-
Filtering in rsyslog
If you use rsyslog as a syslog collector in front of your Splunk indexers, I will show you a way to filter out data in rsyslog, to avoid spending valuable indexer or forwarder resources.
-
Why you have to start loving JSON and stop using XML
I recently had to onboard XML data in to Splunk. To say the least, this is not something that is done straight out of the box. This time around I decided to try to work smarter, so I started looking into tools to convert the XML data into something acceptable for Splunk – enter JSON. […]
-
GIAC Network Forensic Analyst (GNFA)
Had a great time taking SANS FOR572 in Amsterdam back in August 2019. Nailed the exam with 90% in December, making me a GIAC certified network forensic analyst (GNFA). This is my second GIAC certification. I earned the GIAC Certified Detection Analyst (GCDA) in october of 2018.
-
Retrieve the full certificate chain from a server
Retrieve the full certificate chain from a server (any port): openssl s_client -host sipfed.online.lync.com -port 5061 -prexit -showcerts