Skip to content

Instantly share code, notes, and snippets.

View vpiserchia's full-sized avatar

vpiserchia

26 followers · 95 following
  • Switzerland
View GitHub Profile
@SwitHak
SwitHak / 20211210-TLP-WHITE_LOG4J.md
Last active June 22, 2024 10:52
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC

Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)

Errors, typos, something to say ?

  • If you want to add a link, comment or send it to me
  • Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak

Other great resources

  • Royce Williams list sorted by vendors responses Royce List
  • Very detailed list NCSC-NL
  • The list maintained by U.S. Cybersecurity and Infrastructure Security Agency: CISA List
@iamhowardtheduck
iamhowardtheduck / moloch-ecs
Last active January 14, 2021 14:55
Moloch ECS Conversion Pipeline
PUT _ingest/pipeline/moloch-ecs
{
"description": "Ingest Moloch indices in ECS format.",
"processors": [
{
"rename": {
"field": "dstIp",
"target_field": "destination.ip",
"description": "DESTINATION IP",
"ignore_missing": true,
@mrpeardotnet
mrpeardotnet / PVE-HP-ssacli-smart-storage-admin.md
Created November 25, 2019 22:10
HP Smart Storage Admin CLI (ssacli) installation and usage on Proxmox PVE (6.x)

HP Smart Storage Admin CLI (ssacli) installation and usage on Proxmox PVE (6.x)

Why use HP Smart Storage Admin CLI?

You can use ssacli (smart storage administrator command line interface) tool to manage any of supported HP Smart Array Controllers in your Proxmox host without need to reboot your server to access Smart Storage Administrator in BIOS. That means no host downtime when managing your storage.

CLI is not as convenient as GUI interface provided by BIOS or desktop utilities, but still allows you to fully manage your controller, physical disks and logical drives on the fly with no Proxmox host downtime.

ssacli replaces older hpssacli, but shares the same syntax and adds support for newer servers and controllers.

Installation

@webmat
webmat / grok_fields.rb
Created March 13, 2019 02:38
Script to list all fields in Logstash grok patterns
PATTERNS_GLOB = ENV['PATTERNS_GLOB'] || '~/work/elastic/plugins/logstash-patterns-core/patterns/*'
FIELD_MATCHER = /{\w+:([^}]+)}/
ECS = %w(labels agent client cloud container destination ecs error event file
geo group host http log network observer organization os process
related server service source url user user_agent)
field_names = {}
puts "File name\tField\tLine\tPosition\tConflict"
Dir[PATTERNS_GLOB].each do |file|
@mjuric
mjuric / kafka-useful-commands.md
Last active May 24, 2024 14:06
Useful Kafka wrangling commands

Utilities you'll care about

All these are already installed on epyc.

  • kafkacat (conda install -c conda-forge kafkacat)

  • kt (grab it from https://github.com/fgeller/kt/releases)

  • kafka-* (come with kafka, if you yum install if from Confluent's repo, or via Docker if you're so inclined). Warning -- JVM based and dreadfully slow.

  • jq (conda install -c conda-forge jq or use your favorite package manager)

@zodvik
zodvik / benchmark-commands.txt
Last active December 18, 2022 12:45
Kafka (1.0.0) Benchmark Commands
Producer
Setup
bin/kafka-topics.sh --zookeeper localhost:2181/kafka-local --create --topic test-rep-one --partitions 6 --replication-factor 1
bin/kafka-topics.sh --zookeeper localhost:2181/kafka-local --create --topic test-rep-two --partitions 6 --replication-factor 3
Single thread, no replication
bin/kafka-run-class.sh org.apache.kafka.tools.ProducerPerformance --print-metrics --topic test-rep-one --num-records 6000000 --throughput 100000 --record-size 100 --producer-props bootstrap.servers=kafka_host:9092 buffer.memory=67108864 batch.size=8196
Single-thread, async 3x replication
@markuskont
markuskont / scirius.service
Created February 6, 2018 10:04
[Unit]
Description=scirius daemon
After=network.target
[Service]
User=www-data
Group=www-data
WorkingDirectory=/usr/share/python/scirius
ExecStart=/usr/share/python/scirius/bin/gunicorn --log-syslog -t 600 -w 4 --bind unix:/tmp/scirius.sock scirius.wsgi:application
Environment=VIRTUAL_ENV=/usr/share/python/scirius
Environment=GIT_PYTHON_GIT_EXECUTABLE=/usr/bin/git
@unreal4u
unreal4u / 50-httpd-php.conf
Last active February 19, 2022 12:00
Filter for logstash for access and error logs generated by apache2.(2|4) and php7
filter {
# Analyze access log
if [fields][type] == "apache-access" {
# First part: get every common message
grok {
match => { "message" => "^%{IP:[apache2][access][remote_ip]} %{USER:ident} %{USER:auth} \[%{HTTPDATE:timestamp}\] " }
overwrite => "message"
}
# Get the specifics
@andromedarabbit
andromedarabbit / elastalert-rule.yaml
Created March 3, 2017 15:44
ElastAlert rule example
# Alert when the rate of events exceeds a threshold
# (Required)
# Rule name, must be unique
name: OutOfMemoryError
# (Required)
# Type of alert.
# the frequency rule type alerts when num_events events occur with timeframe time
type: frequency
@jsvd
jsvd / README.md
Last active June 13, 2024 00:05
logstash grok filter benchmark script

Requirements:

  • JDK 8/9/11 (oracle or openjdk)

Steps to setup the scripts:

mkdir benches
cd benches
curl https://artifacts.elastic.co/downloads/logstash/logstash-7.6.0.tar.gz | tar -zxf - 
cd logstash-7.6.0