How to create and manage Splunk dashboards via API
In the previous post “How to correlate different events in #Splunk and make dashboards” I mentioned that #Splunk #dashboards can be presented in a simple XML form. You can generate it with some script and then copy-past it in #Splunk #GUI.
However, this manual operations can make the process of debugging #dashboards really annoying. It would be much easier to send dashboard XML content to #Splunk using #Splunk #API. And it is actually possible. 🙂
#Splunk #python #dashboards #SIEM #API
Read more: https://avleonov.com/2018/09/27/how-to-create-and-manage-splunk-dashboards-via-api/
In the previous post “How to correlate different events in #Splunk and make dashboards” I mentioned that #Splunk #dashboards can be presented in a simple XML form. You can generate it with some script and then copy-past it in #Splunk #GUI.
However, this manual operations can make the process of debugging #dashboards really annoying. It would be much easier to send dashboard XML content to #Splunk using #Splunk #API. And it is actually possible. 🙂
#Splunk #python #dashboards #SIEM #API
Read more: https://avleonov.com/2018/09/27/how-to-create-and-manage-splunk-dashboards-via-api/
Accelerating Splunk Dashboards with Base Searches and Saved Searches
Let’s say we have a #Splunk dashboard with multiple panels. Each panel has its own search request and all of these requests work independently and simultaneously. If they are complex enough, rendering the dashboard may take quite a long time and some panels may even fall by #timeout.
How to avoid this? The first step is to understand how the searches are related. May be it is possible to select some base searches, and reuse their results in other child-searches. It’s also possible to get cached results from the “Saved Searches” (another name of Reports in #Splunk GUI).
#Splunk #python #json #cron #SIEM #API
Read more: https://avleonov.com/2018/10/21/accelerating-splunk-dashboards-with-base-searches-and-saved-searches/
Let’s say we have a #Splunk dashboard with multiple panels. Each panel has its own search request and all of these requests work independently and simultaneously. If they are complex enough, rendering the dashboard may take quite a long time and some panels may even fall by #timeout.
How to avoid this? The first step is to understand how the searches are related. May be it is possible to select some base searches, and reuse their results in other child-searches. It’s also possible to get cached results from the “Saved Searches” (another name of Reports in #Splunk GUI).
#Splunk #python #json #cron #SIEM #API
Read more: https://avleonov.com/2018/10/21/accelerating-splunk-dashboards-with-base-searches-and-saved-searches/
Making CVE-1999-0016 (landc) vulnerability detection script for Windows NT
The fair question is why in 2018 someone might want to deal with #Windows NT and vulnerabilities in it. Now #Windows NT is a great analogue of DVWA (Damn Vulnerable Web Application), but for operating systems. There are a lot of well-described vulnerabilities with ready-made #exploits. A great tool for practising.
Well, despite the fact that this operating system is not supported since 2004, it can be used in some weird legacy systems. 😉
#WindowsNT #Windows #VirtualBox #scapy #python #NVD #Microsoft #landc #VulnerabilityManagement
Read more: https://avleonov.com/2018/11/11/making-cve-1999-0016-landc-vulnerability-detection-script-for-windows-nt/
The fair question is why in 2018 someone might want to deal with #Windows NT and vulnerabilities in it. Now #Windows NT is a great analogue of DVWA (Damn Vulnerable Web Application), but for operating systems. There are a lot of well-described vulnerabilities with ready-made #exploits. A great tool for practising.
Well, despite the fact that this operating system is not supported since 2004, it can be used in some weird legacy systems. 😉
#WindowsNT #Windows #VirtualBox #scapy #python #NVD #Microsoft #landc #VulnerabilityManagement
Read more: https://avleonov.com/2018/11/11/making-cve-1999-0016-landc-vulnerability-detection-script-for-windows-nt/
Making Vulnerable Web-Applications: XXS, RCE, SQL Injection and Stored XSS ( + Buffer Overflow)
In this post I will write some simple vulnerable web applications in python3 and will show how to attack them. This is all for educational purposes and for complete beginners. So please don’t be too hard on me. 😉
As a first step I will create a basic web-application using twisted python web server (you can learn more about it in “Making simple Nmap SPA web GUI with Apache, AngularJS and Python Twisted“).
#Concept #bash #bufferoverflow #c #CentOS #Chromium #Debian #Firefox #GoogleChrome #MySQL #python #python3 #RCE #SQL #SQLinjection #StoredXSS #Ubuntu #XXS
Read more: https://avleonov.com/2018/11/29/making-vulnerable-web-applications-xxs-rce-sql-injection-and-stored-xss-buffer-overflow/
In this post I will write some simple vulnerable web applications in python3 and will show how to attack them. This is all for educational purposes and for complete beginners. So please don’t be too hard on me. 😉
As a first step I will create a basic web-application using twisted python web server (you can learn more about it in “Making simple Nmap SPA web GUI with Apache, AngularJS and Python Twisted“).
#Concept #bash #bufferoverflow #c #CentOS #Chromium #Debian #Firefox #GoogleChrome #MySQL #python #python3 #RCE #SQL #SQLinjection #StoredXSS #Ubuntu #XXS
Read more: https://avleonov.com/2018/11/29/making-vulnerable-web-applications-xxs-rce-sql-injection-and-stored-xss-buffer-overflow/
Managing JIRA Scrum Sprints using API
#Atlassian Jira is a great tool for organizing Agile processes, especially Scrum. But managing Scrum Sprints manually using Jira web #GUI maybe time consuming and annoying. So, I decided to automate some routine operations using JIRA #API and Python.
The #API calls are described on the official page at JIRA Agile REST #API Reference.
I will use my domain account for #authentication. First of all let’s see how to get Jira Scrum Board ID by it’s name and get all the Sprints related to the Board.
#python #json #AtlassianJIRA #agile #API
Read more: https://avleonov.com/2019/01/11/managing-jira-scrum-sprints-using-api/
#Atlassian Jira is a great tool for organizing Agile processes, especially Scrum. But managing Scrum Sprints manually using Jira web #GUI maybe time consuming and annoying. So, I decided to automate some routine operations using JIRA #API and Python.
The #API calls are described on the official page at JIRA Agile REST #API Reference.
I will use my domain account for #authentication. First of all let’s see how to get Jira Scrum Board ID by it’s name and get all the Sprints related to the Board.
#python #json #AtlassianJIRA #agile #API
Read more: https://avleonov.com/2019/01/11/managing-jira-scrum-sprints-using-api/
Retrieving data from Splunk Dashboard Panels via API
Fist of all, why might someone want to get data from the panels of a #dashboard in Splunk? Why it might be useful? Well, if the script can process everything that human analyst sees on a #Splunk #dashboard, all the automation comes very natural. You just figure out what routine operations the analyst usually does using the #dashboard and repeat his actions in the script as is. It may be the anomaly #detection, #remediation task creation, reaction on various events, whatever. It really opens endless possibilities without alerts, reports and all this stuff. I’m very excited about this. 🙂
Let’s say we have a #Splunk #dashboard and want to get data from the #table #panel using a #python script. The problem is that the content of the #table that we see is not actually stored anywhere. In fact it is the results of some search query, from the XML representation of the #dashboard, executed by #Splunk web #GUI. To get this data we should execute the same search request.
That’s why we should:
1. Get XML code of the dashboard
2. Get the search query for each panel
3. Process searches based on other searches and get complete search query for each panel
4. Launch the search request and get the results
First of all, we need to create a special account that will be used for getting data from #Splunk. In Web #GUI “Access controls -> Users”.
#xml #Splunk #python #panel #json #dashboard #SIEM #API
Read more: https://avleonov.com/2019/02/07/retrieving-data-from-splunk-dashboard-panels-via-api/
Fist of all, why might someone want to get data from the panels of a #dashboard in Splunk? Why it might be useful? Well, if the script can process everything that human analyst sees on a #Splunk #dashboard, all the automation comes very natural. You just figure out what routine operations the analyst usually does using the #dashboard and repeat his actions in the script as is. It may be the anomaly #detection, #remediation task creation, reaction on various events, whatever. It really opens endless possibilities without alerts, reports and all this stuff. I’m very excited about this. 🙂
Let’s say we have a #Splunk #dashboard and want to get data from the #table #panel using a #python script. The problem is that the content of the #table that we see is not actually stored anywhere. In fact it is the results of some search query, from the XML representation of the #dashboard, executed by #Splunk web #GUI. To get this data we should execute the same search request.
That’s why we should:
1. Get XML code of the dashboard
2. Get the search query for each panel
3. Process searches based on other searches and get complete search query for each panel
4. Launch the search request and get the results
First of all, we need to create a special account that will be used for getting data from #Splunk. In Web #GUI “Access controls -> Users”.
#xml #Splunk #python #panel #json #dashboard #SIEM #API
Read more: https://avleonov.com/2019/02/07/retrieving-data-from-splunk-dashboard-panels-via-api/
How to make Email Bot service in Python
First of all, why you may want to use such service? Despite the fact that currently there are so many different channels of communication (including various messaging apps), Email is still a default and universal way to do it.
* Literally every enterprise service supports #email notifications, even if it’s #integration capabilities are rather limited. So, with Email Bot you can automatically process such notifications.
* Email is good, simple, reliable and familiar way to communicate with humans. Send an #email – get response. Everyone can do it. So, #email #bot can make basic routine operations, like organizing the external meetings, pretty much like a human secretary.
* It’s easier to code Email #bot than any other interface, and the code can be reused for other communication channels, for example messaging apps.
I get #email messages from IMAP server in python3 using #easyimap module.
#systemd #smtp #python3 #python #MIME #integration #imap #email #easyimap #cron #bot #API
Read more: https://avleonov.com/2019/02/18/how-to-make-email-bot-service-in-python/
First of all, why you may want to use such service? Despite the fact that currently there are so many different channels of communication (including various messaging apps), Email is still a default and universal way to do it.
* Literally every enterprise service supports #email notifications, even if it’s #integration capabilities are rather limited. So, with Email Bot you can automatically process such notifications.
* Email is good, simple, reliable and familiar way to communicate with humans. Send an #email – get response. Everyone can do it. So, #email #bot can make basic routine operations, like organizing the external meetings, pretty much like a human secretary.
* It’s easier to code Email #bot than any other interface, and the code can be reused for other communication channels, for example messaging apps.
I get #email messages from IMAP server in python3 using #easyimap module.
#systemd #smtp #python3 #python #MIME #integration #imap #email #easyimap #cron #bot #API
Read more: https://avleonov.com/2019/02/18/how-to-make-email-bot-service-in-python/
I spent a lot of time last week working with the new API of Kaspersky Security Center 11. KSC is the administration console for Kaspersky Endpoint Protection products. And it has some pretty interesting features besides the antivirus/antimalware, for example, vulnerability and patch management. So, the possible integrations with other security systems might be quite useful.
A fully functional API was firstly presented in this latest version of KSC. It’s is documented pretty well, but in some strange way. In fact, the documentation is one huge .chm file that lists the classes, methods of these classes and data structures with brief descriptions. It’s not a cookbook that gives a solution for the problem. In fact, you will need to guess which methods of which classes should be used to solve your particular task.
For the first task, I decided to export the versions of Kaspersky products installed on the hosts. It is useful to control the endpoint protection process: whether all the necessary agents and products were installed on the hosts or not (and why not). So, see the python code with my comments in my blog. 😉
#API #EndpointProtection #Kaspersky #KSC #KSC11 #python #python3
A fully functional API was firstly presented in this latest version of KSC. It’s is documented pretty well, but in some strange way. In fact, the documentation is one huge .chm file that lists the classes, methods of these classes and data structures with brief descriptions. It’s not a cookbook that gives a solution for the problem. In fact, you will need to guess which methods of which classes should be used to solve your particular task.
For the first task, I decided to export the versions of Kaspersky products installed on the hosts. It is useful to control the endpoint protection process: whether all the necessary agents and products were installed on the hosts or not (and why not). So, see the python code with my comments in my blog. 😉
#API #EndpointProtection #Kaspersky #KSC #KSC11 #python #python3
Alexander V. Leonov
Kaspersky Security Center 11 API: getting information about hosts and installed products
Kaspersky Security Center 11 API: getting information about hosts and installed products. I spent a lot of time last week working with the new API of Kaspersky Security Center 11. KSC is the administration console for Kaspersky Endpoint Protection products.
I recently figured out how to work with Microsoft Active Directory using Python 3. I wanted to get a hierarchy of Organizational Units (OUs) and all the network hosts associated with these OUs to search for possible anomalies.
Some code examples are in my blog: https://avleonov.com/2019/08/12/how-to-get-the-organization-units-ou-and-hosts-from-microsoft-active-directory-using-python-ldap3/
#API #AssetManagement #ActiveDirectory #AD #BeyondTrust #LDAP #ldap3 #Microsoft #MicrosoftADExplorer #OU #PowerShell #python #python3
Some code examples are in my blog: https://avleonov.com/2019/08/12/how-to-get-the-organization-units-ou-and-hosts-from-microsoft-active-directory-using-python-ldap3/
#API #AssetManagement #ActiveDirectory #AD #BeyondTrust #LDAP #ldap3 #Microsoft #MicrosoftADExplorer #OU #PowerShell #python #python3
I decided to publish my simple console Password Manager. I called it barapass (github). I've been using It for quite some time in Linux and in Windows (in WSL). Probably it will also work natively in Windows and MacOS with minimal fixes, but I haven’t tried it yet.
I've also described in my blog:
* Why do people use password managers?
* How to use barapass? (installation, encrypting and decrypting files, earching in encrypted file)
* Is it safe to copy passwords to clipboard?
Read here: https://avleonov.com/2019/09/17/barapass-console-password-manager/
#barapass #concept #AES #CLI #crypto #Linux #password #python #python3 #WSL #xclip
I've also described in my blog:
* Why do people use password managers?
* How to use barapass? (installation, encrypting and decrypting files, earching in encrypted file)
* Is it safe to copy passwords to clipboard?
Read here: https://avleonov.com/2019/09/17/barapass-console-password-manager/
#barapass #concept #AES #CLI #crypto #Linux #password #python #python3 #WSL #xclip
Media is too big
VIEW IN TELEGRAM
This will be an update to my post from 2017. In that post, I presented a small python script that parses Nessus XML reports and returns a dictionary with all the data. It worked pretty well for me until the most recent moment when I needed to get compliance data from Nessus scan reports, and it failed. So I researched how this information is stored in a file, changed my script a bit, and now I want to share it with you.
This video on YouTube
#Video #VulnerabilityManagement #etree #lxml #Nessus #python #python3 #Tenable #TenableSecurityCenter #xml
This video on YouTube
#Video #VulnerabilityManagement #etree #lxml #Nessus #python #python3 #Tenable #TenableSecurityCenter #xml
It will be an off-topic, but I really wanted to share this with you. Adding your own tools in Notepad++ makes it much more fun! 😊
I have to say, I spend a lot of time daily in Notepad++ text editor for Windows. I keep my “logbook” there. I record what I am doing now and what needs to be done. This allows me not to keep everything in my head and switch the context more efficiently. I can recommend this to everyone. And it is especially useful to note when you started working on a task and when you finished. This gives an understanding of what actually takes your time. I’m not a fan of very strict and formal techniques such as pomodoro, but using some form of time management is good.
Recording timestamps manually is inconvenient. It would be much easier to press a key combination and automatically insert the current timestamp into the document. It turned out that this is possible, and even more – you can get the results of any Python script this way!
Youtube video
Blogpost with all links
#Notepadpp #plugin #python #PythonScript #shortcuts #Windows
I have to say, I spend a lot of time daily in Notepad++ text editor for Windows. I keep my “logbook” there. I record what I am doing now and what needs to be done. This allows me not to keep everything in my head and switch the context more efficiently. I can recommend this to everyone. And it is especially useful to note when you started working on a task and when you finished. This gives an understanding of what actually takes your time. I’m not a fan of very strict and formal techniques such as pomodoro, but using some form of time management is good.
Recording timestamps manually is inconvenient. It would be much easier to press a key combination and automatically insert the current timestamp into the document. It turned out that this is possible, and even more – you can get the results of any Python script this way!
Youtube video
Blogpost with all links
#Notepadpp #plugin #python #PythonScript #shortcuts #Windows
YouTube
Add new features to Notepad++ using Python scripts: keyboard shortcut to insert current time
I have to say, I spend a lot of time daily in Notepad++ text editor for Windows. I keep my “logbook” there. I record what I am doing now and what needs to be...