logstash-filter-threats_classifier 1.0.4

data/spec/filters/utils_spec.rb

@@ -0,0 +1,74 @@
+require_relative '../spec_helper'
+require "logstash/event"
+require "logstash/filters/utils"
+
+describe LogStash::Filters::Empow::Utils do
+
+    describe "test internal tagging" do
+    	it "test error" do
+    		event = LogStash::Event.new("data" => "a b c")
+
+    		LogStash::Filters::Empow::Utils.add_error(event, "my_msg")
+
+            expect(event.get("empow_errors")).to contain_exactly("my_msg")
+    	end
+
+    	it "test warn" do
+    		event = LogStash::Event.new("data" => "a b c")
+
+    		LogStash::Filters::Empow::Utils.add_warn(event, "my_msg")
+
+            expect(event.get("empow_warnings")).to contain_exactly("my_msg")
+    	end
+    end
+#json = '{ "a": "True", "b": "true", "c": "1", "d": 1, "e": "False", "f": "0", "g": "TRUE" }'
+    describe "test is truthy" do
+        it "string TRUE" do
+            expect(LogStash::Filters::Empow::Utils.convert_to_boolean("TRUE")).to eq(true)
+        end
+
+        it "string true" do
+            expect(LogStash::Filters::Empow::Utils.convert_to_boolean("true")).to eq(true)
+        end
+
+        it "string 1" do
+            expect(LogStash::Filters::Empow::Utils.convert_to_boolean("1")).to eq(true)
+        end
+
+        it "string 11" do
+            expect(LogStash::Filters::Empow::Utils.convert_to_boolean("11")).to be_nil
+        end
+
+        it "string 0" do
+            expect(LogStash::Filters::Empow::Utils.convert_to_boolean('0')).to eq(false)
+        end
+
+        it "int 0" do
+            expect(LogStash::Filters::Empow::Utils.convert_to_boolean(0)).to eq(false)
+        end
+
+        it "int 1" do
+            expect(LogStash::Filters::Empow::Utils.convert_to_boolean(1)).to eq(true)
+        end
+
+        it "int 11" do
+            expect(LogStash::Filters::Empow::Utils.convert_to_boolean(11)).to be_nil
+        end
+
+        it "boolean true" do
+            expect(LogStash::Filters::Empow::Utils.convert_to_boolean(true)).to eq(true)
+        end
+
+        it "boolean false" do
+            expect(LogStash::Filters::Empow::Utils.convert_to_boolean(false)).to eq(false)
+        end
+
+        it "nil" do
+            expect(LogStash::Filters::Empow::Utils.convert_to_boolean(nil)).to be_nil
+        end
+
+        it "empty string" do
+            expect(LogStash::Filters::Empow::Utils.convert_to_boolean('')).to be_nil
+        end
+    end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,2 @@
+# encoding: utf-8
+require "logstash/devutils/rspec/spec_helper"

metadata

@@ -0,0 +1,256 @@
+--- !ruby/object:Gem::Specification
+name: logstash-filter-threats_classifier
+version: !ruby/object:Gem::Version
+  version: 1.0.4
+platform: ruby
+authors:
+- empow
+- Assaf Abulafia
+- Rami Cohen
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2019-05-01 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.60'
+    - - "<="
+      - !ruby/object:Gem::Version
+        version: '2.99'
+  name: logstash-core-plugin-api
+  prerelease: false
+  type: :runtime
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.60'
+    - - "<="
+      - !ruby/object:Gem::Version
+        version: '2.99'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.8.0
+  name: rest-client
+  prerelease: false
+  type: :runtime
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.8.0
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.1.0
+  name: lru_redux
+  prerelease: false
+  type: :runtime
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.1.0
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.8'
+  name: json
+  prerelease: false
+  type: :runtime
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.8'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  name: hashie
+  prerelease: false
+  type: :runtime
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3'
+  name: aws-sdk
+  prerelease: false
+  type: :development
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  name: logstash-devutils
+  prerelease: false
+  type: :development
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.7'
+  name: timecop
+  prerelease: false
+  type: :development
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.7'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.22'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.21.0
+  name: webmock
+  prerelease: false
+  type: :development
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.22'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.21.0
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  name: elasticsearch
+  prerelease: false
+  type: :development
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description:
+email: ''
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGELOG.md
+- CONTRIBUTORS
+- Gemfile
+- LICENSE
+- README.md
+- lib/logstash/filters/center-client.rb
+- lib/logstash/filters/classification-request.rb
+- lib/logstash/filters/classifier-cache.rb
+- lib/logstash/filters/classifier.rb
+- lib/logstash/filters/cognito-client.rb
+- lib/logstash/filters/elastic-db.rb
+- lib/logstash/filters/field-handler.rb
+- lib/logstash/filters/local-classifier.rb
+- lib/logstash/filters/plugin-logic.rb
+- lib/logstash/filters/response.rb
+- lib/logstash/filters/threats_classifier.rb
+- lib/logstash/filters/utils.rb
+- logstash-filter-threats_classifier.gemspec
+- spec/filters/bulk-processor_spec.rb
+- spec/filters/classifier-cache_spec.rb
+- spec/filters/classifier_spec.rb
+- spec/filters/cognito-client_spec.rb
+- spec/filters/field-handler_spec.rb
+- spec/filters/local-classifier_spec.rb
+- spec/filters/plugin-logic_spec.rb
+- spec/filters/threats-classifier_spec.rb
+- spec/filters/utils_spec.rb
+- spec/spec_helper.rb
+homepage: http://www.empow.co
+licenses:
+- Apache-2.0
+metadata:
+  logstash_plugin: 'true'
+  logstash_group: filter
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.6.13
+signing_key:
+specification_version: 4
+summary: Returns classification information for attacks from the empow classification
+  center, based on information in log strings
+test_files:
+- spec/filters/bulk-processor_spec.rb
+- spec/filters/classifier-cache_spec.rb
+- spec/filters/classifier_spec.rb
+- spec/filters/cognito-client_spec.rb
+- spec/filters/field-handler_spec.rb
+- spec/filters/local-classifier_spec.rb
+- spec/filters/plugin-logic_spec.rb
+- spec/filters/threats-classifier_spec.rb
+- spec/filters/utils_spec.rb
+- spec/spec_helper.rb