lopes

#!/bin/sh
#
# Reads a Brazilian "Nota Fiscal Eletrônica" in PDF format,
# figures out what is it competence (the reference in time
# for that document), and then renames the file using this
# data, like: %Y%m[-COUNT].pdf.
#
# Note: the regex may differ according the format used in
# the PDF file (data disposition), so it should be
# adjusted accordingly.

lopes

#!/usr/local/bin/python3

'''
Monitors some log files and send new entries to syslog.
This script requires a config file to import paths to the files.
The main concept is that there are a repository with log files
(which I call 'source files') and an auxiliary repository of
files ('working files').
The idea here is to create a copy of source files in the work
directory, then calculating the diff between the source files

lopes

#/bin/sh
#bookepr.sh
#
# Packs and unpacks sensitive data in a more secure fashion.
# Read $HELP for usage tips.
#
# Author: José Lopes <lopes.id>
# License: MIT
# Date: 2021-09-28
##

lopes

#!/usr/bin/env bash

# In SOC, when an external IP address is involved in an incident,
# we check it to try to identify the owner and if there is any
# incident related to that address. A few sites in internet
# offer this service, such as AbuseIPDB (https://www.abuseipdb.com/),
# Greynoise (https://www.greynoise.io/), and
# VirusTotal (https://www.virustotal.com/).
#
# Author.: José Lopes <lopes.id>

lopes

#!/bin/sh

# Retrieves alerts from Cortex XDR.
# PARAMETERS:
#   - $1: First item (start)
#   - $2: Number of items at each round (must be <= 100)
#   - $3: Number of pages desired (number of rounds)
# REQUIRES:
#   - API key and its ID from Cortex XDR
#   - Standard Authentication for the API key

lopes

'''
A simple script to test the Cortex API with Advanced and Standard keys.
It uses solely the Python 3 Standard Library, so no additional packages are needed.

USAGE
python3 lobotomy.py KEYID KEY KEYTYPE FQDN ENDPOINT START COUNT PAGES

EXAMPLE
python3 lobotomy.py \
    007 \

lopes

# Product: MISP Threat Intelligence
# Category: Information Security
# Supported Format: JSON
# Reference: https://medium.com/@thatsiemguy/how-to-integrate-misp-and-chronicle-siem-9e5fe5fde97c
# Last Updated: 2024-06-01

filter {
    ##
    # BASIC VARIABLES ASSERTION AND FIELDS EXTRACTION
    #

lopes

#!/usr/bin/env python3
#moth.py

'''
Convert Kindle or O'Reilly annotations to JSON or Markdown format.

Usage:
  moth.py -i <input> -o <output> [-s <source>] [-f <format>]

Example:

lopes

#!/usr/bin/env python3
#torpids.py

'''
Connects to the Tor Project's exit-addresses page and parses the 
exit node data into JSON format.

Data is fetched from: https://check.torproject.org/exit-addresses

Data is "Node ID-centric" in Tor Project's page, but here it is

lopes

'''
Cleans up lines in the reference lists in Chronicle SIEM with expired dates.

This script can be used to clean up some or all Reference Lists in Chronicle SIEM.
It scans each list and removes expired lines with the same pattern it is set to
monitor.  Lines outside this pattern are just ignored.  The pattern is:

<value>  // expires:YYYY-MM-DD