| const DESTINATION = '/home/itay/dest'; | |
| const SOURCE = '/run/user/1000/gvfs/mtp:host=%5Busb%3A001%2C013%5D/Internal shared storage/DCIM'; | |
| const { promisify } = require('util'); | |
| const { resolve, extname } = require('path'); | |
| const fs = require('fs'); | |
| const md5File = require('md5-file/promise'); | |
| const mkdirp = require('mkdirp'); |
| #get redis secret | |
| kubectl get secret echo-redis-ingest-secrets -o yaml | |
| echo '...' | base64 --decode | |
| #cli into redis | |
| kubectl exec -it echo-redis-ingest-server-0 -c redis redis-cli -- -a '...' | |
| llen echo:parsed:json | |
| llen echo:bulk:json |
| # State store required for KOPS | |
| $ export KOPS_STATE_STORE=gs://echo-kubernetes-clusters/ | |
| # Required flag for GCE | |
| $ export KOPS_FEATURE_FLAGS=AlphaAllowGCE | |
| # vim is causing me issues on my station | |
| $ export EDITOR=nano | |
| # Create the cluster |
| [{"id":"bf547258.3071f","type":"echo-watch-list-get","z":"d2217a1e.7327b8","name":"Check if VPN","property":"vpn","propertyType":"str","value":"payload.ip","valueType":"msg","x":470,"y":360,"wires":[["86492330.22551"]]},{"id":"b6a188fb.2fefa8","type":"echo-ioc-check","z":"d2217a1e.7327b8","name":"Check if IOC","property":"ip","propertyType":"str","value":"payload.ip","valueType":"msg","x":470,"y":640,"wires":[["399bd4d9.4fa94c"]]},{"id":"e93785bc.d24118","type":"echo-watch-list-get","z":"d2217a1e.7327b8","name":"Check blacklist","property":"blacklist","propertyType":"str","value":"payload.ip","valueType":"msg","x":710,"y":640,"wires":[["399bd4d9.4fa94c"]]},{"id":"3f14bdbf.f33fe2","type":"echo-ioc-check","z":"d2217a1e.7327b8","name":"Check if TOR","property":"tor","propertyType":"str","value":"payload.ip","valueType":"msg","x":230,"y":640,"wires":[["399bd4d9.4fa94c"]]},{"id":"399bd4d9.4fa94c","type":"echo-collect","z":"d2217a1e.7327b8","name":"Wait for checks","waitForInputs":"2","x":470,"y":800,"wires":[["6ac |
| { | |
| "policies": [{ | |
| "limitBy": "days", | |
| "limit": 30, | |
| "pattern": "echo-raw-*", | |
| "action": "close" | |
| }, { | |
| "limitBy": "days", | |
| "limit": 45, | |
| "pattern": "echo-raw-*", |
| - [ ] Reduce number of shields on each node | |
| - [ ] Reduce number of auth on each node | |
| - [ ] Start redis on node4 - redis_bulk | |
| - [ ] Guide parsers and bulks to read from redis_input and write to redis_bulk | |
| - [ ] Guide bulks to read from redis_bulk | |
| - [ ] Test modulo efficiency | |
| - [ ] Remove redis on node1 | |
| - [ ] Start redis on node2 - redis_input |
Test: 10,000 requests over 50 concurrent connections to _cat/indices
Current version:
ab -n 10000 -c 50 -A admin:echo https://127.0.0.1:9201/_cat/indices
This is ApacheBench, Version 2.3 <$Revision: 1796539 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
| #!/bin/sh | |
| docker run -it --rm --name playground-ingest -v $(pwd)/sample.conf:/config-dir/logstash.conf registry.echo-security.co/joola/echo-collector:6.0 -f /config-dir/logstash.conf |
| { | |
| "username": "bulk", | |
| "roles": { | |
| "bulk": { | |
| "name": "bulk", | |
| "cluster": ["cluster:monitor/*", "cluster:admin/template/*"], | |
| "indices": [{ | |
| "names": ["*"], | |
| "privileges": ["indices:data/write/update", | |
| "indices:data/write/bulk", |
| Center: 35.0354,31.9428,7 | |
| Box: 34.162,29.4826,35.8868,33.3168 |