Skip to content

Instantly share code, notes, and snippets.

View jpclipffel's full-sized avatar

JP. Clipffel jpclipffel

7 followers · 1 following
  • Switzerland
View GitHub Profile
@jpclipffel
jpclipffel / Splunk - Alert whitelist example.md
Last active November 3, 2018 08:48

Splunk - Simple alert whitelist

Whitelist definition

The CSV defines two columns:

  • alert_name: The Splunk alert on which the whitelisted IP (next column) is applied
  • The second column name must match with the alert field to whitelist

Example - src_ip_whitelist.csv

alert_name,      src_ip
@jpclipffel
jpclipffel / Python - argparse for Git-like CLI.md
Last active June 19, 2020 20:13
Argparse examples

Python - argparse for Git-like CLI

Git uses a really nice command-oriented command line interface (doesn't know a better name). Bellow a script showing how this can be reproduced in Python using argparse.

Usage

Tested on Python3+.
The following commands and sub-commands are implemented:

  • foo
  • bar
  • complex
@jpclipffel
jpclipffel / Splunk - Statistical Analysis Example
Created November 15, 2017 12:46
# Select the search space (index, sourcetype, eventtypes, ...) and basic filters (ip, range, ...)
index=* sourcetype="my_super_ids" src!=64.39.96.0/20
# Optional - Reduce the number of event types (optional).
| eval action=case(action="allowed", "allowed", action="blocked", "blocked", true(), "not_allowed")
# Group the results over the required dimensions (usually source/destination/action).
| stats count(action) as action_count by src, dest, action
# Reduce the dimensions count to facilitate the analysis.
@jpclipffel
jpclipffel / Python - Inheritance and new.py
Last active June 11, 2018 09:21
Example of Python's __new__ used in conjunction with inheritance
import sys
class Root:
# Derived class references.
# As the classes Alpha and Beta are not already defined, their names are
# stored instead of their reference ("Alpha" instead of Alpha).
__derived = {
"alpha": {"class": "Alpha", "count": 0},
@jpclipffel
jpclipffel / bash_flock.sh
Last active January 25, 2024 05:07
Bash flock example
#!/bin/bash
#
# Bash `flock` example.
# Works on: Linux, BSD
# Doesn't work on: MacOS
# The file which represent the lock.
LOCKFILE="`basename $0`.lock"
# Timeout in seconds.
@jpclipffel
jpclipffel / Python - Remove duplicates from list.py
Last active June 11, 2018 09:30
Remove duplicate items from a list in one line (with and without order preservation)
# Data set.
data = ['a', 'b', 'b', 'c', 'd', 'e', 'a', 'f', 'e']
# Solution 1 - Keep first occurence only (preserves the list order)
print([ v for p, v in enumerate(data) if v not in data[0:data.index(v, p)] ])
# Solution 2 - Keep last occurence only (preserves the list order)
print([ v for p, v in enumerate(data) if v not in data[data.index(v, p)+1:] ])
# Solution 3 - Using 'set' (do **not** preserve the list order !)
@jpclipffel
jpclipffel / cpp_class.cpp
Last active November 8, 2017 16:45
C++ 11 class prototype
#include "class.hh"
/**
* Default constructor.
* Initialize class attributs using initialization list.
*/
myClass::myClass():
number(42),
letter('A')
{
@jpclipffel
jpclipffel / chromium.sh
Created February 8, 2015 18:05
Chromium "better" launcher
#!/bin/bash
# A chromium launcher which disable some features but -sould- improve privacy
# and faster browsing.
# Flags list: http://peter.sh/experiments/chromium-command-line-switches/
CHROMIUM="chromium"
$CHROMIUM \
--incognito \
--cryptauth-http-host "" \
@jpclipffel
jpclipffel / C++ - Dynamic Library
Last active November 8, 2017 16:51
C++ module and module loader example
Example of an C++ module (== dynamic library which exports an object).
* cpp_imod.hh: Module interface;
* cpp_module.hh: Module implementation header;
* cpp_module.cpp: Module implementation source;
* cpp_modloader-dlfcn.cpp: Load and call module.