predictiple

name: Custom.Server.UpdateArtifacts
description: |
  Reloads custom artifacts every 5 minutes.
  Note that artifact_prefix is required.
  Change the ModTime filter if you don't want to only load files that have
  been updated in the last hour.

type: SERVER_EVENT

parameters:

predictiple

rule pe_32 {
condition:
  uint16(0) == 0x5A4D and
        uint32(uint32(0x3C)) == 0x00004550
}

rule pe_dos {
condition:
  uint16(0) == 0x5A4D 
}

predictiple

input {

  http {
    port => 9200
    additional_codecs => { "application/json" => "es_bulk" }
    response_headers => {
        "Access-Control-Allow-Origin" => "*"
        "Content-Type" => "application/json"
        "Access-Control-Allow-Headers" => "Origin, X-Requested-With, Content-Type, Accept"
    }

predictiple

/(?!(^windows|^[$]windows.*|^users|^intel|^dell|^esd|^msocache|^drivers|^recovery|^program.+|^pastel.*)).+
/windows/(?!(^assembly|^boot|^branding|^ccm.*|^csc|^cursors|^debug|^diagnostics|^ehome|^en-.*|^fonts|^globalization|^help|^ime|^inf|^installer|^l2schemas|^media|^microsoft.+|^migration|^performance|^pla|^policydefinitions|^rescache|^resources|^schemas|^servicing|^softwaredistribution|^speech|^system32|^twain_32|^web|^winsxs|^syswow64|^sxsback)).*
/windows/system32/(?!(^boot|^backupfiles|^catroot|^dism|^driverstore|^en-us|^ime|^migwiz|^manifeststore|^oobe|^speech|^spool|^spp|^wbem|^wdi|^drivers|^softwaredistribution)).*
/users/.+/(?!(appdata|desktop)).*
/users/.+/desktop/(?!stik)/(?!(bally)).*
/users/.+/appdata/.+/(?!(^temp|^packages|^microsoft|^google|^mozilla|^grouppolicy|^adobe|^apple)).*
/users/.+/appdata/.+/microsoft/.+/(?!(^inetcache|^temporary|^notifications|^tiles)).*
/users/.+/appdata/.+/google/.+/.+/.+/(?!(^extensions|^storage|^cache)).*
/users/.+/appdata/.+/mozilla/.+/.+/(?!(^.+default)).*
/pro

predictiple

################################################################################
## 
## file name: qradar2graylog.nxlog
##
## purpose:   parser / configuration file that tells nxlog how to read
##            qradar csv exports and put them into graylog via gelf
##
## notes:     expects these *exact* fields in the qradar csv export:
##                Start Time
##                Log Source

predictiple

sudo apt-get update
sudo apt-get upgrade
sudo apt-get install build-essential libncurses5-dev

sudo pip install -U pip pyopenssl ndg-httpsclient pyasn1 requests readline

sudo pip install python-dateutil==2.4.2 distorm3 rekall docopt python-evtx python-registry six construct pefile analyzeMFT python-magic argparse unicodecsv stix stix-validator timesketch lxml ioc_writer colorama usnparser windowsprefetch

predictiple

name: py3
dependencies:
- anaconda-client=1.2.2=py34_0
- backports_abc=0.4=py34_0
- bcolz=0.12.1=np110py34_0
- blaze=0.9.0=py34_0
- blaze-core=0.9.0=py34_0
- bokeh=0.11.1=py34_0
- cairo=1.12.18=6
- certifi=2015.9.6.2=py34_0

predictiple

name: py2
dependencies:
- anaconda-client=1.2.2=py27_0
- apptools=4.2.1=py27_0
- backports_abc=0.4=py27_0
- bcolz=0.11.3=py27_0
- blaze=0.9.0=py27_0
- blaze-core=0.9.0=py27_0
- bokeh=0.11.1=py27_0
- cairo=1.12.18=6

predictiple

@import url(https://fonts.googleapis.com/css?family=Roboto+Condensed:400,300,700&subset=latin,latin-ext);
@import url(https://fonts.googleapis.com/css?family=Roboto+Slab&subset=latin,latin-ext);

table.dataframe {
    border-collapse: collapse;
    border: none;
}
table.dataframe tr {
    border: none;
}

predictiple

!#/bin/bash

find . -type f -iname "*.avi" -print | while read line; do
  duration=$(ffprobe -i $line 2>&1 > /dev/null |grep Duration |cut -d',' -f1 |cut -d' ' -f4)
  framerate=$(ffprobe -i $line 2>&1 > /dev/null |grep Stream |cut -d',' -f4 |cut -d' ' -f2)
  bitrate=$(ffprobe -i $line 2>&1 > /dev/null |grep Duration |cut -d',' -f3 |cut -d' ' -f3-)
  modified=$(stat $line |grep Modify |cut -d' ' -f3 |cut -d'.' -f1)
  file=$(echo $line | cut -d'/' -f2)
  echo $file,$framerate,$bitrate,$duration,$modified >> times_temp1.csv
done