This article is about the Ansible URI module. In the last couple of months, I have spent a lot of time around automation of Elasticsearch and wanted to share some useful information about how to use Ansible to interact with REST API endpoints and making them idempotent. We all know Ansible modules are ideompotent in nature which means performing an operation once is exactly the same as the result of performing it repeatedly without any intervening actions....

You can configure access to CodeCommit repositories for IAM Role attached to an EC2 Instance in another AWS account. This is often referred to as cross-account access. This section provides an example and instructions for configuring cross-account access for a repo named SharedDemoRepo in the US East (Ohio) Region in an AWS account (referred to as AccountA) to an IAM Role/Instance Profile attached to an EC2 Instance in another AWS account (referred to as AccountB)....

Recently, I’ve been working on understanding and detecting Log4j vulnerability using Elasticsearch. If you want to know more about this vulnerability, I would suggest read the blog series https://www.securitynik.com/2021/12/beginning-log4-shell-understanding.html by Nik Alleyne on his blog securitynik.com. To detect outbound traffic going to IOC’s related to Log4j, needed to upload a csv data to Elasticsearch. To achieve that I followed the following steps: 1. First create a new index logs-threat-intel Using the Dev Tools in Kibana, isse the Create Index API...

A quick blog post to share a bash script that I almost use daily to automate the basic GitHub “commit and push” prcoess. Steps to reproduce: Create a file, for example codecommit.sh and copy/paste the content below: #!/bin/bash RESET="\033[0m" BOLD="\033[1m" YELLOW="\033[38;5;11m" #Get the argument message #read -p "Add Commit message: " message read -p "$(echo -e $BOLD$YELLOW"Add Commit message: "$RESET)" message #Stage all changes git add . #Commit the file(s) git commit -m "$message" echo "Added the commit with message: '$message'" #Get current branch and push changes current_branch=$(git branch --show-current) git push origin "$current_branch" #echo "Pushed changes to '$current_branch' branch" echo -e $BOLD$YELLOW"Pushed changes to '$current_branch' branch"$RESET Move it to the location /usr/local/bin to make this shell script global....

AWS CloudTrail is an AWS service that helps you enable governance, compliance, and operational and risk auditing of your AWS account. Actions taken by a user, role, or an AWS service are recorded as events in CloudTrail. Events include actions taken in the AWS Management Console, AWS Command Line Interface, and AWS SDKs and APIs. You can ship these CloudTrail logs into the ELK stack and learn how to visualize these events, near real time, using Kibana....

A quick guide to get Splunk Attack Range running on AWS. If you’re trying to run this locally, I would suggest to have a look over this post Splunk Attack Range in a virtualized Ubuntu Guest VM. It’s a tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk. I came across this Splunk post Detecting CVE-2020-1472 and was trying to replicate this in my own environment....