-
Filtering in rsyslog
If you use rsyslog as a syslog collector in front of your Splunk indexers, I will show you a way to filter out data in rsyslog, to avoid spending valuable indexer or forwarder resources.
-
Why you have to start loving JSON and stop using XML
I recently had to onboard XML data in to Splunk. To say the least, this is not something that is done straight out of the box. This time around I decided to try to work smarter, so I started looking into tools to convert the XML data into something acceptable for Splunk – enter JSON. […]
-
Add trusted root certificate to python running under Splunk context [DRAFT]
Create a .py file with the following content: Run the script in the context of Splunk: Then add your certificate in base64-format to this file to let Splunk trust your SSL-inspecting proxy. Bear in mind that this file is write-protected, so you might need to chmod u+w /exp/splunk/lib/python2.7/site-packages/certifi/cacert.pem and then chmod u-w after changing the […]
-
GIAC Network Forensic Analyst (GNFA)
Had a great time taking SANS FOR572 in Amsterdam back in August 2019. Nailed the exam with 90% in December, making me a GIAC certified network forensic analyst (GNFA). This is my second GIAC certification. I earned the GIAC Certified Detection Analyst (GCDA) in october of 2018.
-
Retrieve the full certificate chain from a server
Retrieve the full certificate chain from a server (any port): openssl s_client -host sipfed.online.lync.com -port 5061 -prexit -showcerts