Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support HMAC Validation for Filebeat http_endpoint input #24917

Closed
SpencerLN opened this issue Apr 2, 2021 · 2 comments · Fixed by #24918
Closed

Support HMAC Validation for Filebeat http_endpoint input #24917

SpencerLN opened this issue Apr 2, 2021 · 2 comments · Fixed by #24918
Assignees
@SpencerLN
Labels
enhancement Filebeat Filebeat

Comments

@SpencerLN
Copy link
Contributor

Describe the enhancement:
Add configuration options to enable the use of HMAC to validate requests received to the http_endpoint input. This configuration should be flexible and allow the use of various HMAC hash types, keys, key prefixes, etc. The user should also be able to configure where the signature comes from (i.e. which Header).

Describe a specific use case for the enhancement or feature:

Many services (GitHub, Dropbox, etc.) suggest authenticating their webhook requests using HMAC.

https://www.dropbox.com/developers/reference/webhooks
https://docs.github.com/en/developers/webhooks-and-events/securing-your-webhooks

Currently, there is no way to authenticate that the webhook you receive is actually sent by services that do not support using Basic authentication or an arbitrary header value. Adding this feature would allow users to securely consume data from additional services.
@SpencerLN SpencerLN added the Filebeat Filebeat label Apr 2, 2021
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Apr 2, 2021
@SpencerLN SpencerLN mentioned this issue Apr 2, 2021
Merged
6 tasks
@jsoriano jsoriano added the Team:Elastic-Agent Label for the Agent team label May 10, 2021
@elasticmachine
Copy link
Collaborator

Pinging @elastic/agent (Team:Agent)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label May 10, 2021
@elasticmachine
Copy link
Collaborator

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@ph ph removed the Team:Elastic-Agent Label for the Agent team label May 11, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@SpencerLN SpencerLN

Labels
enhancement Filebeat Filebeat
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Filebeat] Enable HMAC Signature Validation for http_endpoint input SpencerLN/beats
4 participants
@ph @jsoriano @SpencerLN @elasticmachine