Class: LogStash::Filters::Virustotalthree

Inherits:
Base
  • Object
show all
Defined in:
lib/logstash/filters/virustotalthree.rb

Overview

This filter will replace the contents of the default message field with whatever you specify in the configuration.

It is only intended to be used as an .

Instance Method Summary collapse

Instance Method Details

#filter(event) ⇒ Object 



40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
 
# File 'lib/logstash/filters/virustotalthree.rb', line 40

def filter(event)
  begin
    @logger.warn("LSFVTL: ", :apikey => @apikey)
    # when given nothing, it tries to load your API key from ENV["VIRUSTOTAL_API_KEY"]
    api = VirusTotal::API.new(key: @apikey)
    if @lookup_type == "hash"
      vt_report = api.file.get(event.get(@field))
    elsif @lookup_type == "domain"
      vt_report = api.domain.get(event.get(@field))
    elsif @lookup_type == "url"
      vt_report = api.url.get(event.get(@field))
    elsif @lookup_type == "ip"
      vt_report = api.ip_address.get(event.get(@field))
    end
    event.set(@target, vt_report)
    # filter_matched should go in the last line of our successful code
    filter_matched(event)
  rescue => e
    @logger.warn("Error getting virus total lookup", :field => event.get(@field), :exception => e)
  end
end

#registerObject 



35
36
37
 
# File 'lib/logstash/filters/virustotalthree.rb', line 35

def register
  # Add instance variables
end