xoh

### This logstash filter reads a URL/domain (can be anything from example.com to
### http://www01.users.example.com/path/to/index.xhtml) from field "message" and
### issues a lookup to google safe browsing tool sbserver (found at
### https://github.com/google/safebrowsing). On positive return (not malicious)
### the field "safe_browsing_state" is set to "harmless", otherwise to "malicious".
### To be used, sbserver has to run on localhost:8080.

input { }
filter {
  ruby {

xoh

### This logstash filter reads a URL/domain (can be anything from example.com to
### http://www01.users.example.com/path/to/index.xhtml) from field "message" and
### issues a lookup to google safe browsing tool sblookup (found at
### https://github.com/google/safebrowsing). On positive return (not malicious)
### nothing happens, in case of malicious activity related to the URL/domain, the
### field "google_safe_browsing_error" is set to some type (e.g.
### "Unsafe URL: [{example.com/ {MALWARE ANY_PLATFORM URL}}]\n". To be used, an
### API key has to be generated at https://console.cloud.google.com/

input { }

xoh

Keybase proof

I hereby claim:

• I am xoh on github.
• I am xoh (https://keybase.io/xoh) on keybase.
• I have a public key whose fingerprint is FF23 7D91 F520 E3BC BB7D 6227 ACAD 7490 CBF9 FC0A

To claim this, I am signing this object: