Travis Technical Review and Projects

Azure Data Explorer KQL cheat sheets : Kusto Query Language is a powerful intuitive query language, which is being used by many Microsoft Services. KQL Language concepts​   Relational operators (filters, union, joins, aggregations, …)​ Each operator consumes tabular input and produces tabular input​ Can be combined with ‘|’ (pipe).​ Sim...

Network and System Monitoring: SolarWinds:  Purpose it to have published information on Solarwinds I have utilized before from implementations and links to articles and how I had designed SolarWinds to work in other projects. SolarWinds Online Demo SolarWinds Syslog Troubleshooting Guide SIEM Security Solutions, Scripts and Resources: Security and Monitoring Standards: MITRE Attack Framework HP Arcsight ArcSite YouTube Demo

  Active Directory Migration Tools   Dcdiag- Purpose review active directory connections issues and logs. dcdiag command arguments [/v /f:LogFile /ferr:ErrLog ] dnslint.exe -This tool is a free download from Microsoft.   (See http://support.microsoft.com/ kb/321045 for the download location.) This tool can be used to help diagnose common DNS name resolution issues and to verify that DNS records used specifically for AD DS replication are correct ADDSSite.xlsx   - Spreadsheet template for documenting AD DS site info. ListADDSites.psl  - Powershell script for listing sites within AD ADMT Migration Services Microsoft CSVDE  - Active Directory Export to CSV file LDIFDE Utility AD Export.

EPS by logsource with QRADAR PSQL query tests and research By Travis Hutchings thutch901@gmail.com 971.226.6732  psql -A -F"," -U qradar -c "select sensordevice.id, sensordevice.hostname, sensordevice.devicename, sensordevicetype.devicetypename, to_timestamp(sensordevice.timestamp_last_seen/1000) from sensordevice, sensordevicetype where sensordevice.devicetypeid = sensordevicetype.id and sensordevice.deviceenabled = 't' and sensordevice.devicename not ilike '%wincollect%' and to_timestamp(sensordevice.timestamp_last_seen/1000) > now() - interval '30 days' order by to_timestamp(timestamp_last_seen/1000) desc" psql -A -F"," -U qradar -c "select sensordevice.id, sensordevice.hostname, sensordevice.devicename, sensordevicetype.devicetypename, to_timestamp(sensordevice.timestamp_last_seen/1000), to_timestamp(round(sensordevice.creationdate/1000) from sensordevice, sensordevicetype where sensordevice.devicetypeid = sensordevicety...

 Travis Hutchings Technology Resource Implementation and Resource Links Monitoring Scripts and Resources Linux Projects and Scripts      - GrayLog Server process flow and installation notes:                                 GrayLog Server process flow and installation notes      - Qradar Scripts and Articles:                  Qradar Disk Space Alert and Persistent Queue                  Qradar EPS by Log Source Script                 Postgres Research for EPS report by logsource Syslog-NG Resources and Links Syslog-ng. conf manipulation and changes     -Linux Scripts Windows Projects and Scripts Seterus Active Directory Project proposal Active Directory Migrations Microsoft Azure Resources and Links: Azure KQL Resources and Commands Arti...

______________________________________________________________________________________________________ Script examples written by Travis Hutchings thutch901@gmail.com 971.226.6732 _______________________________________________________ Bash shell script examples for eps by log source as csv: #Version: 1.5 #Owner: TravisH Corporation #Document Purpose: EPS storage metric script clientName="TravisH" emailFrom="qradar.activ@travishcorp.com" emailTo="Travis.H@travishcorp.com" listFile="/store/scripts/eps_storage_raw.csv" bodyFile="/store/scripts/eps_storage.csv cd /store/scripts/results/ /opt/qradar/support/deployment_info.sh -A echo "" >> $listFile echo "" >> $listFile echo "Log Source:" >> $listFile psql -A -F"," -U qradar -c "select sensordevice.hostname as LogSource, peakeps60s as EPS, to_timestamp(round(sensordevice.creationdate/1000)) as created, to_timestamp(sensordevice.times...

______________________________________________________________________________________________________ Script examples written by Travis Hutchings thutch901@gmail.com 971.226.6732 _______________________________________________________ Disk Space and Alerting Results specific to Qradar servers and environments. General Linux script concepts can also be applied to system administration concepts. This disk space script utilizes a few Qradar support functions. 1. Disk Space Alerting and results in /store volume List disk space for all Qradar servers: df- h /opt/qradar/support/all_servers.sh -a '15%' 'df -h /store' >> $listFile List the top of the directory to see file dates and times to determine if Persistent Queue is processing: /opt/qradar/support/all_servers.sh -a '15%' 'ls -l /store/persistent_queue/ecs-ec-ingress.ecs-ec-ingress | head -6' >> $listFile Bottom of the Persistent Queue and seeing if results are processing: /opt/qradar/suppor...