3 uses for random decision trees / forests you (maybe) didn’t know about

Posted on by David Vassallo

Decision tree forests rightly get a lot of attention due to their robust nature, support for high dimensions and easy decipherability. The most well known uses of decision tree forests are: Classification - given a set of samples with certain features, classify the samples into discrete classes which the model has been trained on. Regression … Continue reading 3 uses for random decision trees / forests you (maybe) didn’t know about

Adding tile caching to maps in React-Leaflet

Posted on by David Vassallo

While writing a toy project that heavily relies on maps, I chose Leaflet as the map rendering library. From their site: Leaflet is the leading open-source JavaScript library for mobile-friendly interactive maps. Weighing just about 38 KB of JS, it has all the mapping features most developers ever need. The ease of use and ability to use different tile … Continue reading Adding tile caching to maps in React-Leaflet

Encrypting traffic in transit to Apache NiFi

Posted on by David Vassallo

In this article we'll explain how to encrypt traffic going to an HTTP handler in NiFi, which is then forwarded to a backend HTTP server - in other words, an SSL offloading reverse proxy. Encrypting traffic in transit to NiFi involves the following steps: Creating a keystore containing a CA certificateCreating a truststore, which contains … Continue reading Encrypting traffic in transit to Apache NiFi

Monitoring DNS requests with PowerShell

Posted on by David Vassallo

@CyberSift we're big fans of monitoring DNS. While there are malware campaigns out there which communicate directly with hard coded IP addresses, monitoring DNS is a good strategy for keeping tabs on what's going on in your environment. When it comes to monitoring windows hosts, Sysmon is an absolute must. There's tons of information out … Continue reading Monitoring DNS requests with PowerShell

Is it Elastalert? No – it’s NiFi!!

Posted on by David Vassallo

One common requirement for users of Elasticsearch is to have automatic alerts sent out whenever some query gets matched, or when some other condition gets satisfied. In fact, Yelp have come up with a python-based solution for this in the form of Elastalert, which at time of writing, is extremely popular with over 5.5K stars … Continue reading Is it Elastalert? No – it’s NiFi!!

Consuming Netflow using NiFi

Posted on by David Vassallo

The problem Several network devices (especially Cisco) tend to use netflow for auditing network connections. It would be useful to log these connections in a structured data store (Elasticsearch is my data store of choice). Alternative Solutions Using the elasticsearch netflow module: https://www.elastic.co/guide/en/logstash/current/netflow-module.htmlThis works well right out of the box, and supports all netflow versions. … Continue reading Consuming Netflow using NiFi

Lessons Learned: GoLang GORM – filtering associations

Posted on by David Vassallo

The problem Given the following code: type User struct { gorm.Model Username string Orders []Order } type Order struct { gorm.Model UserID uint Foobar string } The above Golang code defines a "Has Many" association, leading to a schema where a "User" "has many" "Orders", with the "user_id" key acting as a foreign key. How … Continue reading Lessons Learned: GoLang GORM – filtering associations