Skip to content

Instantly share code, notes, and snippets.

@ESGuardian
ESGuardian / !ossim_plugin_nfotx.md
Last active Aug 29, 2015
Python variant of nfotx.pl created by AlienVault community user @packetinspector
View !ossim_plugin_nfotx.md

This is my variant of nfOTX plugin by @PacketInspector. I rewrote the original nfotx.pl to nfotx.py and added check for my own ip reputation data file.

@ESGuardian
ESGuardian / !ossim_plugin_myILO.md
Last active Jul 3, 2019
OSSIM plugin for HP iLO
View !ossim_plugin_myILO.md

This is the plugin for parsing HP iLO v. 4 login/logout events on AlienVault OSSIM

@ESGuardian
ESGuardian / !ossim_plugin_msfep.md
Last active Aug 29, 2015
OSSIM plugin for MS FEP (note about freetds.conf if you are not native american)
View !ossim_plugin_msfep.md

This is the plugin for reading MS Endpoint Protection events from System Center Configuration Manager database. Also contains configuration files for creating view in SCCM DB and for Freedts on OSSIM server (need for cyrillic chars in SCCM DB)

@ESGuardian
ESGuardian / !ossim_tmg_plugin.md
Last active Aug 29, 2015
OSSIM plugin for MS TMG 2010 (Using SNARE Epilog for send FWS and WEB w3c formated logs to syslog)
View !ossim_tmg_plugin.md

There are two plugins for parsing FWS and WEB w3c logs from MS TMG 2010 on AlienVaul OSSIM and modified ParserUtil.py

tmg-web plugin and PerserUtil.py modified for add event sid 2 - Exchange ActyveSync Sync command

View !ossim_cyrillic_chars.md

This is the instruction how to make OSSIM properly display Russian text on the screen and when you export to csv. Usefull for ossec-agent on Russian Windows and for database type connectors for MSSQL databases.

And check_encoding.py script. See instruction.txt for details

View !ossim_report_apps_change.md

This is usefull python script for make csv file with the report of the integrity change, application install/uninstall regestered by ossec agent. This is for Russians :) cp1251 encoding used for working with Russian Windows and Excel

View !ossim-account-change-report.md

This is usefull Python script to generate csv file with report of user account and group membership change based on ossec agent data stored in AlienVault OSSIM. This is for Russians :) cp1251 used for Russian Windows and Excel

@ESGuardian
ESGuardian / !ossim_remote_access_report.md
Last active Aug 29, 2015
OSSIM report for Cisco AnyConnect
View !ossim_remote_access_report.md

This is the Python script for reporting Cisco AnyConnect (ip to user assign) events from OSSIM cisco-asa plugin data as csv file.

2015-07-09. Added ActiveSync events from my activesync-monitor plugin and GeoIP data (geolite2)

Be careful!!! you MUST previosly install geoip2 python module becouse it not installed by default

 
wget https://bootstrap.pypa.io/get-pip.py --no-check-certificate
python get-pip.py
pip install geoip2
@ESGuardian
ESGuardian / !ossim_tmg_data_leak_report.md
Last active Aug 29, 2015
Simple script for reporting tmg events
View !ossim_tmg_data_leak_report.md

This is the simple Python script for generate the csv file from OSSIM database with "possible data leak" events collected by my own tmg-web plugin. "possible data leak" events have generated by plugin when large amount of data transfered to external host.

@ESGuardian
ESGuardian / !ossim_NfOTX_report.md
Last active Aug 29, 2015
OSSIM Netflow report for OTX matched host communication.
View !ossim_NfOTX_report.md

This is the Python script for reporting NfOTX Match events wich collected in OSSIM database by my modification of NfOTX plugin (initialy created by @PacketInspector). The script generate csv file with list of events and list of corresponded Netwlow data, so you can see what happend.

You can’t perform that action at this time.