Category: Uncategorized

  • Filtering in rsyslog

    If you use rsyslog as a syslog collector in front of your Splunk indexers, I will show you a way to filter out data in rsyslog, to avoid spending valuable indexer or forwarder resources.

  • Why you have to start loving JSON and stop using XML

    I recently had to onboard XML data in to Splunk. To say the least, this is not something that is done straight out of the box. This time around I decided to try to work smarter, so I started looking into tools to convert the XML data into something acceptable for Splunk – enter JSON. […]

  • GIAC Network Forensic Analyst (GNFA)

    Had a great time taking SANS FOR572 in Amsterdam back in August 2019. Nailed the exam with 90% in December, making me a GIAC certified network forensic analyst (GNFA). This is my second GIAC certification. I earned the GIAC Certified Detection Analyst (GCDA) in october of 2018.

  • Retrieve the full certificate chain from a server

    Retrieve the full certificate chain from a server (any port): openssl s_client -host -port 5061 -prexit -showcerts