Twitter-plugin - Falco Plugin for Twitter Stream

Twitter Plugin

This repository contains the twittter plugin for Falco, which follows a stream filtered by rules. See twitter developper guide for details.

The plugin also exports fields that extract information from a twitter tweet, such as the author name, the lang, the content of the tweet, ...

Event Source

The event source for twitter events is twitter.

Supported Fields

Name Type Description
twitter.text string Text of Tweet
twitter.rawtext string Text of Tweet without return lines
twitter.authorname string Author Name of the Tweet
twitter.authorusername string Author Username of the Tweet
twitter.lang string Lang of the Tweet
twitter.isrt string true if the Tweet is a retweet

Development

Requirements

You need:

  • Go >= 1.17

Build

make

Environment variables

The plugin needs to authenticate to Twitter API, you need to export:

  • TWITTER_API_KEY: your API key for Twitter API
  • TWITTER_API_SECRET: you API Secret Twitter API

Settings

Only init_config accepts settings:

  • flushinterval: time en ms between two flushes of events from twitter to Falco (default: 1000ms)
  • rules: list of rules for filtering the stream, see twitter developper guide for details

Configurations

  • falco.yaml

    plugins:
  - name: twitter
    library_path: /etc/falco/audit/libtwitter.so
    init_config:
      rules:
        - cat has:images
        - dog has:images
      flushinterval: 1000
    open_params: ''

load_plugins: [twitter]

stdout_output:
  enabled: true

  • rules.yaml

The source for rules must be twitter.

See example:

- rule: New Cat image Tweet
  desc: New Cat image Tweet
  condition: twitter.text contains cat 
  output: "New CAT image tweet from @%twitter.authorname: %twitter.rawtext"
  priority: DEBUG
  source: twitter
  tags: [twitter]
- rule: New Dog image Tweet
  desc: New Dog image Tweet
  condition: twitter.text contains dog 
  output: "New DOG image tweet from @%twitter.authorname: %twitter.rawtext"
  priority: DEBUG
  source: twitter
  tags: [twitter]

Usage

falco -c falco.yaml -r twitter_rules.yaml

Requirements

  • Falco >= 0.31

Results

14:30:56.334904000: Debug New DOG image tweet from @Kate: Me letting my dog out for a wee #StormEunice https://t.co/f9pfR4jQAe
14:30:57.336734000: Debug New CAT image tweet from @いづも〜アリエナイ〜: めっちゃ見るじゃん。 #チャーリーとチョコレート工場  #猫  #cat #猫のいる暮らし #猫のいる生活 https://t.co/mDBJYyEdb1
14:30:57.337896000: Debug New CAT image tweet from @dimension: dan: RT @heeseungable: jake cat n' dog stuff toy 🐕🐈 ! https://t.co/tV9pBL3xqn
14:30:57.338709000: Debug New CAT image tweet from @imdone: RT @cat_dot_exe: https://t.co/0Fy60CUtYc
14:30:58.339475000: Debug New CAT image tweet from @SAMANTHA CFO: ▶️ ¡ÚLTIMOS DÍAS!🗳 VOTA a SAMANTHA con "Ja no fa mal" en la categoría "Millor cançó de pop-rock". en los premios @enderrock. https://t.co/iB2mQd33BZ https://t.co/s0A772eNe0
14:30:58.340175000: Debug New CAT image tweet from @MawarCrypto: RT @TaylorMusk7: My brother has a cat and I hope his Babycat will grow up soon!Babycat😍 https://t.co/eyQ4VyJ2kR
14:30:59.342610000: Debug New CAT image tweet from @クロネネコ: RT @okirakuoki: おっぴろげ。#cat #ねこ #猫 https://t.co/Kz18EboQ7r
14:30:59.343185000: Debug New CAT image tweet from @Anton: RT @cat_dot_exe: https://t.co/0Fy60CUtYc
Owner
Thomas Labarussias
OSS/Ecosystem Advocate at Sysdig, Former SRE at Qonto, Former AWS FinOps at Claranet
Thomas Labarussias
https://github.com/Issif/twitter-plugin
Similar Resources

Broadcast-server - A simple Go server that broadcasts any data/stream

broadcast A simple Go server that broadcasts any data/stream usage data You can

Oct 21, 2022

A go module supply Java-Like generic stream programming (while do type check at runtime)

gostream A go module supplying Java-Like generic stream programming (while do type check at runtime) Using Get a Stream To get a Stream, using SliceSt

Jan 16, 2022

Library for directly interacting and controlling an Elgato Stream Deck on Linux.

Stream Deck Library for directly interacting and controlling an Elgato Stream Deck on Linux. This library is designed to take exclusive control over a

Dec 17, 2022

Rabbitio - Rabbit stream cipher package RFC 4503 for Go

rabbitio rabbitio is a rabbit stream cipher packge based on RFC 4503 for golang

Dec 14, 2022

Sstreamcry - Shadowsocks stream bomb

ShadowStreamCry A Shadowsocks stream bomb. Credits DuckSoft Qv2ray/rc4md5cry v2f

Feb 24, 2022

Moviefetch: a simple program to search and download for movies from websites like 1337x and then stream them

MovieFetch Disclaimer I am NOT responisble for any legal issues or other you enc

Dec 2, 2022

The plugin serves as a starting point for writing a Mattermost plugin

Plugin Starter Template This plugin serves as a starting point for writing a Mattermost plugin. Feel free to base your own plugin off this repository.

Dec 10, 2021

Kobiton-execute-test-buildkite-plugin - A Buildkite Plugin to (synchronously) execute an automated test script on Kobiton service

Kobiton Execute Test Buildkite Plugin A Buildkite Plugin to (synchronously) exec

Feb 10, 2022

Cf-cli-find-app-plugin - CF CLI plugin to find applications containing a search string

Overview This cf cli plugin allows users to search for application names that co

Jan 3, 2022
Related tags
Network twitter-plugin
A toy project to stream from a Remarkable2

goMarkableStream I use this toy project to stream my remarkable 2 (firmware 2.5) on my laptop using the local wifi. video/demo here Quick start You ne

Dec 31, 2022
A lightweight stream processing library for Go
 A lightweight stream processing library for Go

go-streams A lightweight stream processing library for Go. go-streams provides a simple and concise DSL to build data pipelines. Wiki In computing, a

Dec 31, 2022
V3IO Frames ("Frames") is a Golang based remote data frames access (over gRPC or HTTP stream)

V3IO Frames ("Frames") is a multi-model open-source data-access library that provides a unified high-performance DataFrame API for working with different types of data sources (backends). The library was developed by Iguazio to simplify working with data in the Iguazio Data Science Platform ("the platform"), but it can be extended to support additional backend types.

Oct 1, 2022
Stream Camera based on TCP
 Stream Camera based on TCP

streamera Term Project of Computer Networking streamera is a Stream Camera based on TCP, which contains client mode and server mode. Features Client M

Nov 11, 2022
Stream processing stuff for Go

GoStream Type safe Stream processing library inspired in the Java Streams API. Table of contents Requirements Usage examples Limitations Performance C

Dec 26, 2022
Reflex stream client for redis streams

rredis A reflex stream client for a redis streams using the radix client implementation. It provides an API for inserting data into a stream and for c

Oct 5, 2021
Totem - A Go library that can turn a single gRPC stream into bidirectional unary gRPC servers

Totem is a Go library that can turn a single gRPC stream into bidirectional unar

Jan 6, 2023
A simple Go server that broadcasts any data/stream

broadcast A simple Go server that broadcasts any data/stream usage data You can POST data. curl -X POST --data-binary "@111.png" localhost:9222/test.p

Aug 12, 2022
Reads MAWS formatted data and converts it into JSON output stream.

maws2json Usage examples Over serial line (stdin pipe) Lets assume that Vaisala weather station is connected via RS232 to USB serial dongle in /dev/tt

Feb 6, 2022
Reads JSON object (stream) from file/stdin and routes it/them to GCP Pub/Sub topics.

json2pubsub Publish JSON object (stream) into GCP Pub/Sub topic based on a field value. Usage: json2pubsub --project=STRING <mapping> ... Reads JSON

Nov 3, 2022