Activity Feed
- Karma Re: How Do I Remove Old SAML Users? for markbarber21. 10-15-2024 06:27 AM
- Posted Re: Automate installation and configuration of forwarder without a deployment server while using encrypted passwords and on Installation. 03-06-2024 10:06 AM
- Posted Re: installing splunk forwarder using ansible on Installation. 01-31-2024 09:01 AM
- Posted Re: How to automate a silent installation of a Splunk universal forwarder on Solaris using the PKG file? on Getting Data In. 01-31-2024 09:00 AM
- Posted Re: Automate installation and configuration of forwarder without a deployment server while using encrypted passwords and on Installation. 01-31-2024 08:59 AM
- Karma Automate installation and configuration of forwarder without a deployment server while using encrypted passwords and SSL for christopher_stj. 01-31-2024 08:59 AM
- Posted Re: How can I get Ansible script to automate installation of splunk universal forwarder on 1000 Linux Red Hat Servers?? on Getting Data In. 01-31-2024 08:58 AM
- Posted Re: Scripting to Download UniversalForwarder on Installation. 01-29-2024 08:50 AM
- Tagged Re: Scripting to Download UniversalForwarder on Installation. 01-29-2024 08:50 AM
- Karma Re: Scripting to Download UniversalForwarder for isoutamo. 01-29-2024 08:47 AM
- Posted SA-ldapsearch titleband on All Apps and Add-ons. 10-25-2023 11:01 AM
- Tagged SA-ldapsearch titleband on All Apps and Add-ons. 10-25-2023 11:01 AM
- Posted Re: LINE_BREAKER for nmap output on Getting Data In. 09-26-2023 07:03 AM
- Posted Re: How to parse grepable Nmap output? on Splunk Search. 09-26-2023 07:03 AM
- Posted Re: How to add and parse XML data in Splunk? on Getting Data In. 09-26-2023 07:02 AM
- Posted Re: ingesting nmap xml output on Splunk Search. 09-26-2023 07:02 AM
- Posted Re: How to add and parse XML data in Splunk? on Getting Data In. 09-26-2023 06:59 AM
- Posted Re: ingesting nmap xml output on Splunk Search. 09-26-2023 06:59 AM
- Posted Bulk container or mission delete on Splunk SOAR. 08-26-2023 07:01 AM
- Posted Re: How do I run NMAP on search results? on Splunk Dev. 08-17-2023 12:03 PM
Topics I've Started
Subject | Karma | Author | Latest Post |
---|---|---|---|
0 | |||
0 |
03-06-2024
10:06 AM
cant post links so just search for freeload101 github for updated code #!/bin/bash
########################## FUNC
function UFYUM(){
cd /tmp
rpm -Uvh --nodeps `curl -s https://www.splunk.com/en_us/download/universal-forwarder.html\?locale\=en_us | grep -oP '"https:.*(?<=download).*x86_64.rpm"' |sed 's/\"//g' | head -n 1`
yum -y install splunkforwarder.x86_64
sleep 5
}
function UFDEB(){
cd /tmp
wget `curl -s https://www.splunk.com/en_us/download/universal-forwarder.html\?locale\=en_us | grep -oP '"https:.*(?<=download).*amd64.deb"' |sed 's/\"//g' | head -n 1` -O amd64.deb
dpkg -i amd64.deb
sleep 5
}
function UFConf(){
mkdir -p /opt/splunkforwarder/etc/apps/nwl_all_deploymentclient/local/
cd /opt/splunkforwarder/etc/apps/nwl_all_deploymentclient/local/
cat <<EOF> /opt/splunkforwarder/etc/apps/nwl_all_deploymentclient/local/app.conf
[install]
state = enabled
[package]
check_for_updates = false
[ui]
is_visible = false
is_manageable = false
EOF
cat <<EOF> /opt/splunkforwarder/etc/apps/nwl_all_deploymentclient/local/deploymentclient.conf
[deployment-client]
phoneHomeIntervalInSecs = 60
[target-broker:deploymentServer]
targetUri = XXXXXXXXXXXXXXXXXXXXXXX:8089
EOF
cat <<EOF> /opt/splunkforwarder/etc/system/local/user-seed.conf
[user_info]
USERNAME = admin
PASSWORD = XXXXXXXXXXXXXXXXXXXXXXXX
EOF
/opt/splunkforwarder/bin/splunk cmd btool deploymentclient list --debug
/opt/splunkforwarder/bin/splunk start --accept-license
}
######################################################### MAIN
# Check for RPM package managers
if command -v yum > /dev/null; then
UFYUM
UFConf
else
echo "No YUM package manager found."
fi
# Check for DEB package managers
if command -v dpkg > /dev/null; then
UFDEB
UFConf
else
echo "No DEB package manager found."
fi
... View more
01-31-2024
09:01 AM
#!/bin/bash
########################## FUNC
function UFYUM(){
cd /tmp
rpm -Uvh --nodeps `curl -s https://www.splunk.com/en_us/download/universal-forwarder.html\?locale\=en_us | grep -oP '"https:.*(?<=download).*x86_64.rpm"' |sed 's/\"//g' | head -n 1`
yum -y install splunkforwarder.x86_64
sleep 5
}
function UFDEB(){
cd /tmp
wget `curl -s https://www.splunk.com/en_us/download/universal-forwarder.html\?locale\=en_us | grep -oP '"https:.*(?<=download).*amd64.deb"' |sed 's/\"//g' | head -n 1` -O amd64.deb
dpkg -i amd64.deb
sleep 5
}
function UFConf(){
mkdir -p /opt/splunkforwarder/etc/apps/nwl_all_deploymentclient/local/
cd /opt/splunkforwarder/etc/apps/nwl_all_deploymentclient/local/
cat <<EOF> /opt/splunkforwarder/etc/apps/nwl_all_deploymentclient/local/app.conf
[install]
state = enabled
[package]
check_for_updates = false
[ui]
is_visible = false
is_manageable = false
EOF
cat <<EOF> /opt/splunkforwarder/etc/apps/nwl_all_deploymentclient/local/deploymentclient.conf
[deployment-client]
phoneHomeIntervalInSecs = 60
[target-broker:deploymentServer]
targetUri = XXXXXXXXXXXXXXXXXXXXXXX:8089
EOF
cat <<EOF> /opt/splunkforwarder/etc/system/local/user-seed.conf
[user_info]
USERNAME = admin
PASSWORD = XXXXXXXXXXXXXXXXXXXXXXXX
EOF
/opt/splunkforwarder/bin/splunk cmd btool deploymentclient list --debug
/opt/splunkforwarder/bin/splunk start --accept-license
}
######################################################### MAIN
# Check for RPM package managers
if command -v yum > /dev/null; then
UFYUM
UFConf
else
echo "No YUM package manager found."
fi
# Check for DEB package managers
if command -v dpkg > /dev/null; then
UFDEB
UFConf
else
echo "No DEB package manager found."
fi
... View more
01-31-2024
09:00 AM
got nasty gram for posting links search online for freeload101 github in scripts Splunk_UniversalForwarder_Installer.bash got nasty gram for posting links
search online for freeload101 github in scripts Splunk_UniversalForwarder_Installer.bash
... View more
01-31-2024
08:59 AM
got nasty gram for posting links search online for freeload101 github in scripts Splunk_UniversalForwarder_Installer.bash
... View more
01-31-2024
08:58 AM
got nasty gram for posting links search online for freeload101 github in scripts Splunk_UniversalForwarder_Installer.bash
... View more
01-29-2024
08:50 AM
got nasty gram for posting links search online for freeload101 github in scripts Splunk_UniversalForwarder_Installer.bash
... View more
- Tags:
- automation
10-25-2023
11:01 AM
Missing titleband from the search It seems like its a subsearch of ldap query or something if I do Get-ADUser in powershell its missing from there too here is what we had from event logs : |table titleband adminDescription cn co company dcName department description displayName division eventtype georegion givenName host locationCode mail mailNickname sAMAccountName title userAccountControl userAccountPropertyFlag userPrincipalName
... View more
Labels
- Labels:
-
configuration
-
troubleshooting
09-26-2023
07:03 AM
got nasty gram for posting links search online for freeload101 github in scripts nmap_fruit.sh
... View more
09-26-2023
07:03 AM
got nasty gram for posting links search online for freeload101 github in scripts nmap_fruit.sh
... View more
09-26-2023
07:02 AM
got nasty gram for posting links search online for freeload101 github in scripts nmap_fruit.sh
... View more
09-26-2023
07:02 AM
got nasty gram for posting links search online for freeload101 github in scripts nmap_fruit.sh
... View more
09-26-2023
06:59 AM
nmap XML to SPLUNK HEC !!! https://github.com/freeload101/SCRIPTS/blob/b3f83288a9f289d86f6cdd04898478d0427097ce/Bash/NMAP_FRUIT.sh#L80
... View more
09-26-2023
06:59 AM
nmap XML to SPLUNK HEC !!! https://github.com/freeload101/SCRIPTS/blob/b3f83288a9f289d86f6cdd04898478d0427097ce/Bash/NMAP_FRUIT.sh#L80
... View more
08-26-2023
07:01 AM
Don't know another way to do it ... I had created containers from the Splunk export app for SOAR ( don't us that for Mission Control (MC) it got stuck in some kind of loop or something... so gross but whatever export token='YOURAUTOMATIONTOKEN'
while true
do
curl -s -u ":${token}" 'https://YOURCOMPANY.soar.splunkcloud.com/rest/container?search_fields=id&_filter_artifact_count__lte=0&page_size=2200' | python3 -m json.tool | grep -E "(\bid\b)" | sed 's/.*: //g' | tr -d '\n' | sed -re 's/^/{\"ids\":\[/g' -re 's/,$/]}/g' > ids.txt
curl -s -X DELETE -u ":${token}" 'https://YOURCOMPANY.soar.splunkcloud.com/rest/container' -d "`cat ids.txt`"
done
... View more
Labels
- Labels:
-
development
-
using SOAR ⁄ Phantom
08-17-2023
12:03 PM
XtremeNmapParser FTW to convert the xml to JSON and then used HEC to send it all to Spunk! https://github.com/xtormin/XtremeNmapParser/issues/1
... View more
08-17-2023
12:02 PM
XtremeNmapParser ! to convert the xml to JSON and then used HEC to send it all to Spunk! https://github.com/xtormin/XtremeNmapParser/issues/1
... View more
08-17-2023
12:02 PM
I used XtremeNmapParser from github to convert the xml to JSON and then used HEC to send it all to Spunk! https://github.com/xtormin/XtremeNmapParser/issues/1
... View more
08-17-2023
12:02 PM
I used the XtremeNmapParser to convert the xml to JSON and then used HEC to send it all to Spunk! https://github.com/xtormin/XtremeNmapParser/issues/1
... View more
08-17-2023
12:02 PM
I used XtremeNmapParser to convert the xml to JSON and then used HEC to send it all to Spunk! https://github.com/xtormin/XtremeNmapParser/issues/1 Z
... View more
08-17-2023
12:01 PM
I used XtremeNmapParser to convert the xml to JSON and then used HEC to send it all to Spunk! https://github.com/xtormin/XtremeNmapParser/issues/1
... View more
08-15-2023
01:04 PM
Looking into this now ... I have dumped a sample of every single table and trying to figure out the API and filters as we have null values for like 90% of our asssets in SNOW so I need to filterout and some how bind IP <> Owner .. some notes ... roll thouth all the tgables "get the table names in the UI by going to report crate page ... and looking at the source
curl -s -H "Accept: application/json" -u "XXXXXXXXXXXXXX:XXXXXXXX" "https://YOURCOMPANEYNAME.service-now.com/api/now/table/${i}?sysparm_display_value=all&sysparm_offset=${j}&sysparm_limit=1000" -o "${i}_out${j}.json"
look for non null values for each key ? ( for me YMMV )
grep -E "(\bip.address\b|\bsupport.group\b|owned_by\b|\bsys_class_name\b|\blocation\b|\bsys_class_name\b|\bdns_domain\b|\bsys_domain\b|\bfqdn\b|\bbusines_criticality\b|\bclass_name\b|\boperational_status\b|\bcreated_by\b|\bassignment_group\b|\bassigned_to\b|\bsvc_service_id\b)" Pretty_* -A 1
Working on filtering like ¬%20owned_by="" or something .. I have no idea hopfuly sometihng on github that uses this API with filtering so ill post or mesg me
- rmccurdy.com
... View more