logstash-filter-virustotal 0.1.2 → 0.1.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/logstash/filters/virustotal.rb +13 -4
  3. data/logstash-filter-virustotal.gemspec +1 -1
  4. metadata +26 -24
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 5c7d554b9fcd4f6f4b101702b2290861e4a3ef45
4
- data.tar.gz: d7bd4ef5214b25ad168a3f99f84f518921babac3
3
+ metadata.gz: baa784c7b947541a46916511c86a4d2cb44b0b48
4
+ data.tar.gz: a7536e4a9c47c4d988559245e31e2d354e1a929c
5
5
  SHA512:
6
- metadata.gz: 7a19b7b82ea169a2a5ee9f89c5b619a445d6c28a7af3a1fe2bb51a871e9892e08978f12333a94503cab5df1a90f044eee60d65b5c5751fa8bbd2c30aff15ebd4
7
- data.tar.gz: e38b330dab8deb515cbf750b6281fc23255d7ad3455b55b7b80766981a7278e8bc68c25e09215af4b9754906aead07b104ad197a4508003f84bb6baa5816f187
6
+ metadata.gz: 4763b679b68bef768352ec51d44d091d0bc5f798a1ca5aae9553305e4f27645b3a7118c0a5c4a0045f14c7add09dc59028d351ca368241878f8b900c62d96f51
7
+ data.tar.gz: 183b1c7d56aeb1ec6b87cc51704e6d0dbbe8c24c2d6dd8e83584860954210c0a24bdf3eb9c3d52fd9fe51cd054595cab519dfe5d7e47f7fa272e81d0725aaf69
data/lib/logstash/filters/virustotal.rb CHANGED
@@ -40,20 +40,29 @@ class LogStash::Filters::VirusTotal < LogStash::Filters::Base
40
40
  url = "/vtapi/v2/file/report"
41
41
  elsif @lookup_type == "url"
42
42
  url = "/vtapi/v2/url/report"
43
+ elsif @lookup_type == "ip"
44
+ url = "/vtapi/v2/ip-address/report"
43
45
  end
44
46
 
45
47
  connection = Faraday.new baseurl
46
48
  begin
47
49
  response = connection.get url do |req|
50
+ if @lookup_type == "ip"
51
+ req.params[:ip] = event[@field]
52
+ else
53
+ req.params[:resource] = event[@field]
54
+ end
48
55
  req.params[:resource] = event[@field]
49
56
  req.params[:apikey] = @apikey
50
57
  req.options.timeout = @timeout
51
58
  req.options.open_timeout = @timeout
52
59
  end
53
- result = JSON.parse(response.body)
54
- event[@target] = result
55
- # filter_matched should go in the last line of our successful code
56
- filter_matched(event)
60
+ if response.body.length > 2
61
+ result = JSON.parse(response.body)
62
+ event[@target] = result
63
+ # filter_matched should go in the last line of our successful code
64
+ filter_matched(event)
65
+ end
57
66
 
58
67
  rescue Faraday::TimeoutError
59
68
  @logger.error("Timeout trying to contact virustotal")
data/logstash-filter-virustotal.gemspec CHANGED
@@ -1,6 +1,6 @@
1
1
  Gem::Specification.new do |s|
2
2
  s.name = 'logstash-filter-virustotal'
3
- s.version = '0.1.2'
3
+ s.version = '0.1.3'
4
4
  s.licenses = ['Apache License (2.0)']
5
5
  s.summary = "This filter queries the Virustotal API"
6
6
  s.description = "This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program"
metadata CHANGED
@@ -1,50 +1,52 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-filter-virustotal
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.2
4
+ version: 0.1.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - CoolAcid
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-08-14 00:00:00.000000000 Z
11
+ date: 2015-12-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: logstash-core
15
- version_requirements: !ruby/object:Gem::Requirement
15
+ requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
- - - '>='
17
+ - - ">="
18
18
  - !ruby/object:Gem::Version
19
19
  version: 1.4.0
20
- - - <
20
+ - - "<"
21
21
  - !ruby/object:Gem::Version
22
22
  version: 2.0.0
23
- requirement: !ruby/object:Gem::Requirement
23
+ type: :runtime
24
+ prerelease: false
25
+ version_requirements: !ruby/object:Gem::Requirement
24
26
  requirements:
25
- - - '>='
27
+ - - ">="
26
28
  - !ruby/object:Gem::Version
27
29
  version: 1.4.0
28
- - - <
30
+ - - "<"
29
31
  - !ruby/object:Gem::Version
30
32
  version: 2.0.0
31
- prerelease: false
32
- type: :runtime
33
33
  - !ruby/object:Gem::Dependency
34
34
  name: logstash-devutils
35
- version_requirements: !ruby/object:Gem::Requirement
35
+ requirement: !ruby/object:Gem::Requirement
36
36
  requirements:
37
- - - '>='
37
+ - - ">="
38
38
  - !ruby/object:Gem::Version
39
39
  version: '0'
40
- requirement: !ruby/object:Gem::Requirement
40
+ type: :development
41
+ prerelease: false
42
+ version_requirements: !ruby/object:Gem::Requirement
41
43
  requirements:
42
- - - '>='
44
+ - - ">="
43
45
  - !ruby/object:Gem::Version
44
46
  version: '0'
45
- prerelease: false
46
- type: :development
47
- description: This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program
47
+ description: This gem is a logstash plugin required to be installed on top of the
48
+ Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not
49
+ a stand-alone program
48
50
  email: jakendall@gmail.com
49
51
  executables: []
50
52
  extensions: []
@@ -64,24 +66,24 @@ licenses:
64
66
  metadata:
65
67
  logstash_plugin: 'true'
66
68
  logstash_group: filter
67
- post_install_message:
69
+ post_install_message:
68
70
  rdoc_options: []
69
71
  require_paths:
70
72
  - lib
71
73
  required_ruby_version: !ruby/object:Gem::Requirement
72
74
  requirements:
73
- - - '>='
75
+ - - ">="
74
76
  - !ruby/object:Gem::Version
75
77
  version: '0'
76
78
  required_rubygems_version: !ruby/object:Gem::Requirement
77
79
  requirements:
78
- - - '>='
80
+ - - ">="
79
81
  - !ruby/object:Gem::Version
80
82
  version: '0'
81
83
  requirements: []
82
- rubyforge_project:
83
- rubygems_version: 2.1.9
84
- signing_key:
84
+ rubyforge_project:
85
+ rubygems_version: 2.2.2
86
+ signing_key:
85
87
  specification_version: 4
86
88
  summary: This filter queries the Virustotal API
87
89
  test_files: