In the earlier post I covered scanning pastebin for a particular string of interest and write the paste to a database. I added a small feature to the script so that it can send a syslog message whenever a Paste of interest is found. The code goes exactly after the database write and is really simple.
sock = UDPSocket.new
data = "CEF:0|CERT|Script|1.0|CustomScript|Pastebin Monitor Script|8| request="+url
sock.send(data,0, 'SYSLOG_SERVER', 514)
sock.close
sock = UDPSocket.new
data = "CEF:0|CERT|Script|1.0|CustomScript|Pastebin Monitor Script|8| request="+url
sock.send(data,0, 'SYSLOG_SERVER', 514)
sock.close
I choose to send message in CEF format since many SIEM use this and can easily normalise the message. The actual pastebin link is passed in the message as "url".
No comments:
Post a Comment