Skip to content

Instantly share code, notes, and snippets.

🎧
Eat Sleep Code Repeat

Frank Hassanabad FrankHassanabad

🎧
Eat Sleep Code Repeat
Block or report user

Report or block FrankHassanabad

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View json_to_toml.sh
#!/bin/sh
# Download yj from:
# https://github.com/sclevine/yj/releases
# such as wget https://github.com/sclevine/yj/releases/download/v4.0.0/yj-macos
#
# Then chmod 755 ./yj-macos and chmod 755 toml_to_json.sh
# Go to your toml and run this
# toml_to_json.sh
@FrankHassanabad
FrankHassanabad / toml_to_json.sh
Last active Jan 15, 2020
Quick dirty toml to json converter which sorts the keys using jq and yj-macos
View toml_to_json.sh
#!/bin/sh
# Download yj from:
# https://github.com/sclevine/yj/releases
# such as wget https://github.com/sclevine/yj/releases/download/v4.0.0/yj-macos
#
# Then chmod 755 ./yj-macos and chmod 755 toml_to_json.sh
# Go to your toml and run this
# toml_to_json.sh
@FrankHassanabad
FrankHassanabad / sort_keys_jq.sh
Created Jan 14, 2020
Sorts JSON keys using jq
View sort_keys_jq.sh
#!/bin/sh
mkdir sorted
for f in ~/projects/kibana/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/*.json ; do
echo $f
cat $f | jq . -S > sorted/$(basename -- "$f" .json).json
done
@FrankHassanabad
FrankHassanabad / yj_wrapper.sh
Created Jan 13, 2020
Converts rules from json to yaml to toml and back again
View yj_wrapper.sh
#!/bin/sh
# Download yj from:
# https://github.com/sclevine/yj/releases
# such as wget https://github.com/sclevine/yj/releases/download/v4.0.0/yj-macos
#
# Then chmod 755 ./yj-wrapper
# Go to your pre-packaged rules and run this:
# yj-wrapper.sh
@FrankHassanabad
FrankHassanabad / example_processors.yml
Created Aug 29, 2019
Processors For Beats Example
View example_processors.yml
processors:
- add_host_metadata:
netinfo.enabled: true
- add_cloud_metadata: ~
- add_fields:
when.network.source.ip: 10.128.0.21/32
fields:
source.geo.location:
lat: 42
lon: -93
@FrankHassanabad
FrankHassanabad / example_processors.yml
Created Aug 29, 2019
Processors For Beats Example
View example_processors.yml
processors:
- add_host_metadata:
netinfo.enabled: true
- add_cloud_metadata: ~
- add_fields:
when.network.source.ip: 10.128.0.21/32
fields:
source.geo.location:
lat: 42
lon: -93
@FrankHassanabad
FrankHassanabad / example_processors.yml
Created Aug 29, 2019
Processors For Beats Example
View example_processors.yml
processors:
- add_host_metadata:
netinfo.enabled: true
- add_cloud_metadata: ~
- add_fields:
when.network.source.ip: 10.128.0.21/32
fields:
source.geo.location:
lat: 42
lon: -93
@FrankHassanabad
FrankHassanabad / url-notes.txt
Created Jun 17, 2019
Links for ML jobs examples
View url-notes.txt
## Generic links from ML back to SIEM Application
#
# Several tests runs with each and adding/removing
# them to see which ones were effective
#
Network Overview Links
---
# Network Overview By User Name (KQL Query: user.name $user.name$)
@FrankHassanabad
FrankHassanabad / output.txt
Created Apr 22, 2019
Run Tests Repeatedly
View output.txt
running test for the 1 time with total 0 errors so far
running test for the 2 time with total 0 errors so far
running test for the 3 time with total 0 errors so far
running test for the 4 time with total 0 errors so far
running test for the 5 time with total 0 errors so far
running test for the 6 time with total 0 errors so far
running test for the 7 time with total 0 errors so far
running test for the 8 time with total 0 errors so far
running test for the 9 time with total 0 errors so far
running test for the 10 time with total 0 errors so far
View es_query_snippets.txt
#
# Full text queries
#
# Match all
GET /auditbeat-*/_search
{
"query": {
"match_all": {}
}
You can’t perform that action at this time.