Pinned Repositories
exporttool
This is a python script that can be run on each Splunk Indexer for the purpose of exporting historical bucket data (raw events + metadata) at scale by balancing the work across multiple CPUs then forwarding to Cribl.
ja3
JA3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way.
jekyll-react
parq_read
read parquet files and output in k=v format
pdns
Passive DNS Project
PowerShell
scripts and configs from .conf2016 talk on Hunting the Known Unknowns PowerShell Edition
TA-bro_json
Splunk bro TA for json output
wos2016
sbrant's Repositories
sbrant/PowerShell
scripts and configs from .conf2016 talk on Hunting the Known Unknowns PowerShell Edition
sbrant/pdns
Passive DNS Project
sbrant/TA-bro_json
Splunk bro TA for json output
sbrant/ja3
JA3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way.
sbrant/parq_read
read parquet files and output in k=v format
sbrant/wos2016
sbrant/exporttool
This is a python script that can be run on each Splunk Indexer for the purpose of exporting historical bucket data (raw events + metadata) at scale by balancing the work across multiple CPUs then forwarding to Cribl.
sbrant/jekyll-react
sbrant/ps_bro
sbrant/pssl
sbrant/SA-user_gen
sbrant/speedtest
Home internet connection (speedtest, cable modem stats, local segment info)
sbrant/speedtest-cli
Command line interface for testing internet bandwidth using speedtest.net
sbrant/sysdig_play
sbrant/TA-ja3_pcap
sbrant/trustedtechnet.github.io
sbrant/zpivot
Pivot to other Zeek network activity from DNS logs