-
-
Save coolacid/21ad14b6213b13e3fd7d to your computer and use it in GitHub Desktop.
Example Results from logstash-filter-virustotal
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Logstash startup completed | |
| { | |
| "message" => "99017f6eebbac24f351415dd410d522d", | |
| "@version" => "1", | |
| "@timestamp" => "2015-04-22T15:03:59.534Z", | |
| "type" => "generated", | |
| "host" => "homer", | |
| "sequence" => 0, | |
| "virustotal" => { | |
| "scans" => { | |
| "Bkav" => { | |
| "detected" => false, | |
| "version" => "1.3.0.6379", | |
| "result" => nil, | |
| "update" => "20150417" | |
| }, | |
| "MicroWorld-eScan" => { | |
| "detected" => false, | |
| "version" => "12.0.250.0", | |
| "result" => nil, | |
| "update" => "20150420" | |
| }, | |
| "nProtect" => { | |
| "detected" => true, | |
| "version" => "2015-04-17.01", | |
| "result" => "Trojan/W32.Small.28672.BJA", | |
| "update" => "20150417" | |
| }, | |
| "CMC" => { | |
| "detected" => true, | |
| "version" => "1.1.0.977", | |
| "result" => "Trojan.Win32.VB!O", | |
| "update" => "20150418" | |
| }, | |
| "CAT-QuickHeal" => { | |
| "detected" => false, | |
| "version" => "14.00", | |
| "result" => nil, | |
| "update" => "20150420" | |
| }, | |
| "McAfee" => { | |
| "detected" => false, | |
| "version" => "6.0.5.614", | |
| "result" => nil, | |
| "update" => "20150420" | |
| }, | |
| "Malwarebytes" => { | |
| "detected" => false, | |
| "version" => "1.75.0.1", | |
| "result" => nil, | |
| "update" => "20150420" | |
| }, | |
| "Zillya" => { | |
| "detected" => false, | |
| "version" => "2.0.0.2145", | |
| "result" => nil, | |
| "update" => "20150420" | |
| }, | |
| "SUPERAntiSpyware" => { | |
| "detected" => false, | |
| "version" => "5.6.0.1032", | |
| "result" => nil, | |
| "update" => "20150419" | |
| }, | |
| "K7AntiVirus" => { | |
| "detected" => false, | |
| "version" => "9.202.15646", | |
| "result" => nil, | |
| "update" => "20150420" | |
| }, | |
| "Alibaba" => { | |
| "detected" => false, | |
| "version" => "1.0", | |
| "result" => nil, | |
| "update" => "20150420" | |
| }, | |
| "K7GW" => { | |
| "detected" => false, | |
| "version" => "9.202.15647", | |
| "result" => nil, | |
| "update" => "20150420" | |
| }, | |
| "TheHacker" => { | |
| "detected" => true, | |
| "version" => "6.8.0.5.554", | |
| "result" => "Trojan/VB.acgy", | |
| "update" => "20150420" | |
| }, | |
| "NANO-Antivirus" => { | |
| "detected" => true, | |
| "version" => "0.30.16.1110", | |
| "result" => "Trojan.Win32.VB.wjvtg", | |
| "update" => "20150420" | |
| }, | |
| "F-Prot" => { | |
| "detected" => false, | |
| "version" => "4.7.1.166", | |
| "result" => nil, | |
| "update" => "20150420" | |
| }, | |
| "Symantec" => { | |
| "detected" => false, | |
| "version" => "20141.2.0.56", | |
| "result" => nil, | |
| "update" => "20150420" | |
| }, | |
| "Norman" => { | |
| "detected" => false, | |
| "version" => "7.04.04", | |
| "result" => nil, | |
| "update" => "20150420" | |
| }, | |
| "TotalDefense" => { | |
| "detected" => true, | |
| "version" => "37.1.62.1", | |
| "result" => "Win32/ASuspect.HDBBD", | |
| "update" => "20150419" | |
| }, | |
| "Avast" => { | |
| "detected" => true, | |
| "version" => "8.0.1489.320", | |
| "result" => "Win32:VB-ZOF [Spy]", | |
| "update" => "20150420" | |
| }, | |
| "ClamAV" => { | |
| "detected" => false, | |
| "version" => "0.98.5.0", | |
| "result" => nil, | |
| "update" => "20150420" | |
| }, | |
| "Kaspersky" => { | |
| "detected" => true, | |
| "version" => "15.0.1.10", | |
| "result" => "Trojan.Win32.Hosts2.gen", | |
| "update" => "20150420" | |
| }, | |
| "BitDefender" => { | |
| "detected" => false, | |
| "version" => "7.2", | |
| "result" => nil, | |
| "update" => "20150420" | |
| }, | |
| "Agnitum" => { | |
| "detected" => false, | |
| "version" => "5.5.1.3", | |
| "result" => nil, | |
| "update" => "20150419" | |
| }, | |
| "ViRobot" => { | |
| "detected" => false, | |
| "version" => "2014.3.20.0", | |
| "result" => nil, | |
| "update" => "20150420" | |
| }, | |
| "ByteHero" => { | |
| "detected" => false, | |
| "version" => "1.0.0.1", | |
| "result" => nil, | |
| "update" => "20150420" | |
| }, | |
| "Tencent" => { | |
| "detected" => false, | |
| "version" => "1.0.0.1", | |
| "result" => nil, | |
| "update" => "20150420" | |
| }, | |
| "Ad-Aware" => { | |
| "detected" => false, | |
| "version" => "12.0.163.0", | |
| "result" => nil, | |
| "update" => "20150420" | |
| }, | |
| "Emsisoft" => { | |
| "detected" => true, | |
| "version" => "3.0.0.600", | |
| "result" => "Generic.Malware.V!w.7232B058 (B)", | |
| "update" => "20150420" | |
| }, | |
| "Comodo" => { | |
| "detected" => true, | |
| "version" => "21832", | |
| "result" => "Heur.Suspicious", | |
| "update" => "20150420" | |
| }, | |
| "F-Secure" => { | |
| "detected" => false, | |
| "version" => "11.0.19100.45", | |
| "result" => nil, | |
| "update" => "20150420" | |
| }, | |
| "DrWeb" => { | |
| "detected" => false, | |
| "version" => "7.0.12.3050", | |
| "result" => nil, | |
| "update" => "20150420" | |
| }, | |
| "VIPRE" => { | |
| "detected" => false, | |
| "version" => "39516", | |
| "result" => nil, | |
| "update" => "20150420" | |
| }, | |
| "TrendMicro" => { | |
| "detected" => false, | |
| "version" => "9.740.0.1012", | |
| "result" => nil, | |
| "update" => "20150420" | |
| }, | |
| "McAfee-GW-Edition" => { | |
| "detected" => false, | |
| "version" => "v2015", | |
| "result" => nil, | |
| "update" => "20150419" | |
| }, | |
| "Sophos" => { | |
| "detected" => false, | |
| "version" => "4.98.0", | |
| "result" => nil, | |
| "update" => "20150420" | |
| }, | |
| "Cyren" => { | |
| "detected" => true, | |
| "version" => "5.4.16.7", | |
| "result" => "W32/Risk.PCSE-1644", | |
| "update" => "20150420" | |
| }, | |
| "Jiangmin" => { | |
| "detected" => true, | |
| "version" => "16.0.100", | |
| "result" => "Trojan/VB.cqak", | |
| "update" => "20150417" | |
| }, | |
| "Avira" => { | |
| "detected" => true, | |
| "version" => "3.6.1.96", | |
| "result" => "TR/VB.dyn", | |
| "update" => "20150420" | |
| }, | |
| "Antiy-AVL" => { | |
| "detected" => true, | |
| "version" => "1.0.0.1", | |
| "result" => "Trojan/Win32.Hosts2", | |
| "update" => "20150420" | |
| }, | |
| "Kingsoft" => { | |
| "detected" => true, | |
| "version" => "2013.4.9.267", | |
| "result" => "Win32.Troj.VB.(kcloud)", | |
| "update" => "20150420" | |
| }, | |
| "Microsoft" => { | |
| "detected" => false, | |
| "version" => "1.1.11502.0", | |
| "result" => nil, | |
| "update" => "20150420" | |
| }, | |
| "AegisLab" => { | |
| "detected" => false, | |
| "version" => "1.5", | |
| "result" => nil, | |
| "update" => "20150420" | |
| }, | |
| "AhnLab-V3" => { | |
| "detected" => true, | |
| "version" => "2015.04.21.00", | |
| "result" => "Win-Trojan/Xema.variant", | |
| "update" => "20150420" | |
| }, | |
| "AVware" => { | |
| "detected" => true, | |
| "version" => "1.5.0.21", | |
| "result" => "Trojan.Win32.Generic!BT", | |
| "update" => "20150420" | |
| }, | |
| "Baidu-International" => { | |
| "detected" => false, | |
| "version" => "3.5.1.41473", | |
| "result" => nil, | |
| "update" => "20150420" | |
| }, | |
| "Zoner" => { | |
| "detected" => false, | |
| "version" => "1.0", | |
| "result" => nil, | |
| "update" => "20150420" | |
| }, | |
| "ESET-NOD32" => { | |
| "detected" => false, | |
| "version" => "11503", | |
| "result" => nil, | |
| "update" => "20150420" | |
| }, | |
| "Rising" => { | |
| "detected" => false, | |
| "version" => "25.0.0.17", | |
| "result" => nil, | |
| "update" => "20150420" | |
| }, | |
| "Ikarus" => { | |
| "detected" => false, | |
| "version" => "T3.1.8.9.0", | |
| "result" => nil, | |
| "update" => "20150420" | |
| }, | |
| "Fortinet" => { | |
| "detected" => true, | |
| "version" => "5.0.999.0", | |
| "result" => "W32/Vb.HT!tr", | |
| "update" => "20150420" | |
| }, | |
| "AVG" => { | |
| "detected" => true, | |
| "version" => "15.0.0.4331", | |
| "result" => "VBCrypt.AWJ", | |
| "update" => "20150420" | |
| }, | |
| "Panda" => { | |
| "detected" => false, | |
| "version" => "4.6.4.2", | |
| "result" => nil, | |
| "update" => "20150420" | |
| }, | |
| "Qihoo-360" => { | |
| "detected" => true, | |
| "version" => "1.0.0.1015", | |
| "result" => "Win32/Trojan.Spy.fd9", | |
| "update" => "20150420" | |
| } | |
| }, | |
| "scan_id" => "52d3df0ed60c46f336c131bf2ca454f73bafdc4b04dfa2aea80746f5ba9e6d1c-1429522436", | |
| "sha1" => "4d1740485713a2ab3a4f5822a01f645fe8387f92", | |
| "resource" => "99017f6eebbac24f351415dd410d522d", | |
| "response_code" => 1, | |
| "scan_date" => "2015-04-20 09:33:56", | |
| "permalink" => "https://www.virustotal.com/file/52d3df0ed60c46f336c131bf2ca454f73bafdc4b04dfa2aea80746f5ba9e6d1c/analysis/1429522436/", | |
| "verbose_msg" => "Scan finished, information embedded", | |
| "total" => 53, | |
| "positives" => 19, | |
| "sha256" => "52d3df0ed60c46f336c131bf2ca454f73bafdc4b04dfa2aea80746f5ba9e6d1c", | |
| "md5" => "99017f6eebbac24f351415dd410d522d" | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Logstash startup completed | |
| { | |
| "message" => "http://www.google.com", | |
| "@version" => "1", | |
| "@timestamp" => "2015-04-22T15:07:37.934Z", | |
| "type" => "generated", | |
| "host" => "homer", | |
| "sequence" => 0, | |
| "virustotal" => { | |
| "permalink" => "https://www.virustotal.com/url/dd014af5ed6b38d9130e3f466f850e46d21b951199d53a18ef29ee9341614eaf/analysis/1429714703/", | |
| "resource" => "http://www.google.com", | |
| "url" => "http://www.google.com/", | |
| "response_code" => 1, | |
| "scan_date" => "2015-04-22 14:58:23", | |
| "scan_id" => "dd014af5ed6b38d9130e3f466f850e46d21b951199d53a18ef29ee9341614eaf-1429714703", | |
| "verbose_msg" => "Scan finished, scan information embedded in this object", | |
| "filescan_id" => nil, | |
| "positives" => 0, | |
| "total" => 62, | |
| "scans" => { | |
| "CLEAN MX" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "VX Vault" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "ZDB Zeus" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "Tencent" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "MalwarePatrol" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "ZCloudsec" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "PhishLabs" => { | |
| "detected" => false, | |
| "result" => "unrated site" | |
| }, | |
| "Zerofox" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "K7AntiVirus" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "Quttera" => { | |
| "detected" => false, | |
| "result" => "suspicious site" | |
| }, | |
| "Spam404" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "AegisLab WebGuard" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "MalwareDomainList" => { | |
| "detected" => false, | |
| "result" => "clean site", | |
| "detail" => "http://www.malwaredomainlist.com/mdl.php?search=www.google.com" | |
| }, | |
| "ZeusTracker" => { | |
| "detected" => false, | |
| "result" => "clean site", | |
| "detail" => "https://zeustracker.abuse.ch/monitor.php?host=www.google.com" | |
| }, | |
| "zvelo" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "Google Safebrowsing" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "Kaspersky" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "BitDefender" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "Dr.Web" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "ADMINUSLabs" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "C-SIRT" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "CyberCrime" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "Websense ThreatSeeker" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "CRDF" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "Webutation" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "Trustwave" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "Web Security Guard" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "G-Data" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "Malwarebytes hpHosts" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "Wepawet" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "AlienVault" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "Emsisoft" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "Malc0de Database" => { | |
| "detected" => false, | |
| "result" => "clean site", | |
| "detail" => "http://malc0de.com/database/index.php?search=www.google.com" | |
| }, | |
| "SpyEyeTracker" => { | |
| "detected" => false, | |
| "result" => "clean site", | |
| "detail" => "https://spyeyetracker.abuse.ch/monitor.php?host=www.google.com" | |
| }, | |
| "malwares.com URL checker" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "Phishtank" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "Malwared" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "Avira" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "OpenPhish" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "Antiy-AVL" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "SCUMWARE.org" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "FraudSense" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "Opera" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "Comodo Site Inspector" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "Malekal" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "ESET" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "Sophos" => { | |
| "detected" => false, | |
| "result" => "unrated site" | |
| }, | |
| "Yandex Safebrowsing" => { | |
| "detected" => false, | |
| "result" => "clean site", | |
| "detail" => "http://yandex.com/infected?l10n=en&url=http://www.google.com/" | |
| }, | |
| "SecureBrain" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "Malware Domain Blocklist" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "Blueliv" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "Netcraft" => { | |
| "detected" => false, | |
| "result" => "unrated site" | |
| }, | |
| "PalevoTracker" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "AutoShun" => { | |
| "detected" => false, | |
| "result" => "unrated site" | |
| }, | |
| "ThreatHive" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "ParetoLogic" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "Rising" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "URLQuery" => { | |
| "detected" => false, | |
| "result" => "unrated site" | |
| }, | |
| "StopBadware" => { | |
| "detected" => false, | |
| "result" => "unrated site" | |
| }, | |
| "Sucuri SiteCheck" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "Fortinet" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| }, | |
| "Baidu-International" => { | |
| "detected" => false, | |
| "result" => "clean site" | |
| } | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment