Isaque Profeta isaqueprofeta

## opencti_docker_ubuntu22.sh
#!/bin/bash

# DEFINA AS CREDENCIAIS E CUSTOMIZACOES AQUI
export OPENCTI_BASE_URL="http://localhost:8080"
export OPENCTI_ADMIN_EMAIL="admin@opencti.io"
export OPENCTI_ADMIN_PASSWORD="ChangeMePlease"
export RABBITMQ_DEFAULT_USER="guest"
export RABBITMQ_DEFAULT_PASS="guest"
export SMTP_HOSTNAME="localhost"
export ELASTIC_MEMORY_SIZE="4G"

## .000_Como_Usar.md

      
              3 files
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                isaqueprofeta
                / .000_Como_Usar.md
            
            
              Last active
              January 15, 2024 12:52
            
              
                Elastic Trial Docker
              
          
    Elastic Trial Docker

Como usar


Copiar ambos os arquivos desde gist (Os arquivos abaixo, chamados .env e docker-compose.yml) dentro de um diretório e acessar esse diret
Editar o .env com as opções de credencial

Para usar sem o trial, trocar no .env o LICENSE para basic: LICENSE=basic


Ligando o ambiente

Rodar o docker-compose up -d
Rodar o docker-compose logs -f kibana


Aguardar o Kibana parar de carregar mensagens por mais de 30 segundos (quer dizer que ele terminou de carregar)


## zabbix60_ubuntu22_timescaledb_nginx.sh
#!/bin/bash

DATABASE_PASSWORD=${1:-Z4bb1xD4t4b4s3}

echo "######################################################################"
echo "                        INSTALACAO DO ZABBIX                          "
echo "                     SISTEMA OPERACIONAL UBUNTU                       "
echo "######################################################################"
echo "                          FONTE DO SCRIPT:                            "
echo "           https://github.com/isaqueprofeta/zabbix-pipe2bash/         "

## cria_pendrive_bootavel.sh
#!/bin/bash

PATHTOISO = $1
DISKTOWRITE = $2

dd bs=4M if=$PATHTOISO of=$DISKTOWRITE conv=fdatasync

## siem_training.md

      
              1 file
            
          
              33 forks
            
          
              5 comments
            
          
              128 stars
            
          
                isaqueprofeta
                / siem_training.md
            
            
              Last active
              April 19, 2024 17:54
            
              
                SIEM Training
              
          
    SIEM Training

ATTENTION, THIS GIST ISN'T FREQUENTLY UPDATED
MAIN SOURCE: https://github.com/isaqueprofeta/cybersec-path
General


Jose Bravo - What is a SIEM? (5 Vídeos): https://www.youtube.com/watch?v=MtqFMe4zSpQ&list=PLHh9jhztlMyp8lyKXt9orVM57ygW_ihPS
IPPSec - PowerSIEM Analyzing Sysmon Events with PowerShell: https://www.youtube.com/watch?v=MvfhIydxFmw


## CONTEXT.md

      
              2 files
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                isaqueprofeta
                / CONTEXT.md
            
            
              Last active
              July 6, 2022 23:42
            
              
                Zabbix JS Script item for count of day-before Alerts
              
          
Where?
https://t.me/ZabbixTech


Question:
Hi team...is there any query where we can get the count of alarms raised per day?


Answer:
Since version 6.0 you can create an API key and then do an JavaScript Script Item to check the information from Zabbix API using time_from and time_till parameters to filter the day before.
Didn't tested, just prototyped the idea below, and before trying the code, remember to add the "url" and "apikey" to the item Parameters, (and please use a macro with vault for your apikey), in this case I'd configure the item interval as an scheduled one to run everyday at 1 or 2 AM:


## 00-README.md

      
              4 files
            
          
              1 fork
            
          
              0 comments
            
          
              1 star
            
          
                isaqueprofeta
                / 00-README.md
            
            
              Created
              April 24, 2022 18:36
            
              
                Laboratório de eventos real-time do Zabbix para OpenSearch usando Logstash
              
          
    Laboratório de eventos real-time do Zabbix para OpenSearch usando Logstash

TL;DR: O ingestão e atualizaçao dos dados foi feita com sucesso, a PoC terminou no ponto onde o Logstash para o OpenSearch não se mostrou interessante do ponto de vista de não ter recursos (que em pesquisa existem plugins do logstash para a versão proprietária do ElasticSearch) para calcular em novos campos no processo de atualização o tempo de duração dos eventos para facilitar o desenvolvimento de dashboards de apresentação de dados. Concluindo-se assim que seria mais interessante um python no lugar do logstash para executar funções de "update by query".
Composição


Logstash para processamento dos dados vindos de triggers do real-time export do Zabbix
OpenSearch para armazenamento e pesquisa
OpenSearch Dashboards para analise de dados e dashboard


## zabbix60_rocky8_timescaledb_nginx.sh
#!/bin/bash

DATABASE_PASSWORD=${1:-Z4bb1xD4t4b4s3}

echo "######################################################################"
echo "                        INSTALACAO DO ZABBIX                          "
echo "           SISTEMAS OPERACIONAIS RHEL-LIKE ROCKY/ALMA LINUX           "
echo "######################################################################"
echo "                          FONTE DO SCRIPT:                            "
echo "           https://github.com/isaqueprofeta/zabbix-pipe2bash          "

## zabbix60_bullseye_timescaledb_nginx.sh
#!/bin/bash

DATABASE_PASSWORD=${1:-Z4bb1xD4t4b4s3}

echo "######################################################################"
echo "                        INSTALACAO DO ZABBIX                          "
echo "                     SISTEMA OPERACIONAL DEBIAN                       "
echo "######################################################################"
echo "                          FONTE DO SCRIPT:                            "
echo "           https://github.com/isaqueprofeta/zabbix-pipe2bash          "

## nerdfonts_ttf.sh
#!/bin/bash
for i in $(curl -sk https://github.com/ryanoasis/nerd-fonts/releases | grep 'releases/download/v2.1.0/' | cut -d'"' -f 2) do
  wget https://github.com/$i
done
find . -name "*.zip" -type f -exec unzip {} "*.ttf" \;
	#!/bin/bash

	# DEFINA AS CREDENCIAIS E CUSTOMIZACOES AQUI
	export OPENCTI_BASE_URL="http://localhost:8080"
	export OPENCTI_ADMIN_EMAIL="admin@opencti.io"
	export OPENCTI_ADMIN_PASSWORD="ChangeMePlease"
	export RABBITMQ_DEFAULT_USER="guest"
	export RABBITMQ_DEFAULT_PASS="guest"
	export SMTP_HOSTNAME="localhost"
	export ELASTIC_MEMORY_SIZE="4G"
	#!/bin/bash

	DATABASE_PASSWORD=${1:-Z4bb1xD4t4b4s3}

	echo "######################################################################"
	echo " INSTALACAO DO ZABBIX "
	echo " SISTEMA OPERACIONAL UBUNTU "
	echo "######################################################################"
	echo " FONTE DO SCRIPT: "
	echo " https://github.com/isaqueprofeta/zabbix-pipe2bash/ "
	#!/bin/bash

	PATHTOISO = $1
	DISKTOWRITE = $2

	dd bs=4M if=$PATHTOISO of=$DISKTOWRITE conv=fdatasync
	#!/bin/bash
	for i in $(curl -sk https://github.com/ryanoasis/nerd-fonts/releases \| grep 'releases/download/v2.1.0/' \| cut -d'"' -f 2) do
	wget https://github.com/$i
	done
	find . -name ".zip" -type f -exec unzip {} ".ttf" \;