Skip to content

Instantly share code, notes, and snippets.

from python_rules import Rule, deep_get
import rapidjson
def original_get(e, key='event.original', default=None):
# used to return event.original field, deserialized into dictionary
# if key not found, we return empty dict
nested = deep_get(e, *key.split('.'))
if nested is None:
return default
@RooieRakkert
RooieRakkert / ht_test_rule.py
Last active April 22, 2021 13:36
ht_test_rule.py
from python_rules import Rule, deep_get
import rapidjson
def original_get(e, key='event.original', default=None):
# used to return event.original field, deserialized into dictionary
# if key not found, we return empty dict
nested = deep_get(e, *key.split('.'))
if nested is None:
return default
try:
from python_rules import Rule, deep_get
import rapidjson
def original_get(e, key='event.original', default=None):
# used to return event.original field, deserialized into dictionary
# if key not found, we return empty dict
nested = deep_get(e, *key.split('.'))
if nested is None:
return default
@RooieRakkert
RooieRakkert / install_telegraf.sh
Last active June 2, 2020 12:45
Install Telegraf
#!/bin/bash
# Custom script to install Telegraf
# telegraf user
sudo useradd -s /bin/false telegraf
# Create the systemd directory.
#
# .conf files in this directory will override the default configuration.
# You should include such a file in the boot script for a given instance.
MATCH (u:User)-[r:AdminTo|MemberOf*1..]->(c:Computer
RETURN u.name
That’ll return a list of users who have admin rights on at least one system either explicitly or through group membership
---------------
MATCH
(U:User)-[r:MemberOf|:AdminTo*1..]->(C:Computer)
WITH
U.name as n,