Skip to content

Instantly share code, notes, and snippets.

View event_cleanup.py
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""Script to cleanup Event Service channel. Based on pancloud"""
import os
import sys
import json
import logging
@jtschichold
jtschichold / appframework-refresh.py
Last active Apr 18, 2018
Small utility to refresh/generate new Access-Token for AppFramework
View appframework-refresh.py
#!/usr/bin/env python
# Copyright (c) 2018, Palo Alto Networks
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
@jtschichold
jtschichold / minemeld-sync.py
Last active Apr 2, 2021
Utility for synchronizing a list of indicators with a MineMeld local DB Miner (Python 2.7.9+)
View minemeld-sync.py
#!/usr/bin/env python
# Copyright 2015-present Palo Alto Networks, Inc
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
@jtschichold
jtschichold / generate-certificate.sh
Last active Nov 3, 2017
Shell script to generate a new CA and a new certificate on MineMeld instances
View generate-certificate.sh
#!/bin/bash
# set -x
set -e
if [ -z "$1" ]; then
echo "Usage: $0 <minemeld hostname>" 1>&2
exit 1
fi
@jtschichold
jtschichold / TAXII-1.1.postman_collection.json
Last active Oct 14, 2019
Simple Postman Collection for TAXII 1.1 Requests
View TAXII-1.1.postman_collection.json
{
"variables": [],
"info": {
"name": "TAXII-1.1 (0.1)",
"_postman_id": "f355c2a2-5d3e-6f5b-f957-afe4d5646d7a",
"description": "Simple collection of TAXII 1.1 requests.\nYou need an environment with the following keys to run this:\n- hostname: hostname of the TAXII server\n- collection: name of the collection to poll (needed only for Poll Request)\n\nDiscovery request points to {{hostname}}/taxii-discovery-service\n\nCollection Information Request points to {{hostname}}/taxii-collection-management-service\n\nPoll Request to {{hostname}}/taxii-poll-service",
"schema": "https://schema.getpostman.com/json/collection/v2.0.0/collection.json"
},
"item": [
{
@jtschichold
jtschichold / pan_rsyslog_rb.py
Last active Dec 30, 2019
Generate mmnormalize rulebase for Palo Alto Networks NGFW logs
View pan_rsyslog_rb.py
THREAT_FIELDS_5_0 = ["future_use1","receive_time","serial_number","@THREAT","log_subtype","future_use2",
"generated_time","src_ip","dest_ip","src_translated_ip","dest_translated_ip","rule","src_user",
"dest_user","app","virtual_system","src_zone","dest_zone","src_interface","dest_interface",
"log_forwarding_profile","future_use3","session_id","repeat_count","src_port","dest_port",
"src_translated_port","dest_translated_port","flags","protocol","action","misc","threat_name",
"category","severity","direction","sequence_number","action_flags","src_location","dest_location",
"future_use4","content_type"]
THREAT_FIELDS_6_0 = THREAT_FIELDS_5_0 + ["pcap_id", "url_idx", "cloud_address"]