adriansr

import json
import requests

REPO='user/repo'
PULL= # PULL_REQUEST_ID (1234)
USER_TO_DELETE='houndci-bot'
TOKEN=YOUR_GITHUB_API_TOKEN

headers = { 'Authorization': 'token ' + TOKEN }

adriansr

# Anonymize IPTABLES logs for documentation!

import os
import re
import sys


random_macs = set()
macs = {}

adriansr

# Usage:
# compare-golden-events.py <old.json> <new.json>

import json
import sys


def missing(keys, dct):
    r = []
    for key in keys:

adriansr

# local login failed

      "type=USER_AUTH msg=audit(1553622768.697:628): pid=6261 uid=0 auid=1002 ses=40 msg='op=PAM:authentication acct=\"root\" exe=\"/bin/login\" hostname=? addr=? terminal=/dev/pts/1 res=failed'"
      "type=USER_LOGIN msg=audit(1553622768.697:629): pid=6261 uid=0 auid=1002 ses=40 msg='op=login acct=\"root\" exe=\"/bin/login\" hostname=? addr=? terminal=/dev/pts/1 res=failed'"


# local login succeeded
      "type=USER_AUTH msg=audit(1553622784.557:630): pid=6261 uid=0 auid=1002 ses=40 msg='op=PAM:authentication acct=\"adrian\" exe=\"/bin/login\" hostname=? addr=? terminal=/dev/pts/1 res=success'"
      "type=USER_LOGIN msg=audit(1553622784.973:634): pid=6261 uid=0 auid=1002 ses=40 msg='op=login acct=\"adrian\" exe=\"/bin/login\" hostname=? addr=? terminal=/dev/pts/1 res=success'"

adriansr

import os
import random as rnd
import re
import sys


random_ips = set()
ips = {}
doc_ips = [[192, 0, 2], [198, 51, 100], [203, 0, 113]]
known_prefixes = set([ '.'.join([str(y) for y in x ]) for x in [

adriansr

from datetime import datetime, date, time, timedelta
import random


class WeightedRand:
    def __init__(self, weights):
        self.v = []
        self.n = sum(weights.values())
        for (k, v) in weights.iteritems():
            self.v += [k] * v

adriansr

# Helper to find what's wrong when a Filebeat's fileset
# fails with the error:
#
# The following expected object was not found:
# {
#   [...]
# }
# Searched in:
# [
#   [...]

adriansr

{
  "filebeat-8.0.0-cisco-asa-asa-ftd-pipeline" : {
    "description" : "Pipeline for Cisco ASA logs",
    "processors" : [
      {
        "grok" : {
          "field" : "message",
          "patterns" : [
            "(?:%{SYSLOG_HEADER})?\\s*%{GREEDYDATA:log.original}"
          ],

adriansr

GOROOT=/Users/adrian/.gvm/versions/go1.13.10.darwin.amd64 #gosetup
GOPATH=/Users/adrian/go #gosetup
/Users/adrian/.gvm/versions/go1.13.10.darwin.amd64/bin/go test -c -o /private/var/folders/4t/d2fxfql505j76bjd6yb6qhc80000gn/T/___TestReplaceIndexInIndexPattern_in_github_com_elastic_beats_v7_libbeat_dashboards github.com/elastic/beats/v7/libbeat/dashboards #gosetup
/Users/adrian/.gvm/versions/go1.13.10.darwin.amd64/bin/go tool test2json -t /private/var/folders/4t/d2fxfql505j76bjd6yb6qhc80000gn/T/___TestReplaceIndexInIndexPattern_in_github_com_elastic_beats_v7_libbeat_dashboards -test.v -test.run ^TestReplaceIndexInIndexPattern$ #gosetup
=== RUN   TestReplaceIndexInIndexPattern
=== RUN   TestReplaceIndexInIndexPattern/Replace_in_[]interface(map).map
=== RUN   TestReplaceIndexInIndexPattern/Replace_in_[]interface(map).mapstr
=== RUN   TestReplaceIndexInIndexPattern/Replace_in_[]map.mapstr
=== RUN   TestReplaceIndexInIndexPattern/Replace_in_[]mapstr.mapstr
=== RUN   TestReplaceIndexInIndexPattern/Replace_in_[]maps

adriansr

//  Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
//  or more contributor license agreements. Licensed under the Elastic License;
//  you may not use this file except in compliance with the Elastic License.

var processor = require("processor");
var console   = require("console");

var device;

// Register params from configuration.