h

HASecuritySolutions · Jun 27, 2018 · 0cc6dde · 0cc6dde
1 parent e435ff6
commit 0cc6dde
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 14 deletions.
diff --git a/High Fidelity Alerts_Context for your context/parsing.conf b/High Fidelity Alerts_Context for your context/parsing.conf
@@ -139,18 +139,18 @@ filter {
     if [step] {
         if [step] >= 6 {
             if [source_highest_registered_domain] {
-                translate {
-                    field => "source_highest_registered_domain"
-                    destination => "source_fqdn_top1m"
-                    dictionary_path => "/home/jhenderson/top1m.csv"
-                }
+                #translate {
+                #    field => "source_highest_registered_domain"
+                #    destination => "source_fqdn_top1m"
+                #    dictionary_path => "/home/jhenderson/top1m.csv"
+                #}
             }
             if [destination_highest_registered_domain] {
-                translate {
-                    field => "destination_highest_registered_domain"
-                    destination => "destination_fqdn_top1m"
-                    dictionary_path => "/home/jhenderson/top1m.csv"
-                }
+                #translate {
+                #    field => "destination_highest_registered_domain"
+                #    destination => "destination_fqdn_top1m"
+                #    dictionary_path => "/home/jhenderson/top1m.csv"
+                #}
             }
             if [source_fqdn_top1m] {
                 mutate {

diff --git a/High Fidelity Alerts_Context for your context/top-1m_translation.ps1 b/High Fidelity Alerts_Context for your context/top-1m_translation.ps1
@@ -4,7 +4,8 @@ Add-Type -AssemblyName System.IO.Compression.FileSystem
 Invoke-WebRequest -Uri http://s3.amazonaws.com/alexa-static/top-1m.csv.zip -OutFile "$path\top-1m.csv.zip"
 Remove-Item "$path\top-1m.csv" -Force
 [System.IO.Compression.ZipFile]::ExtractToDirectory("$path\top-1m.csv.zip", $path)
-$top1m = Import-csv -Delimiter "," -Header "rank","site" -Path "$path\top-1m.csv"
-foreach($record in $top1m){
-    "$record.site,$record.rank" | Out-File -FilePath "$path\top1m.csv" -Append -Encoding utf8
-}
+$output = ""
+Import-csv -Delimiter "," -Header "rank","site" -Path "$path\top-1m.csv" | ForEach-Object {
+    $output += "$_.site,$_.rank"
+}
+$output | Out-File -FilePath "$path\top1m.csv" -force -Encoding utf8