Custom HTTP Endpoint Log integration
<div class="condensed-table">
| | |
| --- | --- |
| Version | 2.3.0 (View all) |
| Compatible Kibana version(s) | 8.14.0 or higher |
| Supported Serverless project types
What’s this? | Security
Observability |
| Subscription level
What’s this? | Basic |
| Level of support
What’s this? | Elastic |
</div>
The custom HTTP Endpoint Log integration initializes a listening HTTP server that collects incoming HTTP POST requests containing a JSON body. The body must be either an object or an array of objects. Any other data types will result in an HTTP 400 (Bad Request) response. For arrays, one document is created for each object in the array.
These are the possible response codes from the server.
| HTTP Response Code | Name | Reason |
|---|---|---|
| 200 | OK | Returned on success. |
| 400 | Bad Request | Returned if JSON body decoding fails. |
| 401 | Unauthorized | Returned when basic auth, secret header, or HMAC validation fails. |
| 405 | Method Not Allowed | Returned if methods other than POST are used. |
| 406 | Not Acceptable | Returned if the POST request does not contain a body. |
| 415 | Unsupported Media Type | Returned if the Content-Type is not application/json. |
| 500 | Internal Server Error | Returned if an I/O error occurs reading the request. |
Custom ingest pipelines may be added by adding the name to the pipeline configuration option, creating custom ingest pipelines can be done either through the API or the Ingest Node Pipeline UI (use the global search field to search for "ingest pipelines").
**Changelog**
| Version | Details | Kibana version(s) |
|---|---|---|
| 2.3.0 | pass:[] Enhancement (View pull request) Make CEL program configuration available. |
8.14.0 or higher |
| 2.2.1 | pass:[] Bug fix (View pull request) Pass preserve_original_event state to input. |
8.14.0 or higher |
| 2.2.0 | pass:[] Enhancement (View pull request) ECS version updated to 8.11.0. Modified the field definitions to remove ECS fields made redundant by the ecs@mappings component template. |
8.14.0 or higher |
| 2.1.0 | pass:[] Enhancement (View pull request) Provide request tracing support. pass:[] Enhancement (View pull request) Added test for end-to-end ACK behaviour. pass:[] Bug fix (View pull request) Clarify supported HMAC header format. |
8.12.0 or higher |
| 2.0.0 | pass:[] Enhancement (View pull request) Converted package to input type. |
8.12.0 or higher |
| 1.16.0 | pass:[] Enhancement (View pull request) Allow user selection of HTTP method. |
8.12.0 or higher |
| 1.15.0 | pass:[] Enhancement (View pull request) Set sensitive values as secret. |
8.12.0 or higher |
| 1.14.1 | pass:[] Enhancement (View pull request) Changed owners |
7.16.0 or higher 8.0.0 or higher |
| 1.14.0 | pass:[] Enhancement (View pull request) ECS version updated to 8.11.0. |
7.16.0 or higher 8.0.0 or higher |
| 1.13.0 | pass:[] Enhancement (View pull request) ECS version updated to 8.10.0. |
7.16.0 or higher 8.0.0 or higher |
| 1.12.0 | pass:[] Enhancement (View pull request) The format_version in the package manifest changed from 2.11.0 to 3.0.0. Removed dotted YAML keys from package manifest. Added owner.type: elastic to package manifest. |
7.16.0 or higher 8.0.0 or higher |
| 1.11.0 | pass:[] Enhancement (View pull request) Add tags.yml file so that integration’s dashboards and saved searches are tagged with "Security Solution" and displayed in the Security Solution UI. |
7.16.0 or higher 8.0.0 or higher |
| 1.10.0 | pass:[] Enhancement (View pull request) Update package to ECS 8.9.0. |
7.16.0 or higher 8.0.0 or higher |
| 1.9.1 | pass:[] Bug fix (View pull request) Fix handling of include header config. |
7.16.0 or higher 8.0.0 or higher |
| 1.9.0 | pass:[] Enhancement (View pull request) Update package to ECS 8.8.0. |
7.16.0 or higher 8.0.0 or higher |
| 1.8.0 | pass:[] Enhancement (View pull request) Update package-spec version to 2.7.0. |
7.16.0 or higher 8.0.0 or higher |
| 1.7.0 | pass:[] Enhancement (View pull request) Update package to ECS 8.7.0. |
7.16.0 or higher 8.0.0 or higher |
| 1.6.1 | pass:[] Enhancement (View pull request) Added categories and/or subcategories. |
7.16.0 or higher 8.0.0 or higher |
| 1.6.0 | pass:[] Enhancement (View pull request) Update package to ECS 8.6.0. |
7.16.0 or higher 8.0.0 or higher |
| 1.5.0 | pass:[] Enhancement (View pull request) Added infrastructure category. |
7.16.0 or higher 8.0.0 or higher |
| 1.4.0 | pass:[] Enhancement (View pull request) Update package to ECS 8.5.0. |
7.16.0 or higher 8.0.0 or higher |
| 1.3.0 | pass:[] Enhancement (View pull request) Update package to ECS 8.4.0 |
7.16.0 or higher 8.0.0 or higher |
| 1.2.0 | pass:[] Enhancement (View pull request) Update package to ECS 8.3.0. |
7.16.0 or higher 8.0.0 or higher |
| 1.1.0 | pass:[] Enhancement (View pull request) Update ECS to 8.2 |
7.16.0 or higher 8.0.0 or higher |
| 1.0.1 | pass:[] Enhancement (View pull request) Update readme |
7.16.0 or higher 8.0.0 or higher |
| 1.0.0 | pass:[] Enhancement (View pull request) Initial Release |
— |