mirror of
				https://github.com/telekom-security/tpotce.git
				synced 2025-10-26 02:04:42 +00:00 
			
		
		
		
	
		
			
				
	
	
		
			27 lines
		
	
	
	
		
			638 B
		
	
	
	
		
			Bash
		
	
	
		
			Executable file
		
	
	
	
	
			
		
		
	
	
			27 lines
		
	
	
	
		
			638 B
		
	
	
	
		
			Bash
		
	
	
		
			Executable file
		
	
	
	
	
| #!/bin/bash
 | |
| # Make sure ES is available
 | |
| myES="http://127.0.0.1:64298/"
 | |
| myESSTATUS=$(curl -s -XGET ''$myES'_cluster/health' | jq '.' | grep -c green)
 | |
| if ! [ "$myESSTATUS" = "1" ]
 | |
|   then
 | |
|     echo "### Elasticsearch is not available."
 | |
|     exit 1
 | |
|   else
 | |
|     echo "### Elasticsearch is available, now continuing."
 | |
|     echo
 | |
| fi
 | |
| 
 | |
| function fuMYTOPIPS {
 | |
| curl -s -XGET $myES"_search" -H 'Content-Type: application/json' -d'
 | |
| {
 | |
|   "aggs": {
 | |
|     "ips": {
 | |
|       "terms": { "field": "src_ip.keyword", "size": 100 }
 | |
|     }
 | |
|   },
 | |
|   "size" : 0
 | |
| }'
 | |
| }
 | |
| 
 | |
| echo "### Aggregating top 100 source IPs in ES"
 | |
| fuMYTOPIPS | jq '.aggregations.ips.buckets[].key' | tr -d '"'
 | 
