Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-10-29 19:42:53 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

get top 100 src_ip's

Browse source
This commit is contained in:
t3chn0m4g3 2020-03-11 13:51:49 +00:00
parent 857190ec20
commit 5319c548ad
2 changed files with 28 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
CHANGELOG.md
View file

@ -1,6 +1,6 @@
# Changelog # Changelog
## 20203010 ## 20200310
- **Add 2FA to Cockpit** - **Add 2FA to Cockpit**
- Just run `2fa.sh` to enable two factor authentication in Cockpit. - Just run `2fa.sh` to enable two factor authentication in Cockpit.
- **Find fastest mirror with netselect-apt** - **Find fastest mirror with netselect-apt**

27
bin/mytopips.sh Executable file
View file

@ -0,0 +1,27 @@
#!/bin/bash
# Make sure ES is available
myES="http://127.0.0.1:64298/"
myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green)
if ! [ "$myESSTATUS" = "1" ]
then
echo "### Elasticsearch is not available, try starting via 'systemctl start elk'."
exit 1
else
echo "### Elasticsearch is available, now continuing."
echo
fi
function fuMYTOPIPS {
curl -s -XGET $myES"_search" -H 'Content-Type: application/json' -d'
{
"aggs": {
"ips": {
"terms": { "field": "src_ip.keyword", "size": 100 }
}
},
"size" : 0
}'
}
echo "### Aggregating top 100 source IPs in ES"
fuMYTOPIPS | jq '.aggregations.ips.buckets[].key' | tr -d '"'