[New Module] VirusTotal Intelligence Live Hunt Filebeat Module

[peasead]

Description

Objective

Using a Filebeat module, collect data from the VirusTotal Intelligence Live Hunt notification queue mapping the data to ECS (or associated field mappings), and write the data to Elasticsearch

Approach

Create a Filebeat module using HTTP JSON to pull down the Live Hunt notification queue; and

Filebeat Module / Dataset release checklist

Modules

For a metricset to go GA, the following criterias should be met:

• Supported versions are documented
• Supported operating systems are documented (if applicable)
• Integration tests exist
• System tests exist
• Automated checks that all fields are documented
• Documentation
• Fields follow ECS and naming conventions
• Dashboards exists (if applicable)
• Kibana Home Tutorial (if applicable)
• Open PR against Kibana repo with tutorial. Examples can be found here.

Filebeat module

• Test log files exist for the grok patterns
• Generated output for at least 1 log file exists

CC @dcode

[elasticmachine]

Pinging @elastic/siem (Team:SIEM)

[peasead]

7/1 - update

Nothing significant to report.

[elasticmachine]

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)