The CSV defines two columns:
alert_name
: The Splunk alert on which the whitelisted IP (next column) is applied- The second column name must match with the alert field to whitelist
alert_name, src_ip
Git uses a really nice command-oriented command line interface (doesn't know a better name). Bellow a script showing
how this can be reproduced in Python using argparse
.
Tested on Python3+.
The following commands and sub-commands are implemented:
foo
bar
complex
# Select the search space (index, sourcetype, eventtypes, ...) and basic filters (ip, range, ...) | |
index=* sourcetype="my_super_ids" src!=64.39.96.0/20 | |
# Optional - Reduce the number of event types (optional). | |
| eval action=case(action="allowed", "allowed", action="blocked", "blocked", true(), "not_allowed") | |
# Group the results over the required dimensions (usually source/destination/action). | |
| stats count(action) as action_count by src, dest, action | |
# Reduce the dimensions count to facilitate the analysis. |
import sys | |
class Root: | |
# Derived class references. | |
# As the classes Alpha and Beta are not already defined, their names are | |
# stored instead of their reference ("Alpha" instead of Alpha). | |
__derived = { | |
"alpha": {"class": "Alpha", "count": 0}, |
#!/bin/bash | |
# | |
# Bash `flock` example. | |
# Works on: Linux, BSD | |
# Doesn't work on: MacOS | |
# The file which represent the lock. | |
LOCKFILE="`basename $0`.lock" | |
# Timeout in seconds. |
# Data set. | |
data = ['a', 'b', 'b', 'c', 'd', 'e', 'a', 'f', 'e'] | |
# Solution 1 - Keep first occurence only (preserves the list order) | |
print([ v for p, v in enumerate(data) if v not in data[0:data.index(v, p)] ]) | |
# Solution 2 - Keep last occurence only (preserves the list order) | |
print([ v for p, v in enumerate(data) if v not in data[data.index(v, p)+1:] ]) | |
# Solution 3 - Using 'set' (do **not** preserve the list order !) |
#include "class.hh" | |
/** | |
* Default constructor. | |
* Initialize class attributs using initialization list. | |
*/ | |
myClass::myClass(): | |
number(42), | |
letter('A') | |
{ |
#!/bin/bash | |
# A chromium launcher which disable some features but -sould- improve privacy | |
# and faster browsing. | |
# Flags list: http://peter.sh/experiments/chromium-command-line-switches/ | |
CHROMIUM="chromium" | |
$CHROMIUM \ | |
--incognito \ | |
--cryptauth-http-host "" \ |
Example of an C++ module (== dynamic library which exports an object). | |
* cpp_imod.hh: Module interface; | |
* cpp_module.hh: Module implementation header; | |
* cpp_module.cpp: Module implementation source; | |
* cpp_modloader-dlfcn.cpp: Load and call module. |