logstash-input-crowdstrike_fdr 2.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,28 @@
1
+ Gem::Specification.new do |s|
2
+ s.name = 'logstash-input-crowdstrike_fdr'
3
+ s.version = '2.1.2'
4
+ s.licenses = ['Apache-2.0']
5
+ s.summary = "Get logs from AWS s3 buckets as issued by Crowdstrike Falcon Data Replicator"
6
+ s.description = "This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program"
7
+ s.authors = ["Christian Herweg","Hugh Kelley"]
8
+ s.email = 'christian.herweg@gmail.com'
9
+ s.homepage = "https://github.com/hkelley/logstash-input-crowdstrike_fdr"
10
+ s.require_paths = ["lib"]
11
+
12
+ # Files
13
+ s.files = Dir['lib/**/*','spec/**/*','vendor/**/*','*.gemspec','*.md','CONTRIBUTORS','Gemfile','LICENSE','NOTICE.TXT']
14
+
15
+ # Tests
16
+ s.test_files = s.files.grep(%r{^(test|spec|features)/})
17
+
18
+ # Special flag to let us know this is actually a logstash plugin
19
+ s.metadata = { "logstash_plugin" => "true", "logstash_group" => "input" }
20
+
21
+ # Gem dependencies
22
+ s.add_runtime_dependency "logstash-core-plugin-api", ">= 2.1.12", "<= 2.99"
23
+
24
+ s.add_runtime_dependency 'logstash-codec-json', '~> 3.0'
25
+ s.add_runtime_dependency 'logstash-mixin-aws', '~> 4.3'
26
+ s.add_development_dependency 'logstash-codec-json_stream', '~> 1.0'
27
+ s.add_development_dependency 'logstash-devutils', '~> 1.3'
28
+ end
@@ -0,0 +1,66 @@
1
+ # encoding: utf-8
2
+ require "logstash/devutils/rspec/spec_helper"
3
+ require "logstash/plugin"
4
+ require "logstash/inputs/crowdstrike_fdr"
5
+ require "fileutils"
6
+ require "logstash/errors"
7
+ require "logstash/event"
8
+ require "logstash/json"
9
+ require "logstash/codecs/base"
10
+ require "logstash/codecs/json_stream"
11
+ require 'rspec'
12
+ require 'rspec/expectations'
13
+
14
+
15
+
16
+ describe LogStash::Inputs::CrowdStrikeFDR do
17
+ class LogStash::Inputs::CrowdStrikeFDR
18
+ public :process # use method without error logging for better visibility of errors
19
+ end
20
+ let(:codec_options) { {} }
21
+
22
+ let(:input) { LogStash::Inputs::CrowdStrikeFDR.new(config) }
23
+
24
+ let(:codec_factory) { CodecFactory.new(@logger, { default_codec: @codec, codec_by_folder: @codec_by_folder }) }
25
+ subject { input }
26
+
27
+ context "default parser choice" do
28
+ it "should return true" do
29
+ expect(true).to be true
30
+ end
31
+ end
32
+
33
+ let(:record) {{"local_file" => File.join(File.dirname(__FILE__), '..', '..', 'fixtures', 'log-stream.real-formatted') }}
34
+ let(:key) { "arn:aws:iam::123456789012:role/AuthorizedRole" }
35
+ let(:folder) { "arn:aws:iam::123456789012:role/AuthorizedRole" }
36
+ let(:instance_codec) { "json" }
37
+ let(:logstash_event_queue) { "arn:aws:iam::123456789012:role/AuthorizedRole" }
38
+ let(:bucket) { "arn:aws:iam::123456789012:role/AuthorizedRole" }
39
+ let(:message) { "arn:aws:iam::123456789012:role/AuthorizedRole" }
40
+ let(:size) { "123344" }
41
+ let(:temporary_directory) { Stud::Temporary.pathname }
42
+ let(:config) { {"queue" => queue, "codec" => "json", "temporary_directory" => temporary_directory } }
43
+ context 'compressed_log_file' do
44
+
45
+ subject do
46
+ LogStash::Inputs::CrowdStrikeFDR.new(config)
47
+ end
48
+ # end
49
+ let(:queue) { [] }
50
+ before do
51
+ @codec = LogStash::Codecs::JSONStream.new
52
+ @codec.charset = "UTF-8"
53
+ @codec_factory = CodecFactory.new(@logger, {
54
+ default_codec: @codec,
55
+ codec_by_folder: @codec_by_folder
56
+ })
57
+ expect( subject.process(record, logstash_event_queue) ).to be true
58
+ $stderr.puts "method #{queue.to_s}"
59
+ end
60
+
61
+ #it '.process_local_log => process compressed log file and verfied logstash event queue with the correct number of events' do
62
+ # expect( queue.size ).to eq(38)
63
+ # expect( queue.clear).to be_empty
64
+ #end
65
+ end
66
+ end
metadata ADDED
@@ -0,0 +1,141 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: logstash-input-crowdstrike_fdr
3
+ version: !ruby/object:Gem::Version
4
+ version: 2.1.2
5
+ platform: ruby
6
+ authors:
7
+ - Christian Herweg
8
+ - Hugh Kelley
9
+ autorequire:
10
+ bindir: bin
11
+ cert_chain: []
12
+ date: 2021-03-13 00:00:00.000000000 Z
13
+ dependencies:
14
+ - !ruby/object:Gem::Dependency
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: 2.1.12
20
+ - - "<="
21
+ - !ruby/object:Gem::Version
22
+ version: '2.99'
23
+ name: logstash-core-plugin-api
24
+ prerelease: false
25
+ type: :runtime
26
+ version_requirements: !ruby/object:Gem::Requirement
27
+ requirements:
28
+ - - ">="
29
+ - !ruby/object:Gem::Version
30
+ version: 2.1.12
31
+ - - "<="
32
+ - !ruby/object:Gem::Version
33
+ version: '2.99'
34
+ - !ruby/object:Gem::Dependency
35
+ requirement: !ruby/object:Gem::Requirement
36
+ requirements:
37
+ - - "~>"
38
+ - !ruby/object:Gem::Version
39
+ version: '3.0'
40
+ name: logstash-codec-json
41
+ prerelease: false
42
+ type: :runtime
43
+ version_requirements: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '3.0'
48
+ - !ruby/object:Gem::Dependency
49
+ requirement: !ruby/object:Gem::Requirement
50
+ requirements:
51
+ - - "~>"
52
+ - !ruby/object:Gem::Version
53
+ version: '4.3'
54
+ name: logstash-mixin-aws
55
+ prerelease: false
56
+ type: :runtime
57
+ version_requirements: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - "~>"
60
+ - !ruby/object:Gem::Version
61
+ version: '4.3'
62
+ - !ruby/object:Gem::Dependency
63
+ requirement: !ruby/object:Gem::Requirement
64
+ requirements:
65
+ - - "~>"
66
+ - !ruby/object:Gem::Version
67
+ version: '1.0'
68
+ name: logstash-codec-json_stream
69
+ prerelease: false
70
+ type: :development
71
+ version_requirements: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - "~>"
74
+ - !ruby/object:Gem::Version
75
+ version: '1.0'
76
+ - !ruby/object:Gem::Dependency
77
+ requirement: !ruby/object:Gem::Requirement
78
+ requirements:
79
+ - - "~>"
80
+ - !ruby/object:Gem::Version
81
+ version: '1.3'
82
+ name: logstash-devutils
83
+ prerelease: false
84
+ type: :development
85
+ version_requirements: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - "~>"
88
+ - !ruby/object:Gem::Version
89
+ version: '1.3'
90
+ description: This gem is a logstash plugin required to be installed on top of the
91
+ Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not
92
+ a stand-alone program
93
+ email: christian.herweg@gmail.com
94
+ executables: []
95
+ extensions: []
96
+ extra_rdoc_files: []
97
+ files:
98
+ - CHANGELOG.md
99
+ - CONTRIBUTORS
100
+ - Gemfile
101
+ - LICENSE
102
+ - NOTICE.TXT
103
+ - README.md
104
+ - lib/logstash/inputs/codec_factory.rb
105
+ - lib/logstash/inputs/crowdstrike_fdr.rb
106
+ - lib/logstash/inputs/mime/magic_gzip_validator.rb
107
+ - lib/logstash/inputs/s3/client_factory.rb
108
+ - lib/logstash/inputs/s3/downloader.rb
109
+ - lib/logstash/inputs/s3snssqs/log_processor.rb
110
+ - lib/logstash/inputs/s3sqs/patch.rb
111
+ - lib/logstash/inputs/sqs/poller.rb
112
+ - logstash-input-crowdstrike_fdr.gemspec
113
+ - spec/inputs/crowdstrike_fdr_spec.rb
114
+ homepage: https://github.com/hkelley/logstash-input-crowdstrike_fdr
115
+ licenses:
116
+ - Apache-2.0
117
+ metadata:
118
+ logstash_plugin: 'true'
119
+ logstash_group: input
120
+ post_install_message:
121
+ rdoc_options: []
122
+ require_paths:
123
+ - lib
124
+ required_ruby_version: !ruby/object:Gem::Requirement
125
+ requirements:
126
+ - - ">="
127
+ - !ruby/object:Gem::Version
128
+ version: '0'
129
+ required_rubygems_version: !ruby/object:Gem::Requirement
130
+ requirements:
131
+ - - ">="
132
+ - !ruby/object:Gem::Version
133
+ version: '0'
134
+ requirements: []
135
+ rubyforge_project:
136
+ rubygems_version: 2.6.14.1
137
+ signing_key:
138
+ specification_version: 4
139
+ summary: Get logs from AWS s3 buckets as issued by Crowdstrike Falcon Data Replicator
140
+ test_files:
141
+ - spec/inputs/crowdstrike_fdr_spec.rb