[Ti_AbuseCH] - Added support for optional "Auth Key" request header across all data streams

[ShourieG]

Type of change

• Enhancement

Proposed commit message

Added support for optional "Auth Key" request header across all data streams

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.
• I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

• [ ]

How to test this PR locally

Related issues

• Closes [AbuseCH]: Add Auth-Key field #13237

Screenshots

[elasticmachine]

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

[elastic-vault-github-plugin-prod]

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

[efd6]

Suggested change

	As of February 2025, AbuseCH recommends using an optional `Auth Key` (API Key) in the requests to avoid rate limiting issues.
	More details on this topic can be found [here](https://abuse.ch/blog/community-first/). As of version 2.7.0, we have added an optional `Auth Key`
	configuration option that can be used to avoid rate limiting.
	From February 2025, AbuseCH recommends using an optional `Auth Key` (API Key) in the requests to avoid rate limiting issues.
	More details on this topic can be found [here](https://abuse.ch/blog/community-first/). In version 2.7.0, we have added an optional `Auth Key`
	configuration option that can be used to avoid rate limiting.

[efd6]

Suggested change

	state:
	auth_key: {{auth_key}}
	{{#if auth_key}}
	state:
	auth_key: {{auth_key}}
	{{/if}}

[efd6]

Suggested change

	?"Auth-Key": has(state.auth_key) && !(state.auth_key == "") ?
	optional.of([state.auth_key])
	:
	optional.none(),
	?"Auth-Key": has(state.auth_key) ?
	optional.of([state.auth_key])
	:
	optional.none(),

or

Suggested change

	?"Auth-Key": has(state.auth_key) && !(state.auth_key == "") ?
	optional.of([state.auth_key])
	:
	optional.none(),
	?"Auth-Key": state.auth_key.optMap(k, [k]),

[efd6]

Same comments in the other data streams.

[ShourieG]

@efd6, addressed all the suggestions

[ShourieG]

@efd6, if all looks good can you approve ?

[CameronVIE]

Hi everyone!
Thank you for your efforts – we really appreciate it!
Would it be possible to get the new integration files to replace the 2.6.0 ones?
Thanks a lot!
Cere

[ShourieG]

Hi everyone! Thank you for your efforts – we really appreciate it! Would it be possible to get the new integration files to replace the 2.6.0 ones? Thanks a lot! Cere

Hi @CameronVIE, once the 2.8.0 update is out, you will be able to seamlessly upgrade. Could you clarify a bit on the part where you said Would it be possible to get the new integration files to replace the 2.6.0 ones ? Do you want to manually replace the 2.6.0 integration with the updated ones or something like that ?

[CameronVIE]

Hi @CameronVIE, once the 2.8.0 update is out, you will be able to seamlessly upgrade. Could you clarify a bit on the part where you said Would it be possible to get the new integration files to replace the 2.6.0 ones ? Do you want to manually replace the 2.6.0 integration with the updated ones or something like that ?

Hi ShourieG!
Yes, exactly! 😊 I was just wondering if it might be possible to manually replace the 2.6.0 integration files with the updated ones ahead of the official 2.8.0 release. Just wanted to check if that's something that could work.

[ShourieG]

Hi everyone! Thank you for your efforts – we really appreciate it! Would it be possible to get the new integration files to replace the 2.6.0 ones? Thanks a lot! Cere

Hi @CameronVIE, once the 2.8.0 update is out, you will be able to seamlessly upgrade. Could you clarify a bit on the part where you said Would it be possible to get the new integration files to replace the 2.6.0 ones ? Do you want to manually replace the 2.6.0 integration with the updated ones or something like that ?

Hi ShourieG! Yes, exactly! 😊 I was just wondering if it might be possible to manually replace the 2.6.0 integration files with the updated ones ahead of the official 2.8.0 release. Just wanted to check if that's something that could work.

You could try it, but there's a high possibility it might break the natural upgrade process, at that point you would have to revert for the upgrade to work. However if you are running a local stack by having cloned the integrations repo it would be straight forward to revert and upgrade.

[CameronVIE]

You could try it, but there's a high possibility it might break the natural upgrade process, at that point you would have to revert for the upgrade to work. However if you are running a local stack by having cloned the integrations repo it would be straight forward to revert and upgrade.

Yes, that’s exactly what I had in mind – especially since there’s no fixed date for the 2.8.0 release yet 😅
But totally get your point – I’ll be careful not to break anything (famous last words, I know 😄).
Thanks for the heads-up!

[ShourieG]

Hi everyone! Thank you for your efforts – we really appreciate it! Would it be possible to get the new integration files to replace the 2.6.0 ones? Thanks a lot! Cere

Hi @CameronVIE, once the 2.8.0 update is out, you will be able to seamlessly upgrade. Could you clarify a bit on the part where you said Would it be possible to get the new integration files to replace the 2.6.0 ones ? Do you want to manually replace the 2.6.0 integration with the updated ones or something like that ?

Hi ShourieG! Yes, exactly! 😊 I was just wondering if it might be possible to manually replace the 2.6.0 integration files with the updated ones ahead of the official 2.8.0 release. Just wanted to check if that's something that could work.

You could try it, but there's a high possibility it might break the natural upgrade process, at that point you would have to revert for the upgrade to work. However if you are running a local stack by having cloned the integrations repo it would be straight forward to revert and upgrade.

Yes, that’s exactly what I had in mind – especially since there’s no fixed date for the 2.8.0 release yet 😅 But totally get your point – I’ll be careful not to break anything (famous last words, I know 😄). Thanks for the heads-up!

So 2.8.0 will be published quite soon after the PR is merged mostly within an hour or so, which can be either tomorrow or the day after, as soon as it's approved. The bigger issue is that you have to wait for 8.18 for the upgrade to show up which is not yet released. So the manual replacement is worth a try >_< . Hope it works out :).

[CameronVIE]

So 2.8.0 will be published quite soon after the PR is merged mostly within an hour or so, which can be either tomorrow or the day after, as soon as it's approved. The bigger issue is that you have to wait for 8.18 for the upgrade to show up which is not yet released. So the manual replacement is worth a try >_< . Hope it works out :).

Think I’ll give it a try! I’ll share an update here once I’ve tested it – fingers crossed 🤞😊

[efd6]

Nits only, then LGTM

[efd6]

Suggested change

	"message": "POST:"+(
	"message": "POST "+state.url+": "+(

[efd6]

Suggested change

	bytes(resp.Body).decode_json().as(body, body.?query_status.orValue("") == "ok" ?
	bytes(resp.Body).decode_json().as(body, body.?query_status == optional.of("ok") ?

[efd6]

Suggested change

	: body.?query_status.orValue("") == "no_results" ?
	: body.?query_status == optional.of("no_results") ?

mainly doing this because we're otherwise potentially doing orValue twice.

[elastic-sonarqube]

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

[elasticmachine]

💚 Build Succeeded

• Buildkite Build
• Commit: f270808

History

• 💚 Build #23746 succeeded 996113e
• 💚 Build #23741 succeeded 99a83cc

cc @ShourieG

[elastic-vault-github-plugin-prod]

Package ti_abusech - 2.8.0 containing this change is available at https://epr.elastic.co/package/ti_abusech/2.8.0/

[ShourieG]

Hey @CameronVIE, We just recently released these changes as a back-port in version 2.6.1 which is now available, merged in this PR. This means there's no need to wait for 8.18.