Skip to content

Instantly share code, notes, and snippets.

View jayswan's full-sized avatar

Jay Swan jayswan

69 followers · 19 following
View GitHub Profile
@jayswan
jayswan / plixer_log_count.py
Created November 25, 2014 16:29
Count Plixer log entries
from collections import defaultdict
from operator import itemgetter
import sys
FILENAME = sys.argv[1]
class SimpleCounter(defaultdict):
""" Scrutinizer ships with Python 2.6 and doesn't have the Counter object
from collections. This is a simple version of it.
"""
@jayswan
jayswan / gist:b1998ac7226c08a18cb8
Last active November 18, 2016 14:41
.vimrc simple
syntax enable
set ruler
set nobackup
set nocompatible
set encoding=utf-8
set showcmd
set number
set background=dark
"" Indentation
@jayswan
jayswan / gist:c04eee5287cc7cbc5ea1
Created March 1, 2015 03:08
{
"query": {
"filtered": {
"filter": {
"bool": {
"must": [
{
"term": {
"EventID": 4728
}
@jayswan
jayswan / gist:3a7621d909b15c832cfb
Last active August 29, 2015 14:16
In [142]: d
Out[142]: {'TargetUserName.raw': 'Domain Admins'}
In [143]: tt = Search(using=es,index=i)\
.filter('term',**d).filter('term',EventID=4728)
@jayswan
jayswan / gist:d4ddd71a35bb5f1ad86f
Last active August 29, 2015 14:16
In [144]: tt = Search(using=es,index=i)\
.filter('term',TargetUserName.raw='Domain Admins')\
.filter('term',EventID=4728)
File "<ipython-input-144-1b746eb83e6f>", line 1
tt = Search(using=es,index=i)\
.filter('term',TargetUserName.raw='Domain Admins')\
.filter('term',EventID=4728)
SyntaxError: keyword can't be an expression
@jayswan
jayswan / gist:a8d9920ef74516a02fe1
Last active March 11, 2022 15:33
Elasticsearch Python bulk index API example
>>> import itertools
>>> import string
>>> from elasticsearch import Elasticsearch,helpers
es = Elasticsearch()
>>> # k is a generator expression that produces
... # a series of dictionaries containing test data.
... # The test data are just letter permutations
... # created with itertools.permutations.
... #
... # We then reference k as the iterator that's
@jayswan
jayswan / data_pipleline_videos.md
Last active January 28, 2016 23:07
Data Pipeline Videos
@jayswan
jayswan / aws2ipset.sh
Created February 19, 2016 17:08
Convert AWS IP Prefixes to SiLK IP Set
#!/bin/sh
curl -s https://ip-ranges.amazonaws.com/ip-ranges.json | \
jq --raw-output '.prefixes | map(.ip_prefix) | .[]' > prefixes.txt
rwsetbuild prefixes.txt aws.ipset
@jayswan
jayswan / googips.sh
Created February 25, 2016 04:11
Get a List of Google CIDR Blocks
dig @8.8.8.8 +short txt _netblocks.google.com | awk '{gsub("ip4:","");for (col=2; col<NF;++col) print $col}'
@jayswan
jayswan / add-json.bro
Created April 28, 2016 20:54 — forked from J-Gras/add-json.bro
Additional JSON logging for Bro.
# Add additional JSON logging
module Log;
export {
## Enables JSON-logfiles for all active streams
const enable_all_json = T &redef;
## Streams not to generate JSON-logfiles for
const exclude_json: set[Log::ID] = { } &redef;
## Streams to generate JSON-logfiles for