This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Custom.Server.UpdateArtifacts | |
description: | | |
Reloads custom artifacts every 5 minutes. | |
Note that artifact_prefix is required. | |
Change the ModTime filter if you don't want to only load files that have | |
been updated in the last hour. | |
type: SERVER_EVENT | |
parameters: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rule pe_32 { | |
condition: | |
uint16(0) == 0x5A4D and | |
uint32(uint32(0x3C)) == 0x00004550 | |
} | |
rule pe_dos { | |
condition: | |
uint16(0) == 0x5A4D | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
input { | |
http { | |
port => 9200 | |
additional_codecs => { "application/json" => "es_bulk" } | |
response_headers => { | |
"Access-Control-Allow-Origin" => "*" | |
"Content-Type" => "application/json" | |
"Access-Control-Allow-Headers" => "Origin, X-Requested-With, Content-Type, Accept" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/(?!(^windows|^[$]windows.*|^users|^intel|^dell|^esd|^msocache|^drivers|^recovery|^program.+|^pastel.*)).+ | |
/windows/(?!(^assembly|^boot|^branding|^ccm.*|^csc|^cursors|^debug|^diagnostics|^ehome|^en-.*|^fonts|^globalization|^help|^ime|^inf|^installer|^l2schemas|^media|^microsoft.+|^migration|^performance|^pla|^policydefinitions|^rescache|^resources|^schemas|^servicing|^softwaredistribution|^speech|^system32|^twain_32|^web|^winsxs|^syswow64|^sxsback)).* | |
/windows/system32/(?!(^boot|^backupfiles|^catroot|^dism|^driverstore|^en-us|^ime|^migwiz|^manifeststore|^oobe|^speech|^spool|^spp|^wbem|^wdi|^drivers|^softwaredistribution)).* | |
/users/.+/(?!(appdata|desktop)).* | |
/users/.+/desktop/(?!stik)/(?!(bally)).* | |
/users/.+/appdata/.+/(?!(^temp|^packages|^microsoft|^google|^mozilla|^grouppolicy|^adobe|^apple)).* | |
/users/.+/appdata/.+/microsoft/.+/(?!(^inetcache|^temporary|^notifications|^tiles)).* | |
/users/.+/appdata/.+/google/.+/.+/.+/(?!(^extensions|^storage|^cache)).* | |
/users/.+/appdata/.+/mozilla/.+/.+/(?!(^.+default)).* | |
/pro |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
################################################################################ | |
## | |
## file name: qradar2graylog.nxlog | |
## | |
## purpose: parser / configuration file that tells nxlog how to read | |
## qradar csv exports and put them into graylog via gelf | |
## | |
## notes: expects these *exact* fields in the qradar csv export: | |
## Start Time | |
## Log Source |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sudo apt-get update | |
sudo apt-get upgrade | |
sudo apt-get install build-essential libncurses5-dev | |
sudo pip install -U pip pyopenssl ndg-httpsclient pyasn1 requests readline | |
sudo pip install python-dateutil==2.4.2 distorm3 rekall docopt python-evtx python-registry six construct pefile analyzeMFT python-magic argparse unicodecsv stix stix-validator timesketch lxml ioc_writer colorama usnparser windowsprefetch |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: py3 | |
dependencies: | |
- anaconda-client=1.2.2=py34_0 | |
- backports_abc=0.4=py34_0 | |
- bcolz=0.12.1=np110py34_0 | |
- blaze=0.9.0=py34_0 | |
- blaze-core=0.9.0=py34_0 | |
- bokeh=0.11.1=py34_0 | |
- cairo=1.12.18=6 | |
- certifi=2015.9.6.2=py34_0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: py2 | |
dependencies: | |
- anaconda-client=1.2.2=py27_0 | |
- apptools=4.2.1=py27_0 | |
- backports_abc=0.4=py27_0 | |
- bcolz=0.11.3=py27_0 | |
- blaze=0.9.0=py27_0 | |
- blaze-core=0.9.0=py27_0 | |
- bokeh=0.11.1=py27_0 | |
- cairo=1.12.18=6 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@import url(https://fonts.googleapis.com/css?family=Roboto+Condensed:400,300,700&subset=latin,latin-ext); | |
@import url(https://fonts.googleapis.com/css?family=Roboto+Slab&subset=latin,latin-ext); | |
table.dataframe { | |
border-collapse: collapse; | |
border: none; | |
} | |
table.dataframe tr { | |
border: none; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
!#/bin/bash | |
find . -type f -iname "*.avi" -print | while read line; do | |
duration=$(ffprobe -i $line 2>&1 > /dev/null |grep Duration |cut -d',' -f1 |cut -d' ' -f4) | |
framerate=$(ffprobe -i $line 2>&1 > /dev/null |grep Stream |cut -d',' -f4 |cut -d' ' -f2) | |
bitrate=$(ffprobe -i $line 2>&1 > /dev/null |grep Duration |cut -d',' -f3 |cut -d' ' -f3-) | |
modified=$(stat $line |grep Modify |cut -d' ' -f3 |cut -d'.' -f1) | |
file=$(echo $line | cut -d'/' -f2) | |
echo $file,$framerate,$bitrate,$duration,$modified >> times_temp1.csv | |
done |
NewerOlder