TheHive Project Cortex IBM Xforce Analyzer is not Working

I kept receiving an “API error” when attempting to run TheHive Project Cortex Analyzer for IBM Xforce.

There is currently a bug that is adding an extra / with every request.

To fix this issue you need to modify this file:


Command to fix the problem:

perl -pi -e ‘s|%s/|%s|g’ /opt/Cortex-Analyzers/analyzers/IBMXForce/

Querying McAfee ePo on End User Machines

Code loop through a range of IPs and query McAfee epo on client machines # Loop through IP address – and print out # the computer name and the agent version echo “” > output; for ((i=10;i<=20;i++)) do # -s Silent Curl # -m 1 Wait no longer than 1 second per host . . . → Read More: Querying McAfee ePo on End User Machines

Add icons to your exported Chrome/Firefox Bookmarks

When you export your bookmarks from Chrome and Firefox the resulting HTML looks pretty plain.

Exported Bookmarks with Icons

To enhance the exported bookmarks file by added icons try the following

perl -i’bak’ -ple ‘s/ ICON=”([^”]+”)>/><img src=”$1″> /’ bookmarks.html

Enhance with CSS

You can further enhance the file using this js fiddle:

. . . → Read More: Add icons to your exported Chrome/Firefox Bookmarks

Convert JSON to CSV

To convert a json file to CSV you will need a linux program called jq.

INPUTFILE=”inputfile-with-json” OUTPUTFILE=”outputfile-formatted.csv” jq -r ‘(.[0] | keys_unsorted) as $keys | $keys, map([.[ $keys[] ]])[] | @csv’ ${INPUTFILE} > ${OUTPUTFILE}

Graylog Query by IP Address with Wildcard/CIDR

If you are searching Graylog logs that are not properly indexed (ip address is not in a field) you may need to perform a text search for an IP Address or IP Addresses.

IP Address Queries

The following queries are examples of how to query Graylog for one or more IP addresses (not using a . . . → Read More: Graylog Query by IP Address with Wildcard/CIDR

Extracting IP Addresses in Bash

One very handy function to have in your .bash_profile is a function to extract IP addresses.

ipextract function

I frequently use this function during investigations and though I should share it with everyone.

ipextract () { # example ipextract < filename egrep –only-matching -E ‘(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)’ } Example

I’ll demonstrate how to use the function

Source . . . → Read More: Extracting IP Addresses in Bash

Combine Multiple PCAP Files into a Single File


You have many smaller pcap files that you would like to combine in to a single file Solution mergecap -a* -w output_file.pcap


How to Perform Bulk IP Lookup – Location and Owner

I recently analyzed a pcap file with a large list of destination addresses. In order to quickly determine the owner of those IP addresses I found this one liner.

# cat ips.txt | xargs -I% curl -s | paste -d”,” ips.txt –


Please check out my Daughter’s Coding Site,

My 7 year old launcher her coding site last year and I think it is a great resources for kids that want to learn how to program in Scratch Jr.

Announcement – I was Recently Published in an Ebook

I am pleased to announced that I was recently published in an ebook, “10 Experts on Active Threat Management”

threatmanagement #ebooks