Luke LukeMurphey

Developer and former Security Analyst. My apps are deployed on thousands of Splunk installs and I have a bunch of other open source apps that I support too.

89 followers · 2 following

Splunk
Indianapolis, IN
http://LukeMurphey.net

View GitHub Profile

Recently created

Least recently created

Recently updated

Least recently updated

LukeMurphey / notable_edit_example_native.py

Last active August 26, 2016 16:56

An example of how to edit notable events using the REST API in the Enterprise Security app for Splunk. #splunk

	import requests

	# Ignore warnings about self-signed certificates if using them
	import warnings
	warnings.filterwarnings('ignore', '', requests.packages.urllib3.exceptions.InsecureRequestWarning, '', 0)

	# Here is a helper function for editing notable events
	def updateNotableEvents(sessionKey, baseurl, comment, status=None, urgency=None, owner=None, eventIDs=None, searchID=None):
	"""
	Update some notable events.

LukeMurphey / clean_splunk_app_path.py

Last active September 12, 2016 22:43

This stub prunes items from the path that are not related to your app. #splunk

	def prune_sys_path(app_name):
	# Prune directories from other apps so that we don't step on each other with our imports (see http://lukemurphey.net/issues/1281)
	paths_to_remove = []
	for path in sys.path:
	if ('/etc/apps/' in path and not ('/etc/apps/' + app_name) in path) or ('\\etc\\apps\\' in path and not ('\\etc\\apps\\' + app_name) in path):
	paths_to_remove.append(path)

	for path in paths_to_remove:
	sys.path.remove(path)

LukeMurphey / private.xml

Last active June 27, 2017 23:02

Karabiner configuration to changes tabs with the mouse 4 & 5 buttons and open links in a new window when the middle mouse button is pressed

	<?xml version="1.0"?>
	<root>
	<item>
	<name>LKM Button 4 5 to Tab Back Forward</name>
	<identifier>private.my_button_4_5_to_tab_back_forward</identifier>
	<autogen>
	__KeyToKey__
	PointingButton::BUTTON4,
	KeyCode::TAB, ModifierFlag::CONTROL_L \| ModifierFlag::SHIFT_L
	</autogen>

LukeMurphey / md4.py

Last active December 6, 2016 01:24 — forked from tristanwietsma/md4.py

MD4 in pure Python 2.7. Backported from Andrew Cooke's Python 3.3 implementation. (http://www.acooke.org/cute/PurePython0.html). This version returns the same value that hashlib would have (making it a drop in replacement).

	from array import array
	from string import join
	from struct import pack, unpack

	_DECODE = lambda x, e: list(array('B', x.decode(e)))
	_ENCODE = lambda x, e: join([chr(i) for i in x], '').encode(e)
	HEX_TO_BYTES = lambda x: _DECODE(x, 'hex')
	TXT_TO_BYTES = lambda x: HEX_TO_BYTES(x.encode('hex'))
	BYTES_TO_HEX = lambda x: _ENCODE(x, 'hex')
	BYTES_TO_TXT = lambda x: BYTES_TO_HEX(x).decode('hex')

LukeMurphey / .profile

Last active February 9, 2017 18:19

Bash color prompt

PS1="\n\[\033[0;32m\]\u\[\033[0m\] \[\033[0;36m\]\w\[\033[0m\]$ "

LukeMurphey / .gitignore

Last active December 12, 2021 22:43

A default gitignore for Splunk apps

	# Byte-compiled / optimized / DLL files
	__pycache__/
	*.py[cod]
	*$py.class

	# OS generated files #
	######################
	.DS_Store
	.DS_Store?
	._*

LukeMurphey / splunkdevtools.jar

Last active February 18, 2017 09:02

An Ant build task that will bump Splunk web so that changes are posted immediately #splunk

View raw

LukeMurphey / event_writer.py

Last active April 20, 2022 20:08

A Python script for writing data to Splunk using the stash file format.

	"""
	This script creates stash files for indexing data within Splunk.

	Here is a sample of using the StashNewWriter to write out data:

	from event_writer import StashNewWriter

	writer = StashNewWriter(index='summary', source_name='test_of_event_writer')
	writer.write_event({'message': 'here is an event'})
	"""

LukeMurphey / simple_rest_handler.py

Last active December 12, 2021 22:43

A REST handler base class that makes writing Splunk REST handlers that serve a custom conf file easier #splunk

	"""
	This includes a helper class (named RestHandler) that makes implementing a custom REST handler in Splunk very easy.

	This is licensed under the Apache License Version 2.0
	See https://www.apache.org/licenses/LICENSE-2.0.html

	To use this, you will need to:

	1) Define a restmap.conf and declare the handler
	2) Define the Python code of the REST handler

LukeMurphey / SetupView.js

Last active August 7, 2017 20:58

A backbone base class for making SimpleXML setup views in Splunk #splunk

	/*
	* This view is intended to be used as a base class for simpleXML setup views. This class is
	* intended to make creation of a setup view easier by:
	*
	* 1) Providing a mechanism for setting the app as configured so that users aren't redirected through setup again.
	* 2) Providing a means for permission checking so that you can ensure that the user has admin_all_objects
	*
	* To use this class, you will need to do the following:
	*
	* 1) Make your view class sub-class "SetupView" (the class providing in this file)

Older Newer