This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // log-health.gs — Apps Script for Log-Source Health Monitoring | |
| // | |
| // Delivers Slack notifications for the log_health pipeline: | |
| // - checkAnomalies (every 10 min): posts new SPIKE/DIP/FULL_STOP/NEW_SOURCE | |
| // alerts from the anomalies table. | |
| // - dailyDigest (daily): source-by-source status, 24h alert tally, | |
| // unclassified NEW_SOURCE callout, and candidate-only watchlist. | |
| // - weeklyPipelineHealth (Mondays): reads pipeline_health_status; posts if | |
| // any log_health scheduled job didn't run in the last 25h. | |
| // - weeklyUnspecifiedGrowth (Mondays): reads unspecified_growth_status; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| """Seed + reassessment tool for log_health.source_config / excluded_log_types. | |
| Setup and full context: https://lopes.id/log/log-health-monitoring | |
| Before using, adjust the --project and --dataset flags on `emit` to match your | |
| environment (defaults: chronicle-self / log_health, per the blog's placeholders). | |
| Three subcommands: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| Google Chronicle Data Table Cleaner | |
| This script provides a mechanism for granular row-level expiration in Google | |
| Chronicle Data Tables. It connects to the Chronicle API, iterates through all | |
| data tables in a specified instance, and removes rows based on a custom | |
| expiration date field. | |
| FEATURES | |
| - Row-level TTL: Deletes individual rows from Data Tables when their |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ''' | |
| Reads all secret-scanning findings from GitHub and outputs them in a JSON file. | |
| Author: Joe Lopes <lopes.id> | |
| Date: 2025-05-24 | |
| License: MIT | |
| Usage: | |
| - A GitHub Fine Grained Personal Access Token (FGPAT) with sufficient permissions to read | |
| secret scanning findings |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ''' | |
| Cleans up lines in the reference lists in Chronicle SIEM with expired dates. | |
| This script can be used to clean up some or all Reference Lists in Chronicle SIEM. | |
| It scans each list and removes expired lines with the same pattern it is set to | |
| monitor. Lines outside this pattern are just ignored. The pattern is: | |
| <value> // expires:YYYY-MM-DD | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| #moth.py | |
| ''' | |
| Convert Kindle, Kindle HTML, or O'Reilly annotations to JSON or Markdown. | |
| Usage: | |
| moth.py -i <input> -o <output> [-s <source>] [-f <format>] | |
| Examples: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Product: MISP Threat Intelligence | |
| # Category: Information Security | |
| # Supported Format: JSON | |
| # Reference: https://medium.com/@thatsiemguy/how-to-integrate-misp-and-chronicle-siem-9e5fe5fde97c | |
| # Last Updated: 2024-06-01 | |
| filter { | |
| ## | |
| # BASIC VARIABLES ASSERTION AND FIELDS EXTRACTION | |
| # |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/local/bin/python3 | |
| ''' | |
| Monitors some log files and send new entries to syslog. | |
| This script requires a config file to import paths to the files. | |
| The main concept is that there are a repository with log files | |
| (which I call 'source files') and an auxiliary repository of | |
| files ('working files'). | |
| The idea here is to create a copy of source files in the work | |
| directory, then calculating the diff between the source files |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # | |
| # Simple examples on using different block cipher modes | |
| # of operation (NIST SP 800-38A) with AES. | |
| # | |
| # Warning: this script is just an example! You must be | |
| # very confident on your work (or insane) to implement | |
| # this kind of code in production, because it's safer | |
| # to use wide tested frameworks like PyNaCl. | |
| # |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import re | |
| import logging | |
| from imaplib import IMAP4_SSL | |
| from email import message_from_bytes | |
| from email.parser import HeaderParser | |
| from email.header import decode_header, make_header | |
| from email.utils import parsedate_to_datetime, localtime |
NewerOlder