logstash-filter-virustotal 0.1.2 → 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/logstash/filters/virustotal.rb +13 -4
- data/logstash-filter-virustotal.gemspec +1 -1
- metadata +26 -24
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: baa784c7b947541a46916511c86a4d2cb44b0b48
|
|
4
|
+
data.tar.gz: a7536e4a9c47c4d988559245e31e2d354e1a929c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4763b679b68bef768352ec51d44d091d0bc5f798a1ca5aae9553305e4f27645b3a7118c0a5c4a0045f14c7add09dc59028d351ca368241878f8b900c62d96f51
|
|
7
|
+
data.tar.gz: 183b1c7d56aeb1ec6b87cc51704e6d0dbbe8c24c2d6dd8e83584860954210c0a24bdf3eb9c3d52fd9fe51cd054595cab519dfe5d7e47f7fa272e81d0725aaf69
|
|
@@ -40,20 +40,29 @@ class LogStash::Filters::VirusTotal < LogStash::Filters::Base
|
|
|
40
40
|
url = "/vtapi/v2/file/report"
|
|
41
41
|
elsif @lookup_type == "url"
|
|
42
42
|
url = "/vtapi/v2/url/report"
|
|
43
|
+
elsif @lookup_type == "ip"
|
|
44
|
+
url = "/vtapi/v2/ip-address/report"
|
|
43
45
|
end
|
|
44
46
|
|
|
45
47
|
connection = Faraday.new baseurl
|
|
46
48
|
begin
|
|
47
49
|
response = connection.get url do |req|
|
|
50
|
+
if @lookup_type == "ip"
|
|
51
|
+
req.params[:ip] = event[@field]
|
|
52
|
+
else
|
|
53
|
+
req.params[:resource] = event[@field]
|
|
54
|
+
end
|
|
48
55
|
req.params[:resource] = event[@field]
|
|
49
56
|
req.params[:apikey] = @apikey
|
|
50
57
|
req.options.timeout = @timeout
|
|
51
58
|
req.options.open_timeout = @timeout
|
|
52
59
|
end
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
60
|
+
if response.body.length > 2
|
|
61
|
+
result = JSON.parse(response.body)
|
|
62
|
+
event[@target] = result
|
|
63
|
+
# filter_matched should go in the last line of our successful code
|
|
64
|
+
filter_matched(event)
|
|
65
|
+
end
|
|
57
66
|
|
|
58
67
|
rescue Faraday::TimeoutError
|
|
59
68
|
@logger.error("Timeout trying to contact virustotal")
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
s.name = 'logstash-filter-virustotal'
|
|
3
|
-
s.version = '0.1.
|
|
3
|
+
s.version = '0.1.3'
|
|
4
4
|
s.licenses = ['Apache License (2.0)']
|
|
5
5
|
s.summary = "This filter queries the Virustotal API"
|
|
6
6
|
s.description = "This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program"
|
metadata
CHANGED
|
@@ -1,50 +1,52 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-filter-virustotal
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- CoolAcid
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-
|
|
11
|
+
date: 2015-12-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: logstash-core
|
|
15
|
-
|
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
|
-
- -
|
|
17
|
+
- - ">="
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
19
|
version: 1.4.0
|
|
20
|
-
- - <
|
|
20
|
+
- - "<"
|
|
21
21
|
- !ruby/object:Gem::Version
|
|
22
22
|
version: 2.0.0
|
|
23
|
-
|
|
23
|
+
type: :runtime
|
|
24
|
+
prerelease: false
|
|
25
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
24
26
|
requirements:
|
|
25
|
-
- -
|
|
27
|
+
- - ">="
|
|
26
28
|
- !ruby/object:Gem::Version
|
|
27
29
|
version: 1.4.0
|
|
28
|
-
- - <
|
|
30
|
+
- - "<"
|
|
29
31
|
- !ruby/object:Gem::Version
|
|
30
32
|
version: 2.0.0
|
|
31
|
-
prerelease: false
|
|
32
|
-
type: :runtime
|
|
33
33
|
- !ruby/object:Gem::Dependency
|
|
34
34
|
name: logstash-devutils
|
|
35
|
-
|
|
35
|
+
requirement: !ruby/object:Gem::Requirement
|
|
36
36
|
requirements:
|
|
37
|
-
- -
|
|
37
|
+
- - ">="
|
|
38
38
|
- !ruby/object:Gem::Version
|
|
39
39
|
version: '0'
|
|
40
|
-
|
|
40
|
+
type: :development
|
|
41
|
+
prerelease: false
|
|
42
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
41
43
|
requirements:
|
|
42
|
-
- -
|
|
44
|
+
- - ">="
|
|
43
45
|
- !ruby/object:Gem::Version
|
|
44
46
|
version: '0'
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
47
|
+
description: This gem is a logstash plugin required to be installed on top of the
|
|
48
|
+
Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not
|
|
49
|
+
a stand-alone program
|
|
48
50
|
email: jakendall@gmail.com
|
|
49
51
|
executables: []
|
|
50
52
|
extensions: []
|
|
@@ -64,24 +66,24 @@ licenses:
|
|
|
64
66
|
metadata:
|
|
65
67
|
logstash_plugin: 'true'
|
|
66
68
|
logstash_group: filter
|
|
67
|
-
post_install_message:
|
|
69
|
+
post_install_message:
|
|
68
70
|
rdoc_options: []
|
|
69
71
|
require_paths:
|
|
70
72
|
- lib
|
|
71
73
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
72
74
|
requirements:
|
|
73
|
-
- -
|
|
75
|
+
- - ">="
|
|
74
76
|
- !ruby/object:Gem::Version
|
|
75
77
|
version: '0'
|
|
76
78
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
77
79
|
requirements:
|
|
78
|
-
- -
|
|
80
|
+
- - ">="
|
|
79
81
|
- !ruby/object:Gem::Version
|
|
80
82
|
version: '0'
|
|
81
83
|
requirements: []
|
|
82
|
-
rubyforge_project:
|
|
83
|
-
rubygems_version: 2.
|
|
84
|
-
signing_key:
|
|
84
|
+
rubyforge_project:
|
|
85
|
+
rubygems_version: 2.2.2
|
|
86
|
+
signing_key:
|
|
85
87
|
specification_version: 4
|
|
86
88
|
summary: This filter queries the Virustotal API
|
|
87
89
|
test_files:
|