# Logstash Greynoise Filter 
This is a filter plugin for [Logstash](https://github.com/elastic/logstash).

It is fully free and fully open source. The license is Apache 2.0, meaning you are pretty much free to use it however you want in whatever way.

## Documentation

The Greynoise filter adds information about IP addresses from logstash events via the Greynoise API.

GreyNoise is a system that collects and analyzes data on Internet-wide scanners.
GreyNoise collects data on benign scanners such as Shodan.io, as well as malicious actors like SSH and telnet worms.

## Usage
### 1. Installation
You can use the built-in plugin tool of Logstash to install the filter:
```
$LS_HOME/bin/logstash-plugin install logstash-filter-greynoise
```

Or you can build it yourself:
```
git clone https://github.com/nsherron90/logstash-filter-greynoise.git
bundle install
gem build logstash-filter-greynoise.gemspec
$LS_HOME/bin/logstash-plugin install logstash-filter-greynoise-0.1.4.gem
```

### 2. Filter Configuration
Add the following inside the filter section of your logstash configuration:

```sh
filter {
  greynoise {
    ip => "ip_value"                 # string (required, reference to ip address field)
    key => "your_greynoise_key"      # string (optional, no default)
    target => "greynoise"            # string (optional, default = greynoise)
  }
}
```

Print plugin version:

``` bash
bin/logstash-plugin list --verbose | grep greynoise
```

Example for running logstash from `cli`:

``` bash
bin/logstash --debug -e \
'input {
    stdin {}
}


filter {
  greynoise {
    ip => "%{message}"
   }
}

output {
   stdout {
      codec => rubydebug {
          metadata => true
          }
      }
}'
```



## Contributing

All contributions are welcome: ideas, patches, documentation, bug reports, complaints, and even something you drew up on a napkin.

Programming is not a required skill. Whatever you've seen about open source and maintainers or community members  saying "send patches or die" - you will not see that here.

It is more important to the community that you are able to contribute.

For more information about contributing, see the [CONTRIBUTING](https://github.com/elasticsearch/logstash/blob/master/CONTRIBUTING.md) file.