Keith Lehigh klehigh
klehigh
/ gist:e9bfb566f4707bd8e45b7ff37902f97d
Created
March 4, 2020 20:43
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # | |
| # Wrapper for viewing/setting options that the plugin's CMake | |
| # scripts will recognize. | |
| # | |
| # Don't edit this. Edit configure.plugin to add plugin-specific options. | |
| # | |
| set -e | |
| command="$0 $*" |
klehigh
/ bro_field_counter.sh
Last active
August 29, 2015 14:15
bash script to output bro log fields
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # Provide field numbers for valid Bro logs | |
| # Author: Keith Lehigh <klehigh@iu.edu> | |
| # use bash strict mode | |
| set -euo pipefail | |
| IFS=$'\n\t' | |
| ### |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # add peer data to connection records | |
| redef record Conn::Info += { | |
| peer: string &log &optional; | |
| }; | |
| event connection_state_remove(c: connection) { | |
| if ( c?$conn ) | |
| c$conn$peer = peer_description; | |
| } |
klehigh
/ gist:6903342
Created
October 9, 2013 15:45
patch CIF Bro.pm to support Bro 2.2 Intel Framework
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- Bro.pm.old 2013-10-09 14:53:40.205618890 +0000 | |
| +++ Bro.pm 2013-10-09 13:19:57.575611679 +0000 | |
| @@ -16,7 +16,7 @@ | |
| my @config_search_path = ('claoverride', $feed->{'query'}, 'client' ); | |
| - $result = "#fields\thost\tnet\tstr\tstr_type\tmeta.source\tmeta.desc\tmeta.url\tmeta.cif_impact\tmeta.cif_severity\tmeta.cif_confidence\n"; | |
| + $result = "#fields\tindicator\tindicator_type\tmeta.source\tmeta.desc\tmeta.url\tmeta.cif_impact\tmeta.cif_severity\tmeta.cif_confidence\n"; | |
| foreach my $a (@array){ |