Skip to content

Instantly share code, notes, and snippets.

View cyhook's full-sized avatar
🎯
Focusing

Shiyayo cyhook

🎯
Focusing
7 followers · 3 following
View GitHub Profile
@cyhook
cyhook / elasticsearch-sql.md
Last active October 31, 2017 12:28

Output in JSON

curl -H "Content-Type: application/json" -XPOST 'http://localhost:9200/_sql' -d 'SELECT COUNT ( DISTINCT dst_port ) AS dst_count,dst_port,src_ip, dst_ip FROM graylog_0 WHERE timestamp > "2017-10-31 11:05:20.000" AND protocol-trans = "TCP" GROUP BY src_ip, dst_ip'

Output in CSV

curl -H "Content-Type: application/json" -XPOST 'http://localhost:9200/_sql?format=csv' -d 'SELECT COUNT(DISTINCT dst_port) AS distinct-counts, src_ip, dst_ip FROM graylog_0 WHERE timestamp > "2017-10-31 10:04:00.000" AND protocol-trans = "TCP" GROUP BY dst_ip, src_ip'
@cyhook
cyhook / graylog-emailsetup.conf
Created October 30, 2017 05:10
# Email transport
transport_email_enabled = true
transport_email_hostname = smtp.gmail.com
transport_email_port = 465
transport_email_use_auth = true
transport_email_use_tls = true
transport_email_use_ssl = true
transport_email_auth_username = XXXXXXXXXXXXXXXXXXXX@gmail.com
transport_email_auth_password = XXXXXXXXXXXXXXXXXX
transport_email_subject_prefix = [XXXXXXXXXXXXXXXXX]
@cyhook
cyhook / extract.bro
Created October 24, 2017 04:40
Extract PDF, DOC, DOCX, PPT, PPTX, XLSX, XLS
global ext_map: table[string] of string = {
["application/x-dosexec"] = "exe",
["text/plain"] = "txt",
["image/jpeg"] = "jpg",
["image/png"] = "png",
["text/html"] = "html",
["application/pdf"] = "pdf",
["application/msword"] = "doc",
["application/vnd.openxmlformats-officedocument.wordprocessingml.document"] = "docx",
["application/x-excel"] = "xls",
@cyhook
cyhook / Brocommands.md
Created October 24, 2017 04:38

Identify bro errors

  • broctl check
@cyhook
cyhook / mimetypes.md
Last active October 23, 2017 15:09

Suffixes applicable Media type and subtype(s) .3dm x-world/x-3dmf .3dmf x-world/x-3dmf .a application/octet-stream .aab application/x-authorware-bin .aam application/x-authorware-map .aas application/x-authorware-seg .abc text/vnd.abc .acgi text/html

@cyhook
cyhook / tutorial.md
Last active November 17, 2017 20:13
@cyhook
cyhook / tcpdump usage.md
Last active February 11, 2021 06:50
@cyhook
cyhook / cyphon setup.md
Last active October 12, 2017 12:19

STEP 1: Add a static IP Address

Log into the server add configure the static IP address username: user password: P@$$w0rd123

nano /etc/network/interfaces
iface eth0 inet dhcp              #Replace with: iface eth0 inet static

   address 10.253.0.50
   netmask 255.255.255.0
@cyhook
cyhook / OCS Inventory Setup.md
Created October 4, 2017 11:29
@cyhook
cyhook / ELK Errors.md
Last active October 3, 2017 17:59

1. Failed to create Monitoring events errors

[2017-10-03T20:21:09,732][ERROR][logstash.inputs.metrics ] Failed to create monitoring event {:message=>"For path: events", :error=>"LogStash::Instrument::MetricStortricNotFound"}

Add the following line to /etc/elasticsearch/elasticsearch.yml and restart elasticsearch

nano /etc/elasticsearch/elasticsearch.yml 
paste: action.auto_create_index: .security,.security-6,.monitoring*,.watches,.triggered_watches,.watcher-history*
ctrl x --> y --> Enter
service elasticsearch restart