Skip to content

Instantly share code, notes, and snippets.

#!/usr/bin/env bash
###################
# Signal Sciences helper script:
# sigsci-revproxy-agents.sh
# For all sites in a corp, print reverse proxy agents.
# Requires:
# - pysigsci (https://pypi.org/project/pysigsci/)
# - jq (https://stedolan.github.io/jq/)
@foospidy
foospidy / sigsci-agent-install-multi.sh
Last active June 11, 2019 09:59
Installs multiple service instances of the sigsci-agent (tcp listener only).
sigsci-agent-install-multi.sh
# Installs multiple service instances of the sigsci-agent (tcp listener only).
# Note: this does not modify the default sigsci-agent installation.
#
# This script takes two arguments:
# The first argument (required) specifies how many new service instances to create.
# The second argument (optional) sepcifies what port the first service instance
# should listen on. It will automaticly increment the port number for each new instance.
#
# Usage:
#!/usr/bin/env python
"""
# HoneyDB helper script:
# honeydb-search-payloads.py
# For a given array of strings, this script will search payloads for a match.
# https://riskdiscovery.com/honeydb/threats#sensor_data_filtered
# Edit the SEARCH_STRINGS variable to specify what you want to search for.
# DATE is a required field for the API, and the default is today's date.
# Edit the DATE variable to search on a specific date.
# Requires:
@foospidy
foospidy / sigsci_site_availability.py
Last active February 25, 2019 13:37
Script to generate aggregate availability based on data from Signal Sciences.
#!/usr/bin/env python
"""
Script to generate aggregate availability based on data from Signal Sciences.
https://landing.google.com/sre/book/chapters/embracing-risk.html#risk-management_measuring-service-risk_aggregate-availability-equation
Usage:
./sigsci_site_availability.py -1d
Examples specifying different time periods:
./sigsci_site_availability.py -3d
@foospidy
foospidy / sigsci-copy-users.sh
Last active February 25, 2019 13:37
Copy all users from a site to other sites.
#!/usr/bin/env bash
###################
# Signal Sciences helper script:
# sigsci-copy-users.sh
# For a given site, copy all users to specified sites.
# Requires:
# - pysigsci (https://pypi.org/project/pysigsci/)
# - jq (https://stedolan.github.io/jq/)
# short name of site that has users you want to copy
@foospidy
foospidy / sigsci-copy-request-rule.sh
Last active February 25, 2019 13:37
Copy a rule to all sites in Signal Sciences
#!/usr/bin/env bash
###################
# Signal Sciences helper script:
# sigsci-copy-request-rule.sh
# For a given site and rule id, the script will the rule to all sites.
# Requires:
# - pysigsci (https://pypi.org/project/pysigsci/)
# - jq (https://stedolan.github.io/jq/)
if [ -z $1 ];
@foospidy
foospidy / sigsci-copy-custom-signal.sh
Last active February 25, 2019 13:37
Copy a signal to all sites in Signal Sciences
#!/usr/bin/env bash
###################
# Signal Sciences helper script:
# sigsci-copy-custom-siganl.sh
# For a given site and tagName, the script will copy that signal to all sites.
# Requires:
# - pysigsci (https://pypi.org/project/pysigsci/)
# - jq (https://stedolan.github.io/jq/)
if [ -z $1 ];
@foospidy
foospidy / sigsci-expire-all-events.sh
Last active February 25, 2019 13:37
Expire all flagged IP events in Signal Sciences.
#!/usr/bin/env bash
###################
# Signal Sciences helper script:
# sigsci-expire-all-events.sh
# For a given site, the script will expire all flagged ip events.
# Requires:
# - pysigsci (https://pypi.org/project/pysigsci/)
# - jq (https://stedolan.github.io/jq/)
if [ -z $1 ];
@foospidy
foospidy / sigsci-integration-replace.sh
Last active April 4, 2023 23:03
Update/replace integration configuration in Signal Sciences
#!/usr/bin/env bash
###################
# Signal Sciences helper script:
# sigsci-integration-replace.sh
# For a given configuration, the script will delete all instances based on type and url,
# it will then recreate the configuration with the specified events.
# Requires:
# - pysigsci (https://pypi.org/project/pysigsci/)
# - jq (https://stedolan.github.io/jq/)
@foospidy
foospidy / honeydb-post-data-2018-07-08.txt
Created July 9, 2018 15:42
Unique POST requests collected from HoneyDB data
This file has been truncated, but you can view the full file.
POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: x.x.x.x
Content-Length: 408
Cache-Control: no-cache
Q/Rayd3IZhxBqzgkL0J7deIVkVpJ20LD8qxp2iY6wqlhb7uJMoBoekEb9ZFuseGv3J5TnIUnC7pDXGwIc/1LM7v/5BNrkt/rlfBG7gZ4m7O7CGW0DCGfqGVXT4c7ex/ZNqFhOM1WyXCI+nAcWTbrF95VC2y3XDi1VpsMdE06YNWnmYdB57kkO1ZFTa9uxMukUBALs0kybZEXot2gj8gGd2NnoFzMpfbX85JschPX0MBY1uJV1TdhBQKcQ6h+ZBAC7JVBKqUXtuBu+ZyiJZRk7+OB/kVcWeWKqzEaavg1C1dEg4+sfjWcvU2N2DcvbPsx9aF/qYjhYuJSQ8AeawsNCcvwwlJg1aQuG+hrAPX5qkTOLzmaNTeIVqPUvdDNitzOR+WUyDoOfskqy7Txzxlf9JZy
POST /wls-wsat/CoordinatorPortType11 HTTP/1.1