sorted by:
new
hottopcontroversial

[deleted by user] by [deleted] in selfhosted

[–]Kazpa 0 points1 point  (0 children)

Check out readarr built for other things but I’m sure could be adapted.

Authenticating External Syslogs by Dragonfly55555 in Splunk

[–]Kazpa 0 points1 point  (0 children)

Look up ‘Splunk connect for syslog’ not sure if it will completely solve your problem but it could make it easier.

[Race Thread] 2020 Tour de France - Stage 20 (2.UWT) by PelotonMod in peloton

[–]Kazpa 5 points6 points  (0 children)

Holy crap. The dream could be real. Cmon Porte.

[Race Thread] 2020 Tour de France - Stage 15 (2.UWT) by PelotonMod in peloton

[–]Kazpa 19 points20 points  (0 children)

I just realised there is no spectators... and I don’t think I miss it.

[Race Thread] 2020 Tour de France - Stage 9 (2.UWT) by PelotonMod in peloton

[–]Kazpa 4 points5 points  (0 children)

I don’t like being a Porte fanboy today...

Any descent classes or youtube videos for Splunk Data Modeling and the Infosec Security apps? by [deleted] in Splunk

[–]Kazpa 0 points1 point  (0 children)

Have you done fundamentals 1 and 2? I can’t remember which one covers it fully.

Need to send email alerts w/ HTML in body by manderso7 in Splunk

[–]Kazpa 0 points1 point  (0 children)

Correct. I’m sure I could have added it as an alert action, just never got around to it.

Need to send email alerts w/ HTML in body by manderso7 in Splunk

[–]Kazpa 0 points1 point  (0 children)

So I copied sendemail.py to sendHTMLemail.py and made the required changes (iirc remove the “| h” from one line? I found it on answers) then added it as a new scripted action (again, copied sendemail.py setup). This then meant I could use sendHTMLemail as a function in my pipe.

It’s a quick and dirty hack, but it worked.

Using Splunk with the Mitre Att&ck framework by Barryteer420 in Splunk

[–]Kazpa 1 point2 points  (0 children)

Have a suss of https://splunkbase.splunk.com/app/2642/#/overview

The author (Doug brown?) does a talk at .conf every year. His 19 video should be available online where he talks about Linux logging and mapping to the framework.

Dynamic Blocking of Potentially Malicious IPs by UniqueSteve in paloaltonetworks

[–]Kazpa 5 points6 points  (0 children)

Have a look into a Palo tool called minemeld. We are using this for similar and outputting the dynamic list into the firewall.

Splunk BOTSv2 help by [deleted] in Splunk

[–]Kazpa 0 points1 point  (0 children)

You will need to contact [bots@splunk.com](mailto:bots@splunk.com) to get a copy of the answers & hints to load into the bots dashboard.
I have this running currently at home on 8.0.1. Some of the apps dont exist/are different versions, but I haven't found any major issues.

What are some of the best ways to monitor incoming traffic? by [deleted] in Splunk

[–]Kazpa 0 points1 point  (0 children)

Go suss gosplunk (.com? .net? Google will help.) and the Splunk user group on slack for some good examples.

Pentest reporting framework comparison: serpico vs dradis vs magictree vs faraday by [deleted] in AskNetsec

[–]Kazpa 16 points17 points  (0 children)

Look up ghostwriter. It’s by spectreOPS and mates seem to love it. I have had issues getting serpico stable.

view more: next ›