Skip to content

Instantly share code, notes, and snippets.

View nickpieper's full-sized avatar

Nick Pieper nickpieper

5 followers · 14 following
  • Hampton Roads, Virginia
View GitHub Profile
@ag-michael
ag-michael / FalconHuntqueries.md
Last active September 6, 2024 09:53
Falcon hunt queries

timestamp convert:


 convert ctime(timestamp/1000)

.top,.club,.xyz,.ru domain lookups where the amount of lookup for the domain is more than 1 and less than 4 per computer


aid=* event_simpleName=DnsRequest | regex DomainName=".*\.top$|.*\.club$|.*\.xyz$|.*\.ru$|[0-9]+.*\.\w$" | stats values(ComputerName) count by DomainName| where count <4 | sort – count
@halr9000
halr9000 / Export-SplunkSearch.ps1
Created September 18, 2013 04:27
Splunk export search job using PowerShell
# Conversion of http://docs.splunk.com/Documentation/Splunk/latest/RESTAPI/RESTsearch#search.2Fjobs.2Fexport
# example using curl, to PowerShell with Invoke-RestMethod cmdlet
#
# $ curl -k -u admin:changeme https://localhost:8089/services/search/jobs/export
# --data-urlencode search="search index=_internal | stats count by sourcetype"
# -d output_mode=json -d earliest="rt-5m" -d latest="rt"
$cred = Get-Credential
# This will allow for self-signed SSL certs to work
@urschrei
urschrei / parseml.py
Last active August 18, 2024 03:03
Extract attachments from EML files in the current dir, and write them to the output subdir
#!/usr/bin/env python
"""
2020 update:
- More iterators, fewer lists
- Python 3 compatible
- Processes files in parallel
(one thread per CPU, but that's not really how it works)
"""