logstash-filter-greynoise 0.1.4 → 0.1.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -1
- data/README.md +1 -1
- data/lib/logstash/filters/greynoise.rb +3 -1
- data/logstash-filter-greynoise.gemspec +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2e2c91206c1dad50237898f1b3c001bed7003262e429a6681c84d57cc71ab4f9
|
|
4
|
+
data.tar.gz: b257152bd4e2bad9192026b5c7ab8a8fb72788182c775aadb32b0a15929c7e0d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: aad9d6870cbb48d2233e560eb8b331d92440cd4fef1d08c2a783fd6e75a7221d694f1e91fed7282fd8916ae8d0885efa9fce65aa355b389834596e9e37882c91
|
|
7
|
+
data.tar.gz: e176f3b484088a02db77786438f420b418d3d19351aa01ef2679e05778b58522ee683cc46766e0f3b5fe8dd57db33a9e7588a427b652f028c0ee87527ca49d21
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# Logstash
|
|
1
|
+
# Logstash Greynoise Filter
|
|
2
2
|
This is a filter plugin for [Logstash](https://github.com/elastic/logstash).
|
|
3
3
|
|
|
4
4
|
It is fully free and fully open source. The license is Apache 2.0, meaning you are pretty much free to use it however you want in whatever way.
|
|
@@ -25,7 +25,7 @@ class LogStash::Filters::Greynoise < LogStash::Filters::Base
|
|
|
25
25
|
# Replace the message with this value.
|
|
26
26
|
|
|
27
27
|
config :ip, :validate => :string, :required => true
|
|
28
|
-
config :key, :validate => :string, :
|
|
28
|
+
config :key, :validate => :string, :default => ""
|
|
29
29
|
config :target, :validate => :string, :default => "greynoise"
|
|
30
30
|
|
|
31
31
|
|
|
@@ -37,11 +37,13 @@ class LogStash::Filters::Greynoise < LogStash::Filters::Base
|
|
|
37
37
|
public
|
|
38
38
|
def filter(event)
|
|
39
39
|
|
|
40
|
+
# check if api key exists and has len of 25 or more to prevent forbidden response
|
|
40
41
|
if @key.length >= 25
|
|
41
42
|
url = "https://enterprise.api.greynoise.io/v2/noise/context/" + event.sprintf(ip)
|
|
42
43
|
uri = URI.parse(URI.encode(url.strip))
|
|
43
44
|
|
|
44
45
|
response = Faraday.get(uri, nil, 'User-Agent' => 'logstash-filter-greynoise', Key: event.sprintf(key))
|
|
46
|
+
# if no key then use alpha(free) api
|
|
45
47
|
else
|
|
46
48
|
url = "https://api.greynoise.io/v1/query/ip"
|
|
47
49
|
response = Faraday.post url, { :ip => event.sprintf(ip) }, 'User-Agent' => 'logstash-filter-greynoise'
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
s.name = 'logstash-filter-greynoise'
|
|
3
|
-
s.version = '0.1.
|
|
3
|
+
s.version = '0.1.5'
|
|
4
4
|
s.licenses = ['Apache-2.0']
|
|
5
5
|
s.summary = 'This greynoise filter takes contents in the ip field and returns greynoise api data (see https://greynoise.io/ for more info).'
|
|
6
6
|
s.description = 'This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install logstash-filter-greynoise. This gem is not a stand-alone program'
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-filter-greynoise
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- nsherron90
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-05-
|
|
11
|
+
date: 2019-05-14 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|