Ryland Herrick rylnd
rylnd
/ derive_import_payload_from_package_rules.sh
Last active
November 21, 2024 20:32
Rule Import Benchmarking, Mark II
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| RULE_PATH="${1:-.}" | |
| echo "Rule Path: $RULE_PATH" | |
| IMPORT_FILE="${2:-rules.ndjson}" | |
| echo "Import file: $IMPORT_FILE" | |
| rule_count=0; |
rylnd
/ sdh.sh
Created
June 28, 2024 20:02
WIP script to update rules to use event.ingested instead of @timestamp
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # | |
| # Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | |
| # or more contributor license agreements. Licensed under the Elastic License | |
| # 2.0; you may not use this file except in compliance with the Elastic License | |
| # 2.0. | |
| # | |
| set -e |
rylnd
/ example.http
Last active
May 3, 2023 22:07
Aggregate over multiple types of documents, grouping by common fields
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| GET risk_score,watchlist/_search | |
| { | |
| "size": 0, | |
| "aggs": { | |
| "identities": { | |
| "composite": { | |
| "sources": [ | |
| { | |
| "identityField": { | |
| "terms": { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # for each identifier (example with user.name) | |
| GET risk-score-demo/_search | |
| { | |
| "size": 0, | |
| "query": { | |
| "bool": { | |
| "must": [ | |
| { | |
| "match": { | |
| "event.category": "risk" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const RiskReasonLocation = '.alerts*' // configurable in future | |
| const IdentifierMapping = [ | |
| {sourceField: 'host.name', entityField: 'host.name'}, | |
| {sourceField: 'user.name', entityField: 'user.name'}, | |
| ]; // configurable in future | |
| for (Identifier of IdentifierMapping) { | |
| GET(`${RiskReasonLocation}/_search`, { | |
| 'event.type': 'risk_reason', | |
| [Identifier.sourceField]: '*', |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## REINDEX DEMO | |
| DELETE events-1 | |
| DELETE security-events-1 | |
| PUT events-1 | |
| { | |
| "mappings": { | |
| "properties": { | |
| "@timestamp": { |
rylnd
/ fix_affected_rule.sh
Last active
July 8, 2022 17:23
— forked from spong/bulk_add_actions_to_all_rules.sh
Bulk Update Rules' API Keys
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| KIBANA_URI="${KIBANA_URL:-"http://localhost:5601"}" | |
| KIBANA_USR="${KIBANA_USER:-"elastic"}" | |
| KIBANA_PWD="${KIBANA_PASS:-"changeme"}" | |
| KIBANA_SPACE="${SPACE_ID:-""}" | |
| if [ -n "$KIBANA_SPACE" ]; then | |
| SPACE_PART="s/${KIBANA_SPACE}/" | |
| fi |
rylnd
/ example_request.ts
Last active
August 6, 2020 19:30
Proposal: Using io-ts to validate request/response
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| type I = unknown; | |
| type A = RequestOverWire // snake case, optionals | |
| type O = RequestToUse // camelCase, all keys present, values defaulted | |
| | |
| // frontend | |
| const request: I = { id: 'my-id' }; | |
| const payload: A = requestSchema.decode(request); | |
| if (isLeft(payload)) { | |
| displayErrors(payload); | |
| } else { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # outside of a repo | |
| git init test | |
| cd test | |
| time git status | |
| for i in {1..40000}; do touch $i; done | |
| time git status | |
| git add . | |
| git commit -m "adding files" | |
| time git status |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # a/b.rb | |
| module A | |
| module B | |
| THING = 'thing' | |
| end | |
| end |
NewerOlder