evoxco evoxco
evoxco
/ Bro Ids C1fApp threat intel
Created
August 4, 2015 10:59
Bro Ids C1fApp threat intel (generic intel template)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "title": "Broids-C1fApp Intel", | |
| "services": { | |
| "query": { | |
| "list": { | |
| "0": { | |
| "id": 0, | |
| "color": "#7EB26D", | |
| "alias": "All Connections", | |
| "pin": true, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "index": { | |
| "default": "_all", | |
| "pattern": "[nprobe-]YYYY.MM.DD", | |
| "warm_fields": true, | |
| "interval": "day" | |
| }, | |
| "style": "light", | |
| "rows": [ | |
| { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "index": { | |
| "default": "_all", | |
| "pattern": "[nprobe-]YYYY.MM.DD", | |
| "warm_fields": true, | |
| "interval": "day" | |
| }, | |
| "style": "light", | |
| "rows": [ | |
| { |
evoxco
/ nprobe-mapping-template
Last active
October 6, 2015 07:13
Nprobe ElasticSearch Mapping Template
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "template": "nprobe*", | |
| "mappings": { | |
| "_default_": { | |
| "_timestamp": { | |
| "enabled": true, | |
| "store": true | |
| } | |
| }, | |
| "nProbe": { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| I just dont like the names ! You have to disable System Integrity Protection (CMD-r/csrutil disable/reboot) | |
| fsck:~ $ sudo security delete-certificate -Z 1B4B396126276B6491A2686DD70243212D1F1D96 /System/Library/Keychains/SystemRootCertificates.keychain | |
| fsck:~ $ sudo security delete-certificate -Z F17F6FB631DC99E3A3C87FFE1CF1811088D96033 /System/Library/Keychains/SystemRootCertificates.keychain | |
| fsck:~ $ sudo security delete-certificate -Z 8C941B34EA1EA6ED9AE2BC54CF687252B4C9B561 /System/Library/Keychains/SystemRootCertificates.keychain | |
| fsck:~ $ sudo security delete-certificate -Z 2E14DAEC28F0FA1E8E389A4EABEB26C00AD383C3 /System/Library/Keychains/SystemRootCertificates.keychain | |
| fsck:~ $ sudo security delete-certificate -Z 9D70BB01A5A4A018112EF71C01B932C534E788A8 /System/Library/Keychains/SystemRootCertificates.keychain | |
| fsck:~ $ sudo security delete-certificate -Z 6E3A55A4190C195C93843CC0DB722E313061F0B1 /System/Library/Keychains/SystemRootCertificates.keychain | |
| fsck:~ $ sudo security delete-certificate -Z 786A7 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| listen *:443; | |
| ssl on; | |
| ssl_certificate /etc/ssl/certs/cacert.pem; | |
| ssl_certificate_key /etc/ssl/private/privkey.pem; | |
| server_name nsm01; | |
| fastcgi_param HTTPS on; | |
| fastcgi_param HTTP_SCHEME https; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Enable file extraction (Prior to 2.4.1) | |
| --------------- | |
| sudo vi /mnt/data/bro/share/bro/site/local.bro | |
| @load misc/extract-files | |
| vi /mnt/data/bro/share/bro/policy/misc/extract-files.bro | |
| global ext_map: table[string] of string = { | |
| ["application/x-dosexec"] = "exe", | |
| ["application/pdf"] = "pdf", |
evoxco
/ Bro ids Elastic template
Last active
April 25, 2017 03:48
Bro Ids Elastic template to avoid analyse of fields
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "template": "bro*", | |
| "mappings": { | |
| "_default_": { | |
| "_timestamp": { | |
| "enabled": true, | |
| "store": true | |
| } | |
| }, | |
| "ssl": { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "title": "Broids-HTTP", | |
| "services": { | |
| "query": { | |
| "list": { | |
| "0": { | |
| "id": 0, | |
| "color": "#7EB26D", | |
| "alias": "All Connections", | |
| "pin": true, |
evoxco
/ c1fappThreatIntell
Created
December 30, 2014 19:46
C1fApp Threat Intelligence Kibana dashboard
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "title": "C1fApp Threat Intelligence", | |
| "services": { | |
| "query": { | |
| "list": { | |
| "0": { | |
| "query": "index: \"cif\"", | |
| "alias": "Cif Index", | |
| "color": "#7EB26D", | |
| "id": 0, |
OlderNewer