This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Custom.Alert.TheHive | |
description: | | |
Create a TheHive Alert when we match a condition | |
Much of this was borrowed from: https://gist.github.com/scudette/3a32abd19350c8fe3368661c4278869d | |
type: SERVER_EVENT | |
parameters: | |
- name: TheHiveURL | |
default: https://thehive |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Pre-reqs: | |
# pip3 install scapy | |
# Example VXLAN PCAP: https://github.com/the-tcpdump-group/tcpdump/raw/master/tests/vxlan.pcap | |
import sys, getopt | |
from scapy.all import * | |
def write(pkt): | |
wrpcap(outputfile, pkt, append=True) | |
def main(argv): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Script to download and shim https://github.com/ncsa/bro-simple-scan for use with Zeek on Security Onion | |
# Last Modified 2/21/2020 by @therealwlambert | |
SS_PATH="/opt/zeek/share/zeek/policy/simple-scan" | |
SS_SCRIPT="simple-scan.zeek" | |
BRO_DN_PATH="/opt/zeek/share/zeek/policy/bro-is-darknet" | |
BRO_DN_SCRIPT="bro-is-darknet.zeek" | |
echo "Adding directory structure..." |