mpurzynski

@load base/frameworks/intel
@load frameworks/intel/seen

module Intel;

export {
#    const default_per_item_expiration = 5 min &redef;
    const default_per_item_expiration = 300 &redef;
    redef record MetaData += {
		expire:     double &default=default_per_item_expiration;

mpurzynski

ouifilename = "oui.txt"
with open(ouifilename) as ouifile:
    macassignments = {}
    for i in ouifile.readlines()[0::]:
        i = i.strip()
        if "(hex)" in i:
            fields = i.split("\t")
            macprefix = fields[0][0:8].replace("-", ":").lower()
            entity = fields[2]
            macassignments[macprefix] = entity

mpurzynski

# This file contains additional build requirements that did not get
# picked up automatically. One name per line, no whitespace.
bro
bro-abi
bro-bin
bro-lib
bro-plugins
bro-dev
linux-dev

mpurzynski

-DBinPAC_ROOT_DIR=`bro-config --binpac_root` -DBROKER_ROOT_DIR=`bro-config --broker_root` -DCAF_ROOT_DIR=`bro-config --caf_root` -DBRO_CONFIG_PLUGIN_DIR=`bro-config --plugin_dir` -DBRO_CONFIG_PREFIX=`bro-config --prefix` -DBRO_CONFIG_INCLUDE_DIR=`bro-config --include_dir` -DBRO_CONFIG_CMAKE_DIR=`bro-config --cmake_dir` -DCMAKE_MODULE_PATH=`bro-config --cmake_dir` -DKERNELHEADERS_ROOT_DIR=/usr/lib/modules/$(uname -r)/build

mpurzynski

Mock Version: 1.2.14
ENTER do(['bash', '--login', '-c', '/usr/bin/rpmbuild -bs --target x86_64 --nodeps /builddir/build/SPECS/bro-af-packet.spec'], chrootPath='/var/lib/mock/clear-bro-af-packet/root'env={'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'LANG': 'en_US.UTF-8', 'CCACHE_DIR': '/var/tmp/ccache', 'CCACHE_UMASK': '002'}shell=Falselogger=<mockbuild.trace_decorator.getLog object at 0x7fd1f19af358>timeout=0uid=1000gid=1000user='mockbuild'printOutput=False)
Executing command: ['bash', '--login', '-c', '/usr/bin/rpmbuild -bs --target x86_64 --nodeps /builddir/build/SPECS/bro-af-packet.spec'] with env {'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'LANG': 'en_US.UTF-8', 'CCACHE_DIR': '/var/tmp/ccache', 'CCACHE_UMASK': '002'} and shell False
Building target platforms: x86_64
Building for target x86_64
Wrote: /builddir/build/SRPMS/bro-af-packet-1.4.0-1.src.rpm
Ch

mpurzynski

#!/usr/bin/env python

import requests
import sys
import os

from argparse import ArgumentParser
from configparser import ConfigParser
from datetime import datetime, timedelta
from urllib.parse import urlparse

mpurzynski

../tests/alerts/alert_test_suite.py:151: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../tests/alerts/alert_test_suite.py:219: in verify_alert_task
    self.verify_rabbitmq_alert(found_alert, test_case)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <test_nsm_scan_address.TestNSMScanAddress object at 0x105e27690>
found_alert = {'_id': 'AWcuJF-itQ9ZTot1eXwb', '_index': 'alerts-201811', '_score': 0.0, '_source': {'category': 'nsm', 'events': [{'...zdefhostname': 'mozdefhost', ...}, 'documenttype': 'event'}], 'ircchannel': None, 'notify_mozdefbot': False, ...}, ...}
test_case = <positive_alert_test_case.PositiveAlertTestCase object at 0x105159f90>

mpurzynski

>>> eth.stat('ens33')
{'rx_packets': 44221, 'tx_packets': 21521, 'rx_bytes': 46567966, 'tx_bytes': 2657722, 'rx_broadcast': 0, 'tx_broadcast': 0, 'rx_multicast': 0, 'tx_multicast': 0, 'rx_errors': 0, 'tx_errors': 0, 'tx_dropped': 0, 'multicast': 0, 'collisions': 0, 'rx_length_errors': 0, 'rx_over_errors': 0, 'rx_crc_errors': 0, 'rx_frame_errors': 0, 'rx_no_buffer_count': 0, 'rx_missed_errors': 0, 'tx_aborted_errors': 0, 'tx_carrier_errors': 0, 'tx_fifo_errors': 0, 'tx_heartbeat_errors': 0, 'tx_window_errors': 0, 'tx_abort_late_coll': 0, 'tx_deferred_ok': 0, 'tx_single_coll_ok': 0, 'tx_multi_coll_ok': 0, 'tx_timeout_count': 0, 'tx_restart_queue': 0, 'rx_long_length_errors': 0, 'rx_short_length_errors': 0, 'rx_align_errors': 0, 'tx_tcp_seg_good': 33, 'tx_tcp_seg_failed': 0, 'rx_flow_control_xon': 0, 'rx_flow_control_xoff': 0, 'tx_flow_control_xon': 0, 'tx_flow_control_xoff': 0, 'rx_long_byte_count': 46567966, 'rx_csum_offload_good': 44201, 'rx_csum_offload_errors': 0, 'alloc_rx_buff_failed': 0, 'tx_smbus': 0, '

mpurzynski

---
  push:
    username: details.body.sender.login
    email: details.body.pusher.email
    id: details.body.sender.id
    action: details.body.action
    commits: details.body.commits
    created: details.body.created
    deleted: details.body.deleted
    forced: details.body.forced

mpurzynski

#!/bin/bash

# This only needs to be set if in your non-ephemeral AWS config you use a source profile other than "default".
# Source profile is the profile with your actual long lived API keys
SOURCE_PROFILE_NAME=

# This is the ARN of the IAM role that you want to assume by default
DEFAULT_ASSUMED_ROLE_ARN=

# This is an optional descriptive name of the IAM role that you want to assume by default