jvehent

require “string”
local alert = require "heka.alert"

function process_message()
    -- magic happens here
end

function timer_event(ns, shutdown)
    alert.send("ratelimit1",   -- A unique and random identifier for the alert type
               string.format("%s sent %d requests over last 8 minutes”, ip, req_count),  -- email subject

jvehent

#!/usr/bin/env python
import argparse
import json
import re
import requests
import shutil
import sys
import tempfile
import zipfile
from base64 import b64encode, b64decode

jvehent

{
  "Timestamp": 1491838822880291800,
  "Time": "2017-04-10T15:40:22Z",
  "Type": "app.log",
  "Logger": "autograph",
  "Hostname": "gator3",
  "EnvVersion": "2.0",
  "Pid": 24058,
  "Severity": 4,
  "Fields": {

jvehent

$ ent before/all 
Entropy = 7.996990 bits per byte.

Optimum compression would reduce the size
of this 64000 byte file by 0 percent.

Chi square distribution for 64000 samples is 266.49, and randomly
would exceed this value 29.78 percent of the times.

Arithmetic mean value of data bytes is 127.3943 (127.5 = random).

jvehent

observatory=> SELECT distinct(certificates.id) as "id", cisco_umbrella_rank, domains, not_valid_before, not_valid_after, last_seen, signature_algo
FROM certificates
    INNER JOIN trust ON (certificates.id=trust.cert_id)
WHERE is_ca='false'
    AND trust.trusted_mozilla='true'
    AND signature_algo='SHA1WithRSA'
    AND cisco_umbrella_rank < 1000000
    AND last_seen > NOW() - INTERVAL '1 month'
    AND not_valid_after > NOW()
ORDER BY cisco_umbrella_rank ASC;

jvehent

observatory=> SELECT distinct(certificates.id) as "id", cisco_umbrella_rank, domains, not_valid_before, not_valid_after, last_seen, signature_algo
FROM certificates
    INNER JOIN trust ON (certificates.id=trust.cert_id)
WHERE is_ca='false'
    AND trust.trusted_mozilla='true'
    AND signature_algo='SHA1WithRSA'
    AND cisco_umbrella_rank < 1000000
    AND last_seen > NOW() - INTERVAL '1 month'
    AND not_valid_after > NOW()
ORDER BY cisco_umbrella_rank ASC;

jvehent

observatory=> SELECT COUNT(DISTINCT(target)), signature_algo
FROM scans
  INNER JOIN analysis ON (scans.id=analysis.scan_id) INNER JOIN certificates ON (scans.cert_id=certificates.id)
WHERE has_tls=true
  AND target IN ( SELECT target
                  FROM scans
                  INNER JOIN analysis ON (scans.id=analysis.scan_id)
                  WHERE worker_name='ciscoUmbrellaRank'
                    AND CAST(output->>'rank' AS INTEGER) < 100000
                    AND timestamp > NOW() - INTERVAL '1 week')

jvehent

package main

import (
	"fmt"
	"log"
	"net/http"
	"os/exec"
	"strings"
)

jvehent

#!/usr/bin/env bash

# if we don't have historical data yet, generate it and exit
if [ ! -r /tmp/interactive_sent.txt ]; then
	tc -s class show dev eth1 | \
	grep -A 1 'class htb 1:100' | \
	tail -1 | \
	awk '{print $2}' > /tmp/interactive_sent.txt
	exit 0
fi

jvehent

$ echo '-----BEGIN CERTIFICATE-----
> MIIHYzCCBUugAwIBAgIBATANBgkqhkiG9w0BAQwFADCBqDELMAkGA1UEBhMCVVMx
> CzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRwwGgYDVQQKExNB
> ZGRvbnMgVGVzdCBTaWduaW5nMSQwIgYDVQQDExt0ZXN0LmFkZG9ucy5zaWduaW5n
> LnJvb3QuY2ExMDAuBgkqhkiG9w0BCQEWIW9wc2VjK3N0YWdlcm9vdGFkZG9uc0Bt
> b3ppbGxhLmNvbTAeFw0xNTAyMTAxNTI4NTFaFw0yNTAyMDcxNTI4NTFaMIGoMQsw
> CQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcx
> HDAaBgNVBAoTE0FkZG9ucyBUZXN0IFNpZ25pbmcxJDAiBgNVBAMTG3Rlc3QuYWRk
> b25zLnNpZ25pbmcucm9vdC5jYTEwMC4GCSqGSIb3DQEJARYhb3BzZWMrc3RhZ2Vy
> b290YWRkb25zQG1vemlsbGEuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC