| import os | |
| import binascii | |
| from array import array | |
| from unicorn import * | |
| from unicorn.x86_const import * | |
| import string | |
| import itertools | |
| import pexpect | |
| def extract_values(obj, key): | |
| """Recursively pull values of specified key from nested JSON.""" | |
| arr = [] | |
| def extract(obj, arr, key): | |
| """Return all matching values in an object.""" | |
| if isinstance(obj, dict): | |
| for k, v in obj.items(): | |
| if isinstance(v, (dict, list)): | |
| extract(v, arr, key) |
| /etc/logstash/logstash.conf : | |
| # We handle the syslog part of the Cisco PIX/ASA messages | |
| grok { | |
| tags => "cisco-fw" | |
| patterns_dir => "/etc/logstash/patterns" | |
| pattern => "^<%{POSINT:syslog_pri}>(?:(%{TIMESTAMP_ISO8601:timestamp8601} |%{CISCOTIMESTAMP:timestamp} ))?%{SYSLOGHOST:logsource}?[ :]+%{GREEDYDATA:syslog_message}" | |
| } | |
| syslog_pri { | |
| tags => "cisco-fw" |
I had a heck of a time getting a Cuckoo sandbox running, and below I hope to help you get one up and running relatively quickly by detailing out the steps and gotchas I stumbled across along the way. I mention this in the references at the end of this gist, but what you see here is heavily influenced by this article from Nviso