filebeat: add SSL options to checkpoint module (#19560)

* feat(firewall): add tls config * feat(firewall): add vars to manifest * chore(checkpoint): add tls to example * chore(checkpoint): run mage fmt update * cleanup(checkpoint): remove obsolete log_level * refactor(checkpoint): move to .ssl * chore(x-pack): revert ide fix * chore(changelog): add f5 asm ref * revert(changelog): remove f5 asm mod * chore(changelog): add checkpoint tls * chore: fix lint warnings * Undo some changes and move docs to checkpoint * Move changelog entry Co-authored-by: Marc Guasch <marc.guasch@elastic.co>
elastic · Oct 19, 2020 · e29c3fa · e29c3fa
1 parent b2d1929
commit e29c3fa
Show file tree

Hide file tree

Showing 5 changed files with 33 additions and 1 deletion.
diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
@@ -631,6 +631,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 - New juniper.srx dataset for Juniper SRX logs. {pull}20017[20017]
 - Adding support for Microsoft 365 Defender (Microsoft Threat Protection) {pull}21446[21446]
 - Adding support for FIPS in s3 input {pull}21446[21446]
+- Add SSL option to checkpoint module {pull}19560[19560]
 
 *Heartbeat*
 

diff --git a/filebeat/docs/modules/checkpoint.asciidoc b/filebeat/docs/modules/checkpoint.asciidoc
@@ -70,6 +70,18 @@ A list of tags to include in events. Including `forwarded` indicates that the
 events did not originate on this host and causes `host.name` to not be added to
 events. Defaults to `[checkpoint-firewall, forwarded]`.
 
+*`var.ssl`*::
+
+The SSL/TLS configuration for the filebeat instance. This can be used to enforce mutual TLS.
+```yaml
+ssl:
+  enabled: true
+  certificate_authorities: ["my-ca.pem"]
+  certificate: "filebeat-cert.pem"
+  key: "filebeat-key.pem"
+  client_authentication: "required"
+```
+
 [float]
 ==== Check Point devices
 

diff --git a/x-pack/filebeat/module/checkpoint/_meta/docs.asciidoc b/x-pack/filebeat/module/checkpoint/_meta/docs.asciidoc
@@ -65,6 +65,18 @@ A list of tags to include in events. Including `forwarded` indicates that the
 events did not originate on this host and causes `host.name` to not be added to
 events. Defaults to `[checkpoint-firewall, forwarded]`.
 
+*`var.ssl`*::
+
+The SSL/TLS configuration for the filebeat instance. This can be used to enforce mutual TLS.
+```yaml
+ssl:
+  enabled: true
+  certificate_authorities: ["my-ca.pem"]
+  certificate: "filebeat-cert.pem"
+  key: "filebeat-key.pem"
+  client_authentication: "required"
+```
+
 [float]
 ==== Check Point devices
 

diff --git a/x-pack/filebeat/module/checkpoint/firewall/config/firewall.yml b/x-pack/filebeat/module/checkpoint/firewall/config/firewall.yml
@@ -1,4 +1,10 @@
-{{ if eq .input "syslog" }}
+{{ if .ssl }}
+
+type: tcp
+host: "{{.syslog_host}}:{{.syslog_port}}"
+ssl: {{ .ssl | tojson }}
+
+{{ else if eq .input "syslog" }}
 
 type: udp
 host: "{{.syslog_host}}:{{.syslog_port}}"

diff --git a/x-pack/filebeat/module/checkpoint/firewall/manifest.yml b/x-pack/filebeat/module/checkpoint/firewall/manifest.yml
@@ -9,6 +9,7 @@ var:
     default: 9001
   - name: input
     default: syslog
+  - name: ssl
 
 ingest_pipeline:
   - ingest/pipeline.yml