11/3に行うRAMにて実施するTutorialです.
全体の流れは以下に示すとおりです.
- Dockerを使ってElasticsearch
- Dockerを使ってMoloch
- Molochでpcapを解析
- 解析結果を眺める
shunkin shunkino
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * Your Stylesheet | |
| * | |
| * This stylesheet is loaded when Atom starts up and is reloaded automatically | |
| * when it is changed and saved. | |
| * | |
| * Add your own CSS or Less to fully customize Atom. | |
| * If you are unfamiliar with Less, you can read more about it here: | |
| * http://lesscss.org | |
| */ |
shunkino
/ convert_colorscale_function.py
Created
November 28, 2018 05:42
Function to convert colorscale format. for my blog.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import numpy as np | |
| import colorlover as cl | |
| def convert_colorscale_format(colorscale): | |
| plotly_colorscale = [] | |
| for index, sec_value in enumerate(np.linspace(0, 1, len(colorscale))): | |
| plotly_colorscale.append([sec_value, colorscale[index]]) | |
| return plotly_colorscale |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import plotly.graph_objs as go | |
| from plotly.offline import download_plotlyjs, init_notebook_mode, plot, iplot | |
| import numpy as np | |
| import colorlover as cl | |
| N = 10000 | |
| cluster_id = [np.random.randint(N/1000) for val in range(N)] | |
| trace = go.Scattergl( | |
| x = np.random.randn(N), |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import plotly.graph_objs as go | |
| from plotly.offline import download_plotlyjs, init_notebook_mode, plot, iplot | |
| import numpy as np | |
| N = 10000 | |
| cluster_id = [np.random.randint(N/1000) for val in range(N)] | |
| trace = go.Scattergl( | |
| x = np.random.randn(N), | |
| y = np.random.randn(N), | |
| mode = 'markers', | |
| marker = dict( |
shunkino
/ convert_colorscale.py
Created
November 28, 2018 05:36
color scale converter file for my blog
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import plotly.graph_objs as go | |
| from plotly.offline import download_plotlyjs, init_notebook_mode, plot, iplot | |
| import numpy as np | |
| import colorlover as cl | |
| def convert_colorscale_format(colorscale): | |
| plotly_colorscale = [] | |
| for index, sec_value in enumerate(np.linspace(0, 1, len(colorscale))): | |
| plotly_colorscale.append([sec_value, colorscale[index]]) | |
| return plotly_colorscale | |
| # %% |
shunkino
/ elasticsearch_moloch_query.py
Last active
November 27, 2018 18:01
query to moloch example for my blog
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from elasticsearch import Elasticsearch | |
| es = Elasticsearch(['elasticsearch:9200']) | |
| response = es.search( | |
| index="sessions2-181016", | |
| body={ | |
| "size": 0, | |
| "query": { | |
| "bool": { | |
| "filter": { | |
| "bool": { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server.host: "0.0.0.0" | |
| elasticsearch.url: "http://elasticsearch:9200" |
shunkino
/ packet_analysis_conda.yml
Created
November 6, 2018 05:47
Anaconda env for packet analysis
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: base | |
| channels: | |
| - anaconda | |
| - activisiongamescience | |
| - conda-forge | |
| - defaults | |
| dependencies: | |
| - geoip2=2.2.0=py36_0 | |
| - libmaxminddb=1.1.4=0 | |
| - maxminddb=1.2.0=py36_0 |
shunkino
/ docker-compose.yml
Last active
November 6, 2018 01:54
docker-compose file for elasticsearch blog. This is for newer versions of elasticsearch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: '2' | |
| services: | |
| kibana: | |
| image: docker.elastic.co/kibana/kibana:6.4.2 | |
| container_name: kibana | |
| volumes: | |
| - ./kibana.yml:/usr/share/kibana/config/kibana.yml | |
| ports: | |
| - 5601:5601 | |
| networks: |
NewerOlder