I hereby claim:
- I am frankhassanabad on github.
- I am frankhassanabad (https://keybase.io/frankhassanabad) on keybase.
- I have a public key ASCNJL2XvQ2jA2QIWsLLIbAz1Loxl3DzoUlhZ6TaFZDFjQo
To claim this, I am signing this object:
FrankHassanabad
/ yj_wrapper.sh
Created
January 13, 2020 20:18
Converts rules from json to yaml to toml and back again
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # Download yj from: | |
| # https://github.com/sclevine/yj/releases | |
| # such as wget https://github.com/sclevine/yj/releases/download/v4.0.0/yj-macos | |
| # | |
| # Then chmod 755 ./yj-wrapper | |
| # Go to your pre-packaged rules and run this: | |
| # yj-wrapper.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| processors: | |
| - add_host_metadata: | |
| netinfo.enabled: true | |
| - add_cloud_metadata: ~ | |
| - add_fields: | |
| when.network.source.ip: 10.128.0.21/32 | |
| fields: | |
| source.geo.location: | |
| lat: 42 | |
| lon: -93 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| processors: | |
| - add_host_metadata: | |
| netinfo.enabled: true | |
| - add_cloud_metadata: ~ | |
| - add_fields: | |
| when.network.source.ip: 10.128.0.21/32 | |
| fields: | |
| source.geo.location: | |
| lat: 42 | |
| lon: -93 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| processors: | |
| - add_host_metadata: | |
| netinfo.enabled: true | |
| - add_cloud_metadata: ~ | |
| - add_fields: | |
| when.network.source.ip: 10.128.0.21/32 | |
| fields: | |
| source.geo.location: | |
| lat: 42 | |
| lon: -93 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Generic links from ML back to SIEM Application | |
| # | |
| # Several tests runs with each and adding/removing | |
| # them to see which ones were effective | |
| # | |
| Network Overview Links | |
| --- | |
| # Network Overview By User Name (KQL Query: user.name $user.name$) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| running test for the 1 time with total 0 errors so far | |
| running test for the 2 time with total 0 errors so far | |
| running test for the 3 time with total 0 errors so far | |
| running test for the 4 time with total 0 errors so far | |
| running test for the 5 time with total 0 errors so far | |
| running test for the 6 time with total 0 errors so far | |
| running test for the 7 time with total 0 errors so far | |
| running test for the 8 time with total 0 errors so far | |
| running test for the 9 time with total 0 errors so far | |
| running test for the 10 time with total 0 errors so far |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # Full text queries | |
| # | |
| # Match all | |
| GET /auditbeat-*/_search | |
| { | |
| "query": { | |
| "match_all": {} | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| export PLUGIN_NAME=secops | |
| # Start kibana | |
| alias start-kibana='cd $HOME/projects/kibana && yarn start --no-base-path' | |
| # Start bootstrap | |
| alias start-bootstrap='cd $HOME/projects/kibana && yarn kbn bootstrap' | |
| # Start typecheck | |
| alias start-type-check='cd $HOME/projects/kibana && node scripts/type_check.js' |
FrankHassanabad
/ keybase.md
Created
September 1, 2018 13:24
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| extern crate futures; | |
| use futures::{future, Future}; | |
| use std::*; | |
| /// Returns an empty future, empty error | |
| fn return_empty_result() -> impl Future<Item = (), Error = ()> { | |
| future::lazy(|| future::ok::<(), ()>(())) | |
| } |