vol2log
Summary
This utility built upon Python 3.6 is to assist with shipping a Volatility JSON file into Graylog with the appropriate formatting easily. I was unaware of a way to easily ship the JSON file from Volatility's unified-output plugin so I created a small utility which will format, add additional needed fields to the post, and send a post request to a specified Graylog instance.
Usage
python vol2log.py -host 192.168.119.133 -port 12201 -file "C:\Python\Data\Volatility JSON Files\netscan.json" -plugin netscan -volhost infectedhost
Required Switches
-host <IP address of remote Graylog Instance.>
-port <Port number of listening HTTP Gelf input in Graylog.>
-plugin <Name of volatility plugin that was used for JSON file.>
-volhost <Name or IP address of the src of the analyzed memory dump.>
-file <File path to jsonFile.>
Future Features
-Require naming convention of file name of host.plugin.json to auto-populate plugin and make volHost and plugin optional switches.
-Be able to handle large quantities of JSON files.
-Create a list of known issues with certain plugins as not all plugins produce data that is usable in this format. i.e malfind's output