profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/webframp/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.
Sean Escriva webframp New York, New York http://webframp.com Infrastructure hacker and continuous delivery evangelist. Team builder, language explorer, emacs student.

gregf/chef-minecraft 30

Chef Cookbook for deploying minecraft servers.

webframp/cookbook-minecraft 4

Chef cookbook for vanilla minecraft server.

sensu/system-profile-linux 2

A Sensu plugin for collecting system resource metrics from the procfile system, with the aim to provide a Sensu-native alternative to Collectd's built-in system resource telemetry.

webframp/chef 1

A systems integration framework, built to bring the benefits of configuration management to your entire infrastructure.

webframp/chef-discovery 1

Discovery cookbook for search, implements Discovery#search environment and non-environment aware search for roles with a few extra checks

webframp/chef-fundamentals 1

Opscode Chef Fundamentals training materials

webframp/chef-gdash 1

Chef cookbook to setup gdash graphite frontend. Also provides LWRP for graph creation

webframp/chef-mg 1

Installs mg

webframp/chef-phabricator 1

Cookbook repository to install Facebook Phabricator.

webframp/.emacs.d 0

just another emacs config

pull request commentSigmaHQ/sigma

Added space in "Service File Name" field as it was in the previous ve…

Hi @WojciechLesicki, good catch! There's also other rules that are affected by this:

  • rules/windows/builtin/win_apt_stonedrill.yml
  • rules/windows/builtin/win_cobaltstrike_service_installs.yml
  • rules/windows/builtin/win_hack_smbexec.yml
  • rules/windows/builtin/win_hybridconnectionmgr_svc_installation.yml
  • rules/windows/builtin/win_mal_service_installs.yml
  • rules/windows/builtin/win_metasploit_or_impacket_smb_psexec_service_install.yml
  • rules/windows/builtin/win_meterpreter_or_cobaltstrike_getsystem_service_installation.yml
  • rules/windows/builtin/win_powershell_script_installed_as_service.yml
  • rules/windows/builtin/win_rare_service_installs.yml
  • rules/windows/other/win_pcap_drivers.yml
  • rules/windows/other/win_tool_psexec.yml

To me this feels rather like a backend issue, so I've opened up #1565 for that. :)

WojciechLesicki

comment created time in an hour

PR opened SigmaHQ/sigma

Generic remapping for PowerShell backend

After seeing #1564, I reviewed the PowerShell backend and noticed there was already remapping for the EventID field. I changed it to use a mapping dictionary instead of a simple check due to the likelyhood of another one of these inconsistencies showing up in the future, which can then simply be added to the dictionary with no additional logic required.

+9 -6

0 comment

1 changed file

pr created time in an hour

issue commentaws/containers-roadmap

[EKS] Cloudwatch Logs for Containers

@Guillaume-Mayer Parsing json nested json inside the log key is a very common case, in fact its the most common case possibly.

Fluent Bit is more efficient than Fluentd and is officially supported by AWS. The kubernetes filter in fluent bit can automatically parse the log key json and turn into top level keys, you can also set the option Keep_Log off: https://docs.fluentbit.io/manual/pipeline/filters/kubernetes

https://aws.amazon.com/blogs/containers/kubernetes-logging-powered-by-aws-for-fluent-bit/

Check out that tutorial and try it out. Fluent Bit also has parsers for json: https://docs.fluentbit.io/manual/pipeline/parsers/json

Spend some time playing with it, what you're asking for is a very common case that most tutorials should cover.

vincentheet

comment created time in 6 hours

PR opened SigmaHQ/sigma

Added space in "Service File Name" field as it was in the previous ve…

I understand the need for consistency mentioned in https://github.com/SigmaHQ/sigma/pull/1533 by @SpeedyFireCyclone. But this field in log 7045 itself is called "Service File Name" Currently using sigmac to convert to powershell we are unable to detect these events in the logs.

+2 -2

0 comment

1 changed file

pr created time in 9 hours

PR opened SigmaHQ/sigma

Add `ipcidrv4` modifiers to manage CIDR

HI, My first try to make a modifiers ipcidrv4.

The rule

title: Test ip range
description: test convert ip CIDR to string , detect nothing 
status: experimental
author: frack113
logsource:
    product: windows
    service: system
detection:
    selection:
        srcip|ipcidrv4:
            - 192.168.10.0/26
            - 10.10.0.0/16
            - 172.154.52.6/32
            - 'a string lol'
    condition: selection
falsepositives:
    - Unknown
level: critical

The output:

python sigmac -t es-qs -c .\config\winlogbeat.yml ..\test_ip.yml
srcip.keyword:(192.168.10.0 OR 192.168.10.1 OR 192.168.10.2 OR 192.168.10.3 OR 192.168.10.4 OR 192.168.10.5 OR 192.168.10.6 OR 192.168.10.7 OR 192.168.10.8 OR 192.168.10.9 OR 192.168.10.10 OR 192.168.10.11 OR 192.168.10.12 OR 192.168.10.13 OR 192.168.10.14 OR 192.168.10.15 OR 192.168.10.16 OR 192.168.10.17 OR 192.168.10.18 OR 192.168.10.19 OR 192.168.10.20 OR 192.168.10.21 OR 192.168.10.22 OR 192.168.10.23 OR 192.168.10.24 OR 192.168.10.25 OR 192.168.10.26 OR 192.168.10.27 OR 192.168.10.28 OR 192.168.10.29 OR 192.168.10.30 OR 192.168.10.31 OR 192.168.10.32 OR 192.168.10.33 OR 192.168.10.34 OR 192.168.10.35 OR 192.168.10.36 OR 192.168.10.37 OR 192.168.10.38 OR 192.168.10.39 OR 192.168.10.40 OR 192.168.10.41 OR 192.168.10.42 OR 192.168.10.43 OR 192.168.10.44 OR 192.168.10.45 OR 192.168.10.46 OR 192.168.10.47 OR 192.168.10.48 OR 192.168.10.49 OR 192.168.10.50 OR 192.168.10.51 OR 192.168.10.52 OR 192.168.10.53 OR 192.168.10.54 OR 192.168.10.55 OR 192.168.10.56 OR 192.168.10.57 OR 192.168.10.58 OR 192.168.10.59 OR 192.168.10.60 OR 192.168.10.61 OR 192.168.10.62 OR 192.168.10.63 OR 10.10.0.* OR 172.154.52.6 OR a\ string\ lol)

Please feel free to try, correct make better

+37 -0

0 comment

1 changed file

pr created time in 11 hours

PR merged hw-cookbooks/rackspace_networks

Cookstyle Bot Auto Corrections with Cookstyle 7.13.0

This change is automatically generated by the Cookstyle Bot using the latest version of Cookstyle (7.13.0). Adopting changes suggested by Cookstyle improves cookbook readability, avoids common coding mistakes, and eases upgrades to newer versions of the Chef Infra Client.

Signed-off-by: Cookstyle cookbooks@chef.io

+4 -4

0 comment

1 changed file

cookstyle[bot]

pr closed time in 14 hours

push eventhw-cookbooks/rackspace_networks

Cookstyle Bot

commit sha 8832d8288b969e58ab8212f18ff80cd9d3bf4b4a

Cookstyle Bot Auto Corrections with Cookstyle 7.13.0 This change is automatically generated by the Cookstyle Bot using the latest version of Cookstyle (7.13.0). Adopting changes suggested by Cookstyle improves cookbook readability, avoids common coding mistakes, and eases upgrades to newer versions of the Chef Infra Client. Signed-off-by: Cookstyle <cookbooks@chef.io>

view details

Tim Smith

commit sha d98e0a09fba59d52bbb9ef5e2e667b8436d7b0d0

Merge pull request #2 from hw-cookbooks/cookstyle_bot/cookstyle_7_13_0 Cookstyle Bot Auto Corrections with Cookstyle 7.13.0

view details

push time in 14 hours

issue openedMobileOrg/mobileorg

Agenda view

In the 8 days-agenda view on the mobile device (Agenda Views, Iphone): the active time stamps are not shown anywhere if they are part of the heading. This crucial information seems to be lost. If the time stamps are part of the body, they are kept but, being part of the body, they only appear in small making the overview not really useful. Do I miss a setting?

Org-mobile in general could be very useful and already is, thank you!

created time in a day

issue commentaws/containers-roadmap

[ECS] [Fargate]: can ecs fargate tasks scale to zero ?

@mreferre played with App Runner a bit and loved it. Not only because of the scaling feature, but also because it is very easy for developers to use. Most AWS services are seriously lacking in this department (incluing Fargate!).

It still needs some features (VPC + Security Groups) before I can use it for real products, but it's a huge step in a good direction. Congrats!

dfang

comment created time in a day

issue commentaws/containers-roadmap

Content Trust / Notary support for ECS/ECR

Appreciate it if we could get any updates on this from AWS people.

DrFaust92

comment created time in a day

issue commentaws/containers-roadmap

[EKS] Cloudwatch Logs for Containers

Hi there. I have a similar case I think, containers in EKS logging in full Json but EKS default config show them as plain string in CloudWatch ("log" field). Does someone know the correct way to configure FluentD to support both Json and plain text log? I'm trying to convince my colleagues that Json is a good way to structure logs, but CloudWatch not recognizing it as such make it difficult. It works out of the box in GCP so I'm pretty confident it's possible too with CloudWatch. Take care Guillaume

vincentheet

comment created time in a day

issue commentaws/containers-roadmap

[Lambda] [request]: ECS-"like" Private Registry Support for Lambda Docker Images

A consideration against this feature could be increased invocation time, as the image pull time may take longer. This is just a theory.

cbishop-elsevier

comment created time in a day

PR opened hw-cookbooks/repository

Cookstyle Bot Auto Corrections with Cookstyle 7.13.0

This change is automatically generated by the Cookstyle Bot using the latest version of Cookstyle (7.13.0). Adopting changes suggested by Cookstyle improves cookbook readability, avoids common coding mistakes, and eases upgrades to newer versions of the Chef Infra Client.

Signed-off-by: Cookstyle cookbooks@chef.io

+1 -5

0 comment

1 changed file

pr created time in a day

create barnchhw-cookbooks/repository

branch : cookstyle_bot/cookstyle_7_13_0

created branch time in a day

PR opened hw-cookbooks/rackspace_networks

Cookstyle Bot Auto Corrections with Cookstyle 7.13.0

This change is automatically generated by the Cookstyle Bot using the latest version of Cookstyle (7.13.0). Adopting changes suggested by Cookstyle improves cookbook readability, avoids common coding mistakes, and eases upgrades to newer versions of the Chef Infra Client.

Signed-off-by: Cookstyle cookbooks@chef.io

+4 -4

0 comment

1 changed file

pr created time in a day

create barnchhw-cookbooks/pkg-build

branch : cookstyle_bot/cookstyle_7_13_0

created branch time in a day

PR opened hw-cookbooks/pkg-build

Cookstyle Bot Auto Corrections with Cookstyle 7.13.0

This change is automatically generated by the Cookstyle Bot using the latest version of Cookstyle (7.13.0). Adopting changes suggested by Cookstyle improves cookbook readability, avoids common coding mistakes, and eases upgrades to newer versions of the Chef Infra Client.

Signed-off-by: Cookstyle cookbooks@chef.io

+35 -36

0 comment

2 changed files

pr created time in a day

PR opened hw-cookbooks/lxc

Cookstyle Bot Auto Corrections with Cookstyle 7.13.0

This change is automatically generated by the Cookstyle Bot using the latest version of Cookstyle (7.13.0). Adopting changes suggested by Cookstyle improves cookbook readability, avoids common coding mistakes, and eases upgrades to newer versions of the Chef Infra Client.

Signed-off-by: Cookstyle cookbooks@chef.io

+47 -48

0 comment

2 changed files

pr created time in a day

create barnchhw-cookbooks/lxc

branch : cookstyle_bot/cookstyle_7_13_0

created branch time in a day

PR opened hw-cookbooks/kernel_vm

Cookstyle Bot Auto Corrections with Cookstyle 7.13.0

This change is automatically generated by the Cookstyle Bot using the latest version of Cookstyle (7.13.0). Adopting changes suggested by Cookstyle improves cookbook readability, avoids common coding mistakes, and eases upgrades to newer versions of the Chef Infra Client.

Signed-off-by: Cookstyle cookbooks@chef.io

+67 -68

0 comment

1 changed file

pr created time in a day

create barnchhw-cookbooks/kernel_vm

branch : cookstyle_bot/cookstyle_7_13_0

created branch time in a day

PR opened hw-cookbooks/echelon_sensu

Cookstyle Bot Auto Corrections with Cookstyle 7.13.0

This change is automatically generated by the Cookstyle Bot using the latest version of Cookstyle (7.13.0). Adopting changes suggested by Cookstyle improves cookbook readability, avoids common coding mistakes, and eases upgrades to newer versions of the Chef Infra Client.

Signed-off-by: Cookstyle cookbooks@chef.io

+337 -386

0 comment

23 changed files

pr created time in a day

create barnchhw-cookbooks/echelon_sensu

branch : cookstyle_bot/cookstyle_7_13_0

created branch time in a day

create barnchhw-cookbooks/chef_package

branch : cookstyle_bot/cookstyle_7_13_0

created branch time in a day

PR opened hw-cookbooks/chef_package

Cookstyle Bot Auto Corrections with Cookstyle 7.13.0

This change is automatically generated by the Cookstyle Bot using the latest version of Cookstyle (7.13.0). Adopting changes suggested by Cookstyle improves cookbook readability, avoids common coding mistakes, and eases upgrades to newer versions of the Chef Infra Client.

Signed-off-by: Cookstyle cookbooks@chef.io

+0 -1

0 comment

1 changed file

pr created time in a day

issue commentaws/containers-roadmap

[Fargate] [request]: Cross-Account EFS mounts in Fargate

Unfortunately using plain ECS EC2 is not an option due to the fact that we are using Fargate for an AWS batch job, and to use plain ECS will need to use un-managed batch environment manually handling start and stop. Thanks anyway.

hlarsen

comment created time in 2 days

issue commentaws/containers-roadmap

[Fargate] [request]: Cross-Account EFS mounts in Fargate

We stopped waiting last year and just moved to ECS, configuring the mounts with user-data.

hlarsen

comment created time in 2 days

issue commentaws/containers-roadmap

[Fargate] [request]: Cross-Account EFS mounts in Fargate

Any example of workaround to support mounting EFS on Fargate on different account?

hlarsen

comment created time in 2 days

issue commentaws/containers-roadmap

Feature request: override mount points for each task

Same here would be great for our jupyter environment

dinvlad

comment created time in 2 days