dlee35

#  ---------------------------------------------------------------------------
#
#  Description:  This file holds all my BASH configurations and aliases
#
#  Sections:
#  1.   Environment Configuration
#  2.   Make Terminal Better (remapping defaults and adding functionality)
#  3.   File and Folder Management
#  4.   Searching
#  5.   Process Management

dlee35

#!/bin/bash
#
# Copyright (C) 2011 Doug Burks and Security Onion
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License Version 2 as
# published by the Free Software Foundation.  You may not use, modify or
# distribute this program under any other version of the GNU General
# Public License.
#

dlee35

Manual Adoption:
 point UniFi device to controller (must be done from mca-cli):
 set-inform http://ip-of-controller:8080/inform
  - configure your DNS server to resolve 'unifi' to your controller's IP address
  - /etc/hosts is not persistent in UniFi but will work once 

Gateway factory reset:
 Console baud rate setting is 115200
 CLI (from bash):

dlee35

#! /usr/bin/env python
# requires pip
# pip install rt
import rt
import urllib3
import argparse

"""
Create ticket using python-rt interface
https://github.com/CZ-NIC/python-rt

dlee35

deb http://ppa.launchpad.net/securityonion/stable/ubuntu xenial main
# deb-src http://ppa.launchpad.net/securityonion/stable/ubuntu xenial main
# deb-src http://ppa.launchpad.net/securityonion/stable/ubuntu xenial main

dlee35

#!/bin/bash
FLEETDIR="$PWD/fleet"
WORKDIR="$PWD/fleetbuild"
FLEETGIT="kolide"
FLEETVER="HH1.1.0"
APKPACKS="git make yarn nodejs npm make g++ dep"
CONTAINERNAME="soshybridhunter_fleet_dev"

if [ ! -d $PWD/fleet ]; then
  git clone https://github.com/$FLEETGIT/fleet

dlee35

#!/usr/bin/env python
# -*- coding: utf-8 -*-
#
# Originally authored by Josh Wright (https://github.com/joswr1ght/pptxsanity)
# With code by Eric Jang ericjang2004@gmail.com
# Updated by Dustin Lee
# https://gist.github.com/992db55dfa9c9dc6a7738f9c3006045b

TIMEOUT=6 # URL request timeout in seconds
MAXRETRY=4

dlee35

from flask import Flask, make_response
from flask_restful import Api, Resource, reqparse
from io import StringIO
import requests, re, csv
import lxml.html as lh

app = Flask(__name__)
api = Api(app)

proxyDict = {}

dlee35

[
  {
    "_id": "4b4e1580-80e7-11e9-8875-bf8cb5a12e3d",
    "_type": "visualization",
    "_source": {
      "title": "ATT&CK - Technique ID (Heat Map By Host)",
      "visState": "{\"title\":\"ATT&CK - Technique ID (Heat Map By Host)\",\"type\":\"heatmap\",\"params\":{\"type\":\"heatmap\",\"addTooltip\":true,\"addLegend\":true,\"enableHover\":false,\"legendPosition\":\"bottom\",\"times\":[],\"colorsNumber\":10,\"colorSchema\":\"Reds\",\"setColorRange\":false,\"colorsRange\":[],\"invertColors\":false,\"percentageMode\":false,\"valueAxes\":[{\"show\":false,\"id\":\"ValueAxis-1\",\"type\":\"value\",\"scale\":{\"type\":\"linear\",\"defaultYExtents\":false},\"labels\":{\"show\":false,\"rotate\":0,\"overwriteColor\":false,\"color\":\"#555\"}}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event_data.Technique_id\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"o

dlee35

filter {
  if "autorunstowin" in [tags] {
    kv { 
      prefix => "[event_data]"
      remove_char_key => "\ "
      transform_key => "lowercase"
      field_split => "\n"
      value_split => ":"
    }
    mutate {