-
Notifications
You must be signed in to change notification settings - Fork 0
/
new pipeline
52 lines (45 loc) · 1.45 KB
/
new pipeline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
# filesave
#!/bin/bash
# Read the last timestamp from the file
LAST_TIMESTAMP=$(cat /path/to/last_timestamp.txt)
# Export it as an environment variable
export LAST_FETCHED_TIMESTAMP=${LAST_TIMESTAMP}
# Run Logstash
/path/to/logstash -f /path/to/logstash_pipeline.conf
# misp pipeline
input {
http_poller {
urls => {
misp => {
method => post
url => "https://misp-instance-url/events/restSearch"
headers => {
"Authorization" => "YOUR_MISP_API_KEY"
"Accept" => "application/json"
"Content-Type" => "application/json"
}
# Use environment variable for the timestamp
body => '{ "returnFormat": "json", "timestamp": "${LAST_FETCHED_TIMESTAMP}" }'
}
}
request_timeout => 60
schedule => { every => "10m" }
codec => "json"
}
}
filter {
ruby {
# Code to write the current timestamp to a file
code => "File.open('/path/to/last_timestamp.txt', 'w') { |file| file.write(Time.now.to_i) }"
}
}
# set timestamp initially
chmod +x set_timestamp.sh
./set_timestamp.sh
## updated body
body => {
code => "
last_timestamp = File.read('/path/to/last_timestamp.txt').strip
'{ "returnFormat": "json", "timestamp": "' + last_timestamp + '" }'
"
}