weslambert

icon indicating a website link https://infosec.exchange/@weslambert icon indicating an email [email protected]

icon company Security Onion Solutions LLC icon location Augusta, GA icon location Lead Engineer, NSM at Target

Results 83 comments of weslambert

API POST example

@tomchop, Should this be done through a pull request? I noticed we are not able to modify the wiki. Thanks, Wes

Pulling comment field through API

I've used HTML scraping with Python and XPath as an alternative, however, it would still be nice to have this exposed through the API, if possible.

Pulling comment field through API

@egd-io , Just following up... Would you be able to share how you accomplished this? Thanks, Wes

Medium URLs

I can try giving this a shot when I get some free time -- would love to dig in and learn more about it.

FEATURE: Allow for setting Filebeat logging.level value in pillar

https://github.com/Security-Onion-Solutions/securityonion/pull/4773

FEATURE: Add linting/lexing when updating YARA rules for Strelka

- `python3-yara` Maybe something like the following as a standalone script, or added to so-yara-update: ``` #!/usr/bin/python3 import argparse import yara from pathlib import Path parser = argparse.ArgumentParser() parser.add_argument('--path', '-p',...

Simplify removing IPs from analyst firewall

Maybe a wrapper named`so-disallow`, which we have in the current platform?

Create EDR & AV apps

Will have PR for [Velociraptor](https://github.com/Velocidex/velociraptor) in soon.

Create Threat Intelligence apps

I might be able to help with putting something to together. Let me know!

Invalid JSON Output for Signing Info

@objective-see, any thoughts around this issue?