If at first you don't succeed; call it version 1.0
@CyberSift we're big fans of monitoring DNS. While there are malware campaigns out there which communicate directly with hard coded IP addresses, monitoring DNS is a good strategy for keeping tabs on what's going on in your environment. When it comes to monitoring windows hosts, Sysmon is an absolute must. There's tons of information out … Continue reading Monitoring DNS requests with PowerShell
One common requirement for users of Elasticsearch is to have automatic alerts sent out whenever some query gets matched, or when some other condition gets satisfied. In fact, Yelp have come up with a python-based solution for this in the form of Elastalert, which at time of writing, is extremely popular with over 5.5K stars … Continue reading Is it Elastalert? No – it’s NiFi!!
The problem Several network devices (especially Cisco) tend to use netflow for auditing network connections. It would be useful to log these connections in a structured data store (Elasticsearch is my data store of choice). Alternative Solutions Using the elasticsearch netflow module: https://www.elastic.co/guide/en/logstash/current/netflow-module.htmlThis works well right out of the box, and supports all netflow versions. … Continue reading Consuming Netflow using NiFi
The problem Given the following code: type User struct { gorm.Model Username string Orders []Order } type Order struct { gorm.Model UserID uint Foobar string } The above Golang code defines a "Has Many" association, leading to a schema where a "User" "has many" "Orders", with the "user_id" key acting as a foreign key. How … Continue reading Lessons Learned: GoLang GORM – filtering associations
Problem - What are we trying to solve? Let's assume you have the beginnings of a simple distributed system: You use redis as your event queueYou have a "master" python script that pickles a python class, and sends it to your redis queueYou have a "worker" python script that waits for a new event, unpickles … Continue reading Python Pickling in the cloud (or how to get python to execute code it hasn’t seen yet)
Linear regression is often one of the first algorithms that data analysts are introduced to. The intuition is simple: find the best line that fits a given data set. For example, given the below data set: you'd probably answer with something along these lines: That is, in fact, the answer given by Linear Regression. However, … Continue reading Exploring Gaussian Process vs Linear Regression
This project highlights how to use BokehJS to (very) easily include Bokeh visualizations in an HTML webpage. The project uses the following tech: Bootstrapped with Create React App. Bokeh is an excellent python vizualization library that is quite popular among data scientists. Bokeh Homepage Flask is a python webserver microframework that allows you to quickly … Continue reading Embedding Bokeh into a ReactJS app using BokehJS
