Blog

Graylog by default provides an included plugin that allows you to check against threat feeds to determine if an IP or an domain has been marked as malicious. This can be expanded on into different areas.

On a fresh install you need to install the content packs in order for the threat intelligence plugin to work. Navigate to System -> Content Packs and click the Install button.

After a few minutes and a refresh of the page there will be a green button that indicates that they have been installed.

Pipelines allow you to modify incoming logs by adding fields, dropping the log and provide additional capabilities via functions. You can get to the pipeline system by going to System -> Pipeline.

Below is a rule that will take a log that has a field of winlogbeat_event_data_QueryName and query the content packs for any reports on it being malicious.

rule "Domain Name Threat Lookup"
when
  has_field("winlogbeat_event_data_QueryName")
then
  // Lets lookup the OTX data source for

I have a few different projects that are being ran on Raspberry Pi's that generated data daily that I wanted to backup to an Offsite solution. I have an onsite [cloud] solution but wanted to see if I could upload to a cloud solution such as Google Drive via command line.

There are several prebuilt solutions that already exist. I came across gDrive that was as simple as copying a token from your browser to the application and utilizing it. The GitHub page can be found here. https://github.com/gdrive-org/gdrive

Download gdrive

wget https://github.com/gdrive-org/gdrive/releases/download/2.1.0/gdrive-linux-rpi

Make Executable

chmod +x gdrive-linux-rpi

Install to Bin dir

sudo install gdrive-linux-rpi /usr/local/bin/gdrive

Get the Authorization Token

This will involve a machine with a browser. When you run the command gdrive list it will give you a URL to visit. Enter that url into a browser and authorize the app and paste the toke

While setting up an Asterisk server I needed a text to speech API. This was to be utilized for a testing environment. The production server was expected to use prerecorded messages but have not been recorded yet.

I come across a script called googletts script that utilizes the Asterisk AGI plugin system. The website is currently listed here: https://zaf.github.io/asterisk-googletts/

Do note that this method is not officially supported and may not work in the future. The install is fairly straight forward. Ensure you have all the dependencies installed and copy the googletts.agi to your AGI directory.

Below is an example dial plan for how I am using the googletts.agi script in my test environment.

exten => 5305370260,1,Wait(3)
exten => 5305370260,n,answer()
exten => 5305370260,n,Monitor(wav,,b)
exten => 5305370260,n,agi(googletts.agi,"Thank you for calling Harrison Technology.",en)
exten => 5305370260,n,

I was tasked with setting up a Asterisk server with no helper interface and scripts such as FreePBX. Setting up the voicemail portion turned out to be fairly easy. Below is portions of the dial plan that I configured.

extensions.conf

exten => *97,1,answer()
exten => *97,n,agi(googletts.agi,"You have reached the voice mail system")
exten => *97,n,VoiceMailMain(${CALLERID(num)}@Main)
exten => *97,n,Hangup()

exten => *98,1,answer()
exten => *98,n,agi(googletts.agi,"Routing you to the voicemail")
exten => *98,n,VoiceMail(6001@Main)
exten => *98,n,Hangup()

The above start codes allow you to check the voicemail. *97 will route to the extension callerID num. Such as extension 6001 and *98 will route to extension 6001.

voicemail.conf

[main]
7001 => 123

7002 => 456
6001 => 456

I utilize an AGI script called googletts.agi for m

We live in an fascinating era, where technology is solving problems that we wouldn’t have thought was possible before. Helping the blind see(https://www.youtube.com/watch?v=y5bktGGkd9w), helping individual’s with Parkinson’s(https://www.youtube.com/watch?v=R6rAlFYDffQ) and more. Please feel free to review those two links for some uplifting news.

But with this technology comes opportunities that criminals can take advantage of. Artificial Intelligence, AI, is being used to generate fake images and sound. Criminals are now generating real time audio to sound like other individuals and perform criminal actions. Please review the link below and be cautious of the person you are speaking with on the phone.

<a href="https://www.theverge.com/2019/9/5/20851248/deepfakes-ai-fake-audio-ph