If you need to decomission a node the first thing you should do is transfer all shards from it to other nodes
This command will tell ElasticSearch to:
| {"severity":2,"customFields":{},"description":"Case Created from a MISP event","tags":["misp","from-misp-event"],"name":"MISP-EVENT","tlp":2,"titlePrefix":"[MISP]","metrics":{},"pap":2,"tasks":[{"title":"Scratchpad","order":0,"group":"Scratchpad"},{"title":"Peers & Partners","order":1,"group":"Comms"},{"title":"Other","order":2,"group":"Comms"},{"title":"Detection && Identification","order":3,"group":"IR-Step2"},{"title":"Analysis && Digital Forensics","order":4,"group":"IR-Step2"},{"title":"Containment","order":5,"group":"IR-Step3"},{"title":"Eradication","order":6,"group":"IR-Step4"},{"title":"Recovery","order":7,"group":"IR-Step5"},{"title":"Lessons Learned","order":8,"group":"IR-Step6"}],"status":"Ok"} |
| #!/bin/bash | |
| # Filename: showdupes.sh | |
| # source: http://brakertech.com/compare-two-files-and-print-lines-that-match/ | |
| # this file takes two text files as input | |
| # sorts them and outputs lines from | |
| # file 2 that match file 1 | |
| if [ -f "$1" ] && [ -f "$2" ] | |
| then | |
| awk 'NR==FNR{arr[$0];next} $0 in arr' $1.tmp $2.tmp; |
| https://attack.mitre.org/wiki/ATT&CK_Matrix | |
| Convert pcapng to pcapng | |
| tshark -F pcap -r /Users/sstonebraker/Downloads/capture_ilch1dc02p.pcapng -w /Users/sstonebraker/Downloads/capture_ilch1dc02p.pcap | |
| recursively convert pcapng files to pcap | |
| find . -type f -name '*.pcapng' -print0 | while IFS= read -r -d '' f; do tshark -F pcap -r "$f" -w "${f%.pcapng}.pcap"; done |
| Replace 'X' with the domain name of your choice | |
| # Back link | |
| link:X -site:X | |
| # Sub domain | |
| site:X -site:www.X | |
| # Url | |
| inurl:X -site:X |
| #!/bin/bash | |
| # Usage: ./ipinfo.sh file_containing_one_ip_per_line | |
| filename=$1 | |
| ipAddresses=`cat $filename` | |
| `echo "" > out.txt` #To empty the file | |
| readonly ourPath="$(dirname $0)" |
| # Add this to your bash profile | |
| ipextract () { | |
| # example: ipextract < filename | |
| egrep --only-matching -E '(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)' | |
| } |
| #!/bin/bash | |
| ######################################################################### | |
| # # | |
| # # | |
| # NATO String converter # | |
| # # | |
| # Description: converts string (first parameter given) # | |
| # to NATO phonetics-alphabet # | |
| # # |
| # ediscovery_search_exported_msg_files.ps1 | |
| # Search through exported .msg files from content search (exchange compliance center) and return a spreadsheet of email addresses and matched URLs | |
| # Kill outlook | |
| cmd.exe /c "taskkill /F /IM outlook.exe /T 2> nul" | |
| $scriptPath = $(split-path $myinvocation.mycommand.definition) | |
| $inputPath = "$($scriptPath)\inputMails" | |
| # Find all .msg files recursively |
| #!/bin/bash | |
| # get_amis.sh | |
| # Return a list of all ami's in use in aws | |
| aws ec2 describe-instances --query 'Reservations[*].Instances[*].[ImageId,Tags[*]]' | grep ami | perl -pi -e "s/,//g;" | perl -pi -e "s/\"//g;" | perl -pi -e "s/\s+/\n/g;" | grep -v "^$" |