winlogbeat -> logstash -> elastic

 good tutorial here

Creating Template for elastic index

 Elastic will auto create index when it receive request from client.

If the index state by the client not exist, it will auto create it base on template.

List of available template:

    GET /_template

To put new template:

PUT /_template/supertimeline
{
    "index_patterns": "st-*",
    "settings": {
        "index" : {
        "refresh_interval": "10s" ,
        "number_of_shards" : 20,
        "number_of_replicas" : 1
        }
    }
}

Edit Pcap guna Scapy

 Scapy adalah library python yang boleh digunakan untuk edit packet dalam dalam fail pcap.

Cara nak tukar timestamp pada setiap packet

from scapy.all import *

pkts = rdpcap(infile)
for p in pkts:

    p.time = p.time + tukar

    pmod=p

    cooked.append(pmod)

wrpcap("out.pcap", cooked) 

 

Cara nak tukar mac address

mac_asal = a
mac_baru = b

if ARP in p:
    if p[ARP].hwsrc == mac_asal
           p[ARP].hwsrc = mac_baru

Windows command Line

enable/disable firewall

netsh advfirewall set  currentprofile state off

netsh advfirewall set  allprofiles state off

enable file sharing:

netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes, and hit Enter.

create share folder:

net share Public=s:\Public /GRANT:Everyone,FULL

net share share_folder_name /delete

map share folder:

net use Z: \\computer_name\share_name /PERSISTENT:YES

net use  Z: /delete

Copy folder recursive:

Xcopy C:\test D:\test /E /H /C /I

• /E – Copy subdirectories, including any empty ones.

• /H - Copy files with hidden and system file attributes

• /C - Continue copying even if an error occurs.

• /I - If in doubt, always assume the destination is a folder. e.g. when the destination does not exist.
  
  
  
  


sd