I published the following diary on isc.sans.org: “Fileless Malicious PowerShell Sample“:
Pastebin.com remains one of my favourite place for hunting. I’m searching for juicy content and report finding in a Splunk dashboard:
Yesterday, I found an interesting pastie with a simple Windows CMD script… [Read more]
Hi Xavier
Yes please – I will be awaiting aggressively on this article then 🙂
/Torben
Hi Torben,
Thank you for the feedback. The initial script that I wrote in 2012 is not maintained anymore and was not efficient! I’m a bad programmer 🙂
Today, I’m generating the dashboard with, as you found it, Paste2SPlunk. It fetches pasties and sends the interesting ones directly to Splunk using the REST API.
I should probably write an article about the setup…
Hi Xavier
As a regular reader of Internet Storm Center, this was another interesting post, so thanks for that and keep up the good work.
I have a question about this post thu, as you start it with this info “Pastebin.com remains one of my favourite place for hunting. I’m searching for juicy content and report finding in a Splunk dashboard†– this sound brilliant.
I found out that you back in 2012 made a script call Pastemon, but I don’t think this will work “out of the box†anymore as I can read that Pastebin had made some changes on how to send queries (You need an Pro account now) – so is it your Paste2Splunk python script that you are using today?
So installation wise – Do I Git Clone your Paste2Splunk package and then take the settings.conf from PasterHunter package and drop it into your “Paste2Splunk†folder and disable “Outputs†other than Syslog – or?
As I’m new to Splunk then the dashboard that you show in the post, how are this setup – is there an guide on how you set this up, or is there an Dashboard template that could be imported?
Best Regards
Torben