vagrant up win2012
You can connect to the VM in multiple ways.
Andrew Kroh andrewkroh
andrewkroh
/ Slack Notification
Last active
July 8, 2018 12:54
Heartbeat ICMP Alerting with Elastic X-Pack Watcher
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://twitter.com/Krohbird/status/849749788920877056 |
andrewkroh
/ packetbeat-dhcpv4-nak-decline.json
Last active
July 26, 2018 20:44
New DHCP Client Detected on Network - Elasticsearch Alerting Watch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| POST _xpack/watcher/watch/packetbeat-dhcpv4-nak-decline | |
| { | |
| "metadata": { | |
| "window_period": "1m", | |
| "index_pattern": "packetbeat-*" | |
| }, | |
| "trigger": { | |
| "schedule": { | |
| "interval": "1m" | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "@metadata": { | |
| "beat": "packetbeat", | |
| "type": "doc", | |
| "version": "7.0.0-alpha1" | |
| }, | |
| "@timestamp": "2018-08-01T18:10:48.311Z", | |
| "beat": { | |
| "hostname": "macbook", | |
| "name": "macbook", |
andrewkroh
/ winlogbeat-account-usage-dashboard.json
Last active
August 20, 2018 19:19
Winlogbeat - Account Usage Dashboard for Kibana
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ | |
| { | |
| "_id": "Winlogbeat-Account-Usage", | |
| "_type": "dashboard", | |
| "_source": { | |
| "title": "Windows - Account Usage", | |
| "hits": 0, | |
| "description": "", | |
| "panelsJSON": "[\n {\n \"col\": 7,\n \"id\": \"Failed-Logon-Attempts-Area-Chart\",\n \"panelIndex\": 2,\n \"row\": 1,\n \"size_x\": 6,\n \"size_y\": 4,\n \"type\": \"visualization\"\n },\n {\n \"col\": 3,\n \"id\": \"Remote-Desktop-Connections\",\n \"panelIndex\": 3,\n \"row\": 5,\n \"size_x\": 10,\n \"size_y\": 4,\n \"type\": \"visualization\"\n },\n {\n \"col\": 1,\n \"id\": \"Logon-Map\",\n \"panelIndex\": 5,\n \"row\": 5,\n \"size_x\": 2,\n \"size_y\": 4,\n \"type\": \"visualization\"\n },\n {\n \"col\": 1,\n \"id\": \"Total-Successful-Logons-1\",\n \"panelIndex\": 6,\n \"row\": 1,\n \"size_x\": 6,\n \"size_y\": 4,\n \"type\": \"visualization\"\n }\n]", | |
| "optionsJSON": "{\n \"darkTheme\": false\n}", |
andrewkroh
/ deduplicate_strings.go
Created
March 1, 2016 16:02
Deduplicate a Slice of Strings in Go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Deduplicate returns a new slice with duplicates values removed. | |
| func Deduplicate(s []string) []string { | |
| if len(s) == 0 { | |
| return s | |
| } | |
| result := []string{} | |
| seen := make(map[string]struct{}) | |
| for _, val := range s { | |
| if _, ok := seen[val]; !ok { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "description": "Add Geo and ASN to event", | |
| "processors": [ | |
| { | |
| "geoip": { | |
| "if": "ctx.source?.geo == null", | |
| "field": "source.ip", | |
| "target_field": "source.geo", | |
| "ignore_missing": true | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <libproc.h> | |
| #include <sys/proc_info.h> | |
| static const char* USAGE = "Usage: %s pid\n"; | |
| static const char* INVALID_PID = "Invalid pid: %s\n"; | |
| static const char* UNABLE_TO_GET_PROC_FDS = "Unable to get open file handles for %d\n"; | |
| static const char* OUT_OF_MEMORY = "Out of memory. Unable to allocate buffer with %d bytes\n"; |
andrewkroh
/ domain_rank_enrichment_pipeline.json
Last active
October 11, 2019 14:54
Elasticsearch Ingest Node Enrich Processor Example - Top 1M Domain Ranks
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PUT /_ingest/pipeline/domain_rank_enrichment | |
| { | |
| "description" : "Enriching domains with rank.", | |
| "processors" : [ | |
| { | |
| "enrich" : { | |
| "policy_name": "dns-domain-top1m-rank", | |
| "field" : "dns.question.name", | |
| "target_field": "_temp" | |
| } |
andrewkroh
/ Microsoft-Windows-Security-Auditing.txt
Created
February 2, 2017 04:27
Microsoft-Windows-Security-Auditing Messages from Windows 2012 Server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Id : 4608 | |
| Version : 0 | |
| LogLink : System.Diagnostics.Eventing.Reader.EventLogLink | |
| Level : System.Diagnostics.Eventing.Reader.EventLevel | |
| Opcode : System.Diagnostics.Eventing.Reader.EventOpcode | |
| Task : System.Diagnostics.Eventing.Reader.EventTask | |
| Keywords : {} | |
| Template : |