Skip to content

Instantly share code, notes, and snippets.

View peterschretlen's full-sized avatar

Peter Schretlen peterschretlen

7 followers · 2 following
  • Toronto
View GitHub Profile
@peterschretlen
peterschretlen / 1000_dummy_siem_rules.ndjson
Created January 16, 2020 22:16
1000 Dummy SIEM Rules
{"created_at":"2020-01-16T20:22:12.380Z","created_by":"elastic","description":"abc","enabled":true,"false_positives":[],"filters":[],"from":"now-240s","id":"f602fcd6-4ee4-4122-989b-c3459126c20a","immutable":false,"index":["auditbeat-*"],"interval":"1m","language":"kuery","max_signals":8000,"meta":{"from":"3m"},"name":"abc","output_index":".siem-signals-default","query":"agent.name : \"abc\"","references":[],"risk_score":21,"rule_id":"b9b5ddca-bd29-4b6e-9481-619c34d2c65c","severity":"low","tags":[],"threats":[],"to":"now","type":"query","updated_at":"2020-01-16T20:22:12.380Z","updated_by":"elastic","version":1}
{"created_at":"2020-01-16T20:22:20.553Z","created_by":"elastic","description":"abc","enabled":true,"false_positives":[],"filters":[],"from":"now-240s","id":"048a1b55-5be4-443f-b51b-259dc91c9d98","immutable":false,"index":["auditbeat-*"],"interval":"1m","language":"kuery","max_signals":8000,"meta":{"from":"3m"},"name":"abc","output_index":".siem-signals-default","query":"agent.name : \"abc\"","references
@peterschretlen
peterschretlen / alert.ts
Created September 27, 2019 13:10
geo-fence alert POC (7.3)
import { AlertType, AlertExecutorOptions } from '../../../../x-pack/legacy/plugins/alerting'
import Joi from 'joi';
import { AlertServices } from 'x-pack/legacy/plugins/alerting/server/types';
import { vehicleLocationsIndex } from '../constants';
import { Client } from "@elastic/elasticsearch";
import { AlertInstance } from 'x-pack/legacy/plugins/alerting/server/lib';
import moment from 'moment';
export function geoFenceAlert(): AlertType {
@peterschretlen
peterschretlen / .block
Last active December 27, 2017 19:31
Record Count Example
license: mit
height: 300
scrolling: no
border: no
@peterschretlen
peterschretlen / .block
Last active December 27, 2017 19:20
QPS Distribution
license: mit
height: 300
scrolling: no
border: no
@peterschretlen
peterschretlen / .block
Last active December 27, 2017 19:13
QPS Example
license: mit
height: 300
scrolling: no
border: no
@peterschretlen
peterschretlen / .block
Last active December 1, 2017 15:04
Events - Data Distribution
license: mit
height: 700
scrolling: no
border: no
@peterschretlen
peterschretlen / .block
Last active November 30, 2017 15:05
Event Data Sunburst - Vega
license: mit
height: 700
@peterschretlen
peterschretlen / spec.json
Last active August 9, 2017 18:43
Vega Treemap Example
{
"$schema": "https://vega.github.io/schema/vega/v3.0.json",
"width": 700,
"height": 700,
"padding": 2,
"signals": [
{
"name": "level", "value": "level3",
"bind": {
@peterschretlen
peterschretlen / .block
Last active June 29, 2017 17:37
vega-lite tile map 2
license: mit
@peterschretlen
peterschretlen / .block
Last active June 29, 2017 15:49
vega-lite tile map
license: mit