The threatintel module for filebeat currently does not support auth tokens for abuse.ch filesets #46995
Description
Describe the enhancement:
The threatintel module for filebeat currently does not support auth tokens for abuse.ch filesets.
abuseurl
abusemalware
malwarebazaar
Need to be able to provide an abuse.ch "Auth-Key" for each fileset.
The authentication requirement began being enforced as of June 30, 2025. https://abuse.ch/blog/community-first/
Describe a specific use case for the enhancement or feature:
Without being able to supply an auth token, requests to the abuse.ch api fail with a 401, for example
2025-10-05T05:13:13.741Z ERROR [input.httpjson-stateless] v2/input.go:115 Error while processing http request: failed to execute http client.Do: server responded with status code 401: {"error": "Unauthorized"} {"id": "CDE33E6174A3C79D", "input_url": "https://urlhaus-api.abuse.ch/v1/payloads/recent/"}
2025-10-05T05:13:13.757Z ERROR [input.httpjson-stateless] v2/input.go:115 Error while processing http request: failed to execute http client.Do: server responded with status code 401: {"error": "Unauthorized"} {"id": "DE1CBEABE3FECCB3", "input_url": "https://mb-api.abuse.ch/api/v1/"}
2025-10-05T05:13:13.811Z ERROR [input.httpjson-stateless] v2/input.go:115 Error while processing http request: failed to execute http client.Do: server responded with status code 401: {"error": "Unauthorized"} {"id": "75F735526439EBCE", "input_url": "https://urlhaus-api.abuse.ch/v1/urls/recent/"}