This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Generic links from ML back to SIEM Application | |
| # | |
| # Several tests runs with each and adding/removing | |
| # them to see which ones were effective | |
| # | |
| Network Overview Links | |
| --- | |
| # Network Overview By User Name (KQL Query: user.name $user.name$) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| processors: | |
| - add_host_metadata: | |
| netinfo.enabled: true | |
| - add_cloud_metadata: ~ | |
| - add_fields: | |
| when.network.source.ip: 10.128.0.21/32 | |
| fields: | |
| source.geo.location: | |
| lat: 42 | |
| lon: -93 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| processors: | |
| - add_host_metadata: | |
| netinfo.enabled: true | |
| - add_cloud_metadata: ~ | |
| - add_fields: | |
| when.network.source.ip: 10.128.0.21/32 | |
| fields: | |
| source.geo.location: | |
| lat: 42 | |
| lon: -93 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| processors: | |
| - add_host_metadata: | |
| netinfo.enabled: true | |
| - add_cloud_metadata: ~ | |
| - add_fields: | |
| when.network.source.ip: 10.128.0.21/32 | |
| fields: | |
| source.geo.location: | |
| lat: 42 | |
| lon: -93 |
FrankHassanabad
/ yj_wrapper.sh
Created
January 13, 2020 20:18
Converts rules from json to yaml to toml and back again
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # Download yj from: | |
| # https://github.com/sclevine/yj/releases | |
| # such as wget https://github.com/sclevine/yj/releases/download/v4.0.0/yj-macos | |
| # | |
| # Then chmod 755 ./yj-wrapper | |
| # Go to your pre-packaged rules and run this: | |
| # yj-wrapper.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| mkdir sorted | |
| for f in ~/projects/kibana/x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/prepackaged_rules/*.json ; do | |
| echo $f | |
| cat $f | jq . -S > sorted/$(basename -- "$f" .json).json | |
| done |
FrankHassanabad
/ toml_to_json.sh
Last active
January 15, 2020 01:12
Quick dirty toml to json converter which sorts the keys using jq and yj-macos
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # Download yj from: | |
| # https://github.com/sclevine/yj/releases | |
| # such as wget https://github.com/sclevine/yj/releases/download/v4.0.0/yj-macos | |
| # | |
| # Then chmod 755 ./yj-macos and chmod 755 toml_to_json.sh | |
| # Go to your toml and run this | |
| # toml_to_json.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # Download yj from: | |
| # https://github.com/sclevine/yj/releases | |
| # such as wget https://github.com/sclevine/yj/releases/download/v4.0.0/yj-macos | |
| # | |
| # Then chmod 755 ./yj-macos and chmod 755 toml_to_json.sh | |
| # Go to your toml and run this | |
| # toml_to_json.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| for f in *.json ; do | |
| echo "checking $f" | |
| cat $f | jq .max_signals | |
| done | |
FrankHassanabad
/ test_saved_objects.sh
Created
February 3, 2020 20:08
Test saved objects and duplicate issues part 1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # | |
| # Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | |
| # or more contributor license agreements. Licensed under the Elastic License; | |
| # you may not use this file except in compliance with the Elastic License. | |
| # | |
| set -e | |
| ./check_env_variables.sh |