elastic · kcreddy · Feb 23, 2023 · Feb 13, 2023
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.7.0"
+  changes:
+    - description: Add support for Advanced security level
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/5244
 - version: "1.6.0"
   changes:
     - description: Update package to ECS 8.6.0.

@@ -19,9 +19,21 @@ request.rate_limit:
   remaining: '[[.last_response.header.Get "X-Rate-Limit-Remaining"]]'
   reset: '[[(parseDate (.last_response.header.Get "X-Rate-Limit-Reset")).Unix]]'
 request.transforms:
+{{#if advanced_sec_level }}
+- set:
+    target: header.x-xdr-timestamp
+    value: '[[ mul (add (now (parseDuration "-0s")).Unix) 1000 ]]'
+- set:
+    target: header.x-xdr-nonce
+    value: '[[ hash "sha256" uuid ]]'
+- set:
+    target: header.Authorization
+    value: '[[ hash "sha256" "{{api_token}}" (.header.Get "x-xdr-nonce") (.header.Get "x-xdr-timestamp") ]]'
+{{else}}
 - set:
     target: header.Authorization
     value: {{api_token}}
+{{/if}}
 - set:
     target: header.x-xdr-auth-id
     value: {{token_id}}

@@ -26,6 +26,14 @@ streams:
         show_user: true
         default: 1
         description: The token ID related to the above API token
+      - name: advanced_sec_level
+        type: bool
+        title: Advanced security level
+        multi: false
+        required: false
+        show_user: true
+        description: Whether the API tokeny was issued with an 'Advanced' security level.
+        default: false
       - name: request_timeout
         type: text
         title: HTTP Client Timeout

@@ -1,6 +1,6 @@
 name: panw_cortex_xdr
 title: Palo Alto Cortex XDR
-version: "1.6.0"
+version: 1.7.0
 release: ga
 description: Collect logs from Palo Alto Cortex XDR with Elastic Agent.
 type: integration