-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support HMAC Validation for Filebeat http_endpoint input #24917
Labels
Comments
botelastic
bot
added
the
needs_team
Indicates that the issue/PR needs a Team:* label
label
Apr 2, 2021
6 tasks
Pinging @elastic/agent (Team:Agent) |
botelastic
bot
removed
the
needs_team
Indicates that the issue/PR needs a Team:* label
label
May 10, 2021
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the enhancement:
Add configuration options to enable the use of HMAC to validate requests received to the http_endpoint input. This configuration should be flexible and allow the use of various HMAC hash types, keys, key prefixes, etc. The user should also be able to configure where the signature comes from (i.e. which Header).
Describe a specific use case for the enhancement or feature:
Many services (GitHub, Dropbox, etc.) suggest authenticating their webhook requests using HMAC.
https://www.dropbox.com/developers/reference/webhooks
https://docs.github.com/en/developers/webhooks-and-events/securing-your-webhooks
Currently, there is no way to authenticate that the webhook you receive is actually sent by services that do not support using Basic authentication or an arbitrary header value. Adding this feature would allow users to securely consume data from additional services.
The text was updated successfully, but these errors were encountered: