[resolved]RSS filter and dedupe

devmal044 · February 18, 2019, 3:25pm

Im trying to pull information from an RSS feed. I am running into 2 problems.

The first is I am getting duplicates entries every time the Logstash interval is hit. What is the best way to handle this?
The second is I am not sure the best way to get certain data from each feed entry as I do not want all of the information.

I have included a sample entry from the feed below:
https://www.virustotal.com/file/c84d547d76dcfce40ded583da665861a6fcdced426214dd78f6f62b07d7c4c5d/analysis/ c84d547d76dcfce40ded583da665861a6fcdced426214dd78f6f62b07d7c4c5d-2019-02-18 15:00:52-EPZCHLTUWDGK-notification.subject
Mon, 18 Feb 2019 15:00:52 +0000
md5: b1d723b18e879b4f6d350995c4133890
sha1: 03ebe11cb413ca15022906844cdf628c708e666c
sha256: 0b3a0f9282bbb91d5d7770ec4cf392bb0c69da9074ecba6b464ec1a3868ad840
size: 1357312
type: Win32 EXE
positives: 49
total: 65
first submission: 2019-02-18 14:53:18
last submission: 2019-02-18 14:53:18
scans: data
ruleset: EPZCHLTUWDGK
rule: zeus_v1
match:
id: 5374337132199936

devmal044 · February 28, 2019, 7:54pm

This topic can be removed. I found another way of accomplishing what i need.

system · March 28, 2019, 7:54pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.