threatintel/misp/manifest.yml
+++ b/x-pack/filebeat/module/threatintel/misp/manifest.yml
@@ -14,6 +14,7 @@ var:
     default: "https://localhost/events/restSearch"
   - name: tags
     default: [threatintel-misp, forwarded]
+  - name: proxy_url
 
 ingest_pipeline:
   - ingest/pipeline.yml
diff --git a/x-pack/filebeat/module/threatintel/otx/config/config.yml b/x-pack/filebeat/module/threatintel/otx/config/config.yml
index 252c64a21f4f..44af7e19acbf 100644
--- a/x-pack/filebeat/module/threatintel/otx/config/config.yml
+++ b/x-pack/filebeat/module/threatintel/otx/config/config.yml
@@ -8,6 +8,9 @@ request.method: GET
 {{ if .ssl }}
 request.ssl: {{ .ssl | tojson }}
 {{ end }}
+{{ if .proxy_url }}
+request.proxy_url: {{ .proxy_url }}
+{{ end }}
 {{ if .http_client_timeout }}
 request.timeout: {{ .http_client_timeout }}
 {{ end }}
diff --git a/x-pack/filebeat/module/threatintel/otx/manifest.yml b/x-pack/filebeat/module/threatintel/otx/manifest.yml
index c17efa499e92..0fdefa51d76e 100644
--- a/x-pack/filebeat/module/threatintel/otx/manifest.yml
+++ b/x-pack/filebeat/module/threatintel/otx/manifest.yml
@@ -19,6 +19,7 @@ var:
     default: "https://otx.alienvault.com/api/v1/indicators/export"
   - name: tags
     default: [threatintel-otx, forwarded]
+  - name: proxy_url
 
 ingest_pipeline:
   - ingest/pipeline.yml