logstash-filter-greynoise 0.1.6 → 0.1.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +1 -1
- data/lib/logstash/filters/greynoise.rb +32 -10
- data/logstash-filter-greynoise.gemspec +1 -2
- metadata +2 -16
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a71aad2c5c6984ec9021757f07fb9df22117fad154368a65916673602e76b286
|
|
4
|
+
data.tar.gz: e29ffb288550c1dae21245d3b22d00bf3149090923bacd4285054bf3aea24aa0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 5a7970993a6c48f376508e61722f4668cac2b2e614dc359a4aa1bc2903f5efde5150f7bc7ed348260f6d93da751815aea6e015f5c2c3390cea52f147430e5702
|
|
7
|
+
data.tar.gz: 773319bb84fb3857b2183177a309a2e6853f399f54228127328e262b1858ab5a2743ec734f43efdd79b5a3905ce2d947d2dcd5fcf94e2db68bc6645d70234c7a
|
data/README.md
CHANGED
|
@@ -22,7 +22,7 @@ Or you can build it yourself:
|
|
|
22
22
|
git clone https://github.com/nicksherron/logstash-filter-greynoise.git
|
|
23
23
|
bundle install
|
|
24
24
|
gem build logstash-filter-greynoise.gemspec
|
|
25
|
-
$LS_HOME/bin/logstash-plugin install logstash-filter-greynoise-0.1.
|
|
25
|
+
$LS_HOME/bin/logstash-plugin install logstash-filter-greynoise-0.1.7.gem
|
|
26
26
|
```
|
|
27
27
|
|
|
28
28
|
### 2. Filter Configuration
|
|
@@ -2,7 +2,6 @@
|
|
|
2
2
|
require 'logstash/filters/base'
|
|
3
3
|
require "json"
|
|
4
4
|
require "logstash/namespace"
|
|
5
|
-
require "faraday"
|
|
6
5
|
require "ipaddr"
|
|
7
6
|
require "lru_redux"
|
|
8
7
|
|
|
@@ -49,27 +48,48 @@ class LogStash::Filters::Greynoise < LogStash::Filters::Base
|
|
|
49
48
|
@hit_cache = LruRedux::TTL::ThreadSafeCache.new(@hit_cache_size, @hit_cache_ttl)
|
|
50
49
|
end
|
|
51
50
|
|
|
52
|
-
end
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
# def register
|
|
53
54
|
|
|
54
55
|
private
|
|
55
56
|
|
|
56
57
|
def get_free(target_ip)
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
58
|
+
|
|
59
|
+
uri = URI.parse("http://api.greynoise.io/v1/query/ip")
|
|
60
|
+
request = Net::HTTP::Post.new(uri)
|
|
61
|
+
request.set_form_data(
|
|
62
|
+
"ip" => target_ip,
|
|
63
|
+
)
|
|
64
|
+
|
|
65
|
+
req_options = {
|
|
66
|
+
use_ssl: uri.scheme == "https",
|
|
67
|
+
}
|
|
68
|
+
response = Net::HTTP.start(uri.hostname, uri.port, req_options) do |http|
|
|
69
|
+
http.request(request)
|
|
70
|
+
end
|
|
71
|
+
if response.is_a?(Net::HTTPSuccess)
|
|
60
72
|
JSON.parse(response.body)
|
|
61
73
|
else
|
|
62
74
|
nil
|
|
63
75
|
end
|
|
64
76
|
end
|
|
65
77
|
|
|
78
|
+
|
|
66
79
|
private
|
|
67
80
|
|
|
68
81
|
def get_enterprise(target_ip, api_key)
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
82
|
+
uri = URI.parse("https://enterprise.api.greynoise.io/v2/noise/context/" + target_ip)
|
|
83
|
+
request = Net::HTTP::Get.new(uri)
|
|
84
|
+
request["Key"] = api_key
|
|
85
|
+
request["User-Agent"] = "logstash-filter-greynoise"
|
|
86
|
+
req_options = {
|
|
87
|
+
use_ssl: uri.scheme == "https",
|
|
88
|
+
}
|
|
89
|
+
response = Net::HTTP.start(uri.hostname, uri.port, req_options) do |http|
|
|
90
|
+
http.request(request)
|
|
91
|
+
end
|
|
92
|
+
if response.is_a?(Net::HTTPSuccess)
|
|
73
93
|
JSON.parse(response.body)
|
|
74
94
|
else
|
|
75
95
|
nil
|
|
@@ -123,6 +143,8 @@ class LogStash::Filters::Greynoise < LogStash::Filters::Base
|
|
|
123
143
|
end
|
|
124
144
|
end
|
|
125
145
|
end
|
|
126
|
-
end
|
|
146
|
+
end
|
|
147
|
+
|
|
148
|
+
# def filter
|
|
127
149
|
end # def LogStash::Filters::Greynoise
|
|
128
150
|
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
s.name = 'logstash-filter-greynoise'
|
|
3
|
-
s.version = '0.1.
|
|
3
|
+
s.version = '0.1.7'
|
|
4
4
|
s.licenses = ['Apache-2.0']
|
|
5
5
|
s.summary = 'This greynoise filter takes contents in the ip field and returns greynoise api data (see https://greynoise.io/ for more info).'
|
|
6
6
|
s.description = 'This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install logstash-filter-greynoise. This gem is not a stand-alone program'
|
|
@@ -20,7 +20,6 @@ Gem::Specification.new do |s|
|
|
|
20
20
|
# Gem dependencies
|
|
21
21
|
s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
|
|
22
22
|
s.add_development_dependency 'logstash-devutils'
|
|
23
|
-
s.add_runtime_dependency 'faraday', '= 0.17.1'
|
|
24
23
|
s.add_runtime_dependency 'lru_redux', "~> 1.1.0"
|
|
25
24
|
|
|
26
25
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-filter-greynoise
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.7
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- nsherron90
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-05-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -44,20 +44,6 @@ dependencies:
|
|
|
44
44
|
- - ">="
|
|
45
45
|
- !ruby/object:Gem::Version
|
|
46
46
|
version: '0'
|
|
47
|
-
- !ruby/object:Gem::Dependency
|
|
48
|
-
requirement: !ruby/object:Gem::Requirement
|
|
49
|
-
requirements:
|
|
50
|
-
- - '='
|
|
51
|
-
- !ruby/object:Gem::Version
|
|
52
|
-
version: 0.17.1
|
|
53
|
-
name: faraday
|
|
54
|
-
prerelease: false
|
|
55
|
-
type: :runtime
|
|
56
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
57
|
-
requirements:
|
|
58
|
-
- - '='
|
|
59
|
-
- !ruby/object:Gem::Version
|
|
60
|
-
version: 0.17.1
|
|
61
47
|
- !ruby/object:Gem::Dependency
|
|
62
48
|
requirement: !ruby/object:Gem::Requirement
|
|
63
49
|
requirements:
|