https://github.com/overbryd/unseen-ip-airbrake-notifier

Notify your Airbrake project when unseen ip port combinations appear
https://github.com/overbryd/unseen-ip-airbrake-notifier

Last synced: 10 days ago
JSON representation

Notify your Airbrake project when unseen ip port combinations appear

• Host: GitHub
• URL: https://github.com/overbryd/unseen-ip-airbrake-notifier
• Owner: Overbryd
• Created: 2016-11-30T15:32:31.000Z (almost 9 years ago)
• Default Branch: master
• Last Pushed: 2016-12-19T15:23:31.000Z (almost 9 years ago)
• Last Synced: 2025-02-02T08:17:38.743Z (9 months ago)
• Language: Ruby
• Size: 45.9 KB
• Stars: 0
• Watchers: 2
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          

# identify_ip_protocol_port.rb

    #!/usr/bin/env ruby

    # identify_ip_port.rb: script to identify an ip port combination

    #

    # Usage:

    #

    #   $ ruby identify_ip_port.rb 8.8.8.8 udp 53

    #   {

    #     "ip": "8.8.8.8",

    #     "protocol": "udp",

    #     "port": "53",

    #     "service_name": "domain",

    #     "host": "google-public-dns-a.google.com"

    #   }

    #

# unseen_connections.rb

    #!/usr/bin/env ruby

    # unseen_connections.rb: script to notify unseen tcp connection attempts

    #

    # Usage:

    #

    #   elktail -f '%@timestamp,%src_ip,%dst_ip,%protocol,%src_port' 'type:cisco-firewall AND action:Built AND direction:outbound' \

    #   | ruby unseen_connections.rb

    #

    # Synopsis:

    #

    #   The script expects input on STDIN, one line per firewall log entry.

    #   Each line must be formatted, including the fields %@timestamp, %src_ip, %dst_ip, %protocol and %src_port.

    #

    #     %@timestamp,%src_ip,%dst_ip,%protocol,%src_port\n

    #

    #   e.g.

    #

    #     2016-11-29T10:36:05.990Z,50.31.164.146,10.248.177.12,TCP,443\n

    #

    #   It remembers each destination ip:port combination for a given time.

    #   Over multiple runs it restores and saves its state with a YAML file.

    #

    #   New ip:port combinations are reported to Airbrake with

    #   their respective environment and additional information.

    #

    #   Airbrake in turn alerts the current Sherrif in charge via Pivotaltracker.

    #

    # Dependencies:

    #

    #   * A tool that can stream data out of the ELK stack and format its output as described above.

    #     For example 'elktail' (https://github.com/knes1/elktail/releases) does the job really well.

    #

    #   * An Airbrake account project_id and project_key.