Skip to content

Instantly share code, notes, and snippets.

View manasmbellani's full-sized avatar

Manas Bellani manasmbellani

20 followers · 2 following
View GitHub Profile
@manasmbellani
manasmbellani / Invoke-AzureLogAnalyticsDataSend.ps1
Last active October 14, 2024 23:46
Script to send sample log to Azure Log Analytics workspace using Azure Monitor Data Collector API: https://learn.microsoft.com/en-us/azure/azure-monitor/logs/data-collector-api?tabs=powershell. Based on tutorial from Terence Luk: https://terenceluk.blogspot.com/2022/03/using-powershell-to-send-custom-log.html. Response = 200 indicates log was wr…
# Replace with the Workspace Customer ID and Primary Key from Log Analytics Workspace already created in Azure
# where logs should be forwarded under Settings > Agents > Log Analytics Agent Instructions
$customerId = "1.....3"
$sharedKey = "c.....="
# Change this to define the table name in Azure Log Analytics workspace. Table name is
# CustomLog_CL
$logType = "CustomLog"
# Change this to change the log to send to Azure Log Analytics workspace
@manasmbellani
manasmbellani / !splunkappsdoco.md
Last active June 10, 2023 09:34
splunkawssecuritymon - Alerts built in AWS Security Monitoring App for Splunk

README

This gist contains information about various splunk apps pertaining to detection engineering that have been released on Splunkbase.

Usage

Review the files on gist.github.com OR consider cloning this and opening it in a Markdown editor such as Typora to obtain a navigational outline

@manasmbellani
manasmbellani / splunk-app-deployment-steps.md
Created November 26, 2022 01:44
Practical tips/steps to consider prior to deploying and updating apps in Splunk

Steps to build new alerts in Splunk

To build new alerts, perform the following steps:

  • Ensure that the correct app is selected via the Apps menu option in Splunk UI
  • Leverage an existing search macro that has been recently built and update it to meet the search query for detection
  • Test if the alert works
  • Use MITRE Attack Framework to add relevant fields from the Matrix here if applicable
  • Create a new search macro with updated permissions. Search macro should be prefixed with appropriate keyword e.g. gcp_detect_ or sysmon_detect
  • Update the search macro permissions to be publicly readable, and admin writable
@manasmbellani
manasmbellani / inputs.conf
Last active March 29, 2023 21:54
Splunk Universal Forwarder inputs.conf file for collecting data from Window Servers / PCs
# Version 9.0.1
# these here just override and disable stuff that in system/default.
################################
# Data thru parsingQueue always
################################
[splunktcp]
route=has_key:tautology:parsingQueue;absent_key:tautology:parsingQueue
@manasmbellani
manasmbellani / flatten_dict_to_csv.py
Created August 21, 2022 04:48
flatten_dict_to_csv.py - Flattens a Dictionary into a single dictionary that can be written to a CSV file
#!/usr/bin/env python3
import json
dictionary = {
'duration': 720,
'language': 'sv',
'link': 'https://vimeo.com/neweuropefilmsale/incidentbyabank',
'name': 'INCIDENT BY A BANK',
'test': {
'test2': {
@manasmbellani
manasmbellani / .aws-lambda-layers
Last active December 6, 2023 16:14
aws-lambda-layers: Example code for the aws lambda layer
Please review the `README.md` file.
@manasmbellani
manasmbellani / get_domain_from_ssl_info_on_host.sh
Created November 5, 2021 00:44
get_domain_from_ssl_info_on_host.sh - Gets information from SSL cert information on host via openssl s_client
#!/bin/bash
USAGE="[-] $0 <hostname>"
if [ $# -lt 1 ]; then
echo "$USAGE"
exit 1
fi
hostname="$1"
echo | openssl s_client -connect $hostname:443 2>&1 | grep -iE "0 s:.*CN = " | grep -ioE "CN = .*" | cut -d "=" -f2
@manasmbellani
manasmbellani / get_hibp_breach_details.sh
Last active October 15, 2021 03:30
Scripts get details of breaches and breached accounts using 'Have I Been Pwned' API
#!/bin/bash
DELIM="|"
OUT_FILE="out-hibp-breach-details.txt"
USER_AGENT="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36"
HIBP_ENDPOINT="https://haveibeenpwned.com/api/v3"
SLEEP_INTERVAL=3
CURL_TIMEOUT=6
USAGE="[-]
Syntax:
$0 <breaches_list/breaches_file> [hibp_api_key=$HIBP_KEY] [sleep_interval=$SLEEP_INTERVAL] [out_file=$OUT_FILE]
@manasmbellani
manasmbellani / .cent.yaml
Last active June 22, 2024 18:44
My cent nuclei templates file
# Directories to exclude
exclude-dirs:
- SOMETHING
# Files to exclude
exclude-files:
- README.md
- .gitignore
- .pre-commit-config.yaml
- LICENSE
@manasmbellani
manasmbellani / scan_url_in_urlscan_io.sh
Last active October 20, 2021 01:42
scan_url_in_urlscan_io.sh - Scan URL via urlscan.io and open it in default browser
VISIBILITY="public"
SLEEP_TIMEOUT=10
USAGE="[-]
Usage:
$0 <url> <apikey> [visibility=]
Summary:
Scan URL in urlscan.io and open it with default browser
Args: