-
Notifications
You must be signed in to change notification settings - Fork 0
/
alternative
35 lines (32 loc) · 972 Bytes
/
alternative
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
input {
exec {
command => "echo placeholder"
interval => 600
codec => "json"
}
}
filter {
ruby {
init => "require 'json'"
code => "
last_timestamp = File.read('/path/to/last_timestamp.txt').strip
body = { 'returnFormat' => 'json', 'timestamp' => last_timestamp }.to_json
event.set('request_body', body)
# Code to write the current timestamp to a file
File.open('/path/to/last_timestamp.txt', 'w') { |file| file.write(Time.now.to_i) }
"
}
http {
url => "https://misp-instance-url/events/restSearch"
method => "post"
headers => {
"Authorization" => "YOUR_MISP_API_KEY"
"Accept" => "application/json"
"Content-Type" => "application/json"
}
body => "%{request_body}"
}
}
output {
# your output configuration, for example, sending to Elasticsearch
}