Main menu

Query CIF from Logstash

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

Logs are not just a stream of information. Logs and events can tell a story about what happened, when, why, how, and who done it. Thus, any company ignoring their logs have a real challenge when dealing with information security.

To help your logs tell the story, it’s best to augment them with other bits of information. Typically, this is done after the fact by an analyst or investigator. The down side to this, is that it’s after the event has happened, and in a lot of scenarios, the augmented data has changed. The IP for a domain name has changed for example.

Beyond that, there is already intelligence lists that provide details on any given IP, Domain name, file hash and other metadata.

In this post, we’ll explore bridging the Collective Intelligence Framework version 2 (CIFv2) and those logs using Logstash.

Read more ... Add new comment

Build your Own MusicBrainz Server

User Rating: 5 / 5

Star ActiveStar ActiveStar ActiveStar ActiveStar Active

This is cataloging how I build my own MusicBrainz Server. Dated: March 2013. This makes the assumption you know how to manage virtual machines, and use linux.

  1. Download the .ova virtual appliance import file from http://musicbrainz.org/doc/MusicBrainz_Server/Setup
  2. Prior to booting, Change the VM Name and add an extra temp drive (You'll need it for downloading the latest DB)
  3. Once booted, partition, format and mount the temp drive somewhere (I suggest /tmp/dumps to work with future commands)
  4. Log into the appliance and download the latest databases from http://ftp.musicbrainz.org/pub/musicbrainz/data/fullexport/ onto the temp drive
    • Note: You will need over 20G of temp space to decompress all the DBs, I suggest you only start with mbdump.tar.bz2, mbdump-editor.tar.bz2 and mbdump-derived.tar.bz2
  5. Following the "Import Database" from https://github.com/metabrainz/musicbrainz-server/blob/master/INSTALL.md
    1. Create a working temp directory under your dumps directory: mkdir /tmp/dumps/tmp
    2. cd ~/musicbrainz-server
    3. You will need to drop the existing Database: dropdb -U postgres musicbrainz_db
    4. Finally import the new DB: carton exec ./admin/InitDb.pl -- --createdb --import /tmp/dumps/mbdump*.tar.bz2 --echo --tmp-dir=/tmp/dumps/tmp
  6. Run the replication script to bring you up to "now" ~/run_replication.sh
  7. Test the server by connecting to the DB - Possible test using Picard
  8. Enable full repllication following these steps: http://musicbrainz.org/doc/MusicBrainz_Server/Setup#Running_Replication

 

My Jeep Liberty

User Rating: 5 / 5

Star ActiveStar ActiveStar ActiveStar ActiveStar Active

2015 Jeep Cherokee Trailhawk

Stock - for now :)

2003 Jeep KJ (Liberty) Sport with Sunroof  (RIP 2014)


Mods:
Head Unit - Sony Xplod CDX-MP40
300Watt Amp - Pioneer GM-3100T
300Watt Sub - Pioneer TS-WX100BP
CB Radio and Antenna - Howto
EVIC (56042749AE Preferably) - Howto
Cruise Control - Howto (Writen by Me!)
Rear Window Protector - Howto

Todo:
Power Seats - Howto
5 Bolt the Rear Spare - Howto
Rear Cabin Light - Howto
Foot Curisy Lights - Howto

My How-To's are coming from here.

Click Here for More

Subcategories

Security Article Count:  15

Stripe CTF - Aug 12 Article Count:  10

OSSIM and LogStash Build Article Count:  2

Latest Article Count:  83