ti_misp: add toggle to enable request tracing (#5965)

Add an advanced option to enable http request trace logging for
debugging purposes.

Bump kibana constraint to 8.5.0 which is when the request
tracer feature was introduced to Agent.

Author: efd6

packages/ti_misp/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.13.0"
+  changes:
+    - description: Add toggle to enable request tracing.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/5965
 - version: "1.12.1"
   changes:
     - description: Harmonise distribution fields to type long.

packages/ti_misp/data_stream/threat/agent/stream/httpjson.yml.hbs

@@ -2,6 +2,9 @@ config_version: "2"
 interval: {{interval}}
 request.method: "POST"
 
+{{#if enable_request_tracer}}
+request.tracer.filename: http-request-trace-httpjson-ti_misp-threat.ndjson
+{{/if}}
 {{#if url}}
 request.url: {{url}}/events/restSearch
 {{/if}}

packages/ti_misp/data_stream/threat/manifest.yml

@@ -95,6 +95,16 @@ streams:
         show_user: false
         description: >
           Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.
+      - name: enable_request_tracer
+        type: bool
+        title: Enable request tracing
+        multi: false
+        required: false
+        show_user: false
+        description: >
+          The request tracer logs requests and responses to the agent's local file-system for debugging configurations.
+          Enabling this request tracing compromises security and should only be used for debugging.
+          See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-httpjson.html#_request_tracer_filename) for details.
 
     template_path: httpjson.yml.hbs
     title: MISP

packages/ti_misp/data_stream/threat_attributes/agent/stream/httpjson.yml.hbs

@@ -2,6 +2,9 @@ config_version: "2"
 interval: {{interval}}
 request.method: "POST"
 
+{{#if enable_request_tracer}}
+request.tracer.filename: http-request-trace-httpjson-ti_misp-threat_attributes.ndjson
+{{/if}}
 {{#if url}}
 request.url: {{url}}/attributes/restSearch
 {{/if}}

packages/ti_misp/data_stream/threat_attributes/manifest.yml

@@ -95,6 +95,16 @@ streams:
         show_user: false
         description: >
           Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.
+      - name: enable_request_tracer
+        type: bool
+        title: Enable request tracing
+        multi: false
+        required: false
+        show_user: false
+        description: >
+          The request tracer logs requests and responses to the agent's local file-system for debugging configurations.
+          Enabling this request tracing compromises security and should only be used for debugging.
+          See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-httpjson.html#_request_tracer_filename) for details.
 
     template_path: httpjson.yml.hbs
     title: MISP

packages/ti_misp/manifest.yml

@@ -1,14 +1,14 @@
 name: ti_misp
 title: MISP
-version: "1.12.1"
+version: "1.13.0"
 release: ga
 description: Ingest threat intelligence indicators from MISP platform with Elastic Agent.
 type: integration
 format_version: 1.0.0
 license: basic
 categories: ["security", "threat_intel"]
 conditions:
-  kibana.version: ^8.0.0
+  kibana.version: ^8.5.0
 icons:
   - src: /img/misp.svg
     title: MISP