Harvard-ITSecurity / qradar-seculert-push

What is it?

A way to grab Seculert’s Crime Servers and Threat Intelligence Records (via their API) and push them into QRadar’s Remote Networks, which then you can build Rules upon. The beauty of this is that in reality it shows you how to more generally push custom “BAD” IPs/Networks into QRadar and auto-deploy them. You can use any list of IPs/networks. If it’s CSV, it should be an absolute breeze to import.

How does it work?

You need to go into ‘seculert_qradar.pl’ and edit the ‘#START USER CONFIG’ section. The first variable you will see is the “seculert” api key – which you can get from your Seculert account (fantastic service http://seculert.com), but again, this can be easily be any CSV list. The idea is that you download both feeds and convert them into the “IP” format that QRadar understands with the “Network” (in this case ‘SECULERT’) ID and the Sub-ID (in this case ‘CS’ and ‘TIR’). Then you pull the existing remotenet.conf file, and prune out the old SECULERT list, and then merge in the new one that you just pulled. Then you upload the new file back to QRadar and auto-trigger the deployment (here is the real qradar magic).

Read more and get the script on GitHub.


Finding an adapter for an old Roku.

I have an older Roku, an N1000. It’s only 720p and no WiFi.  I dug it out once I freed up my Ethernet over power adapters. Now want some streaming love in my bedroom. Unfortunately, I could not find the power adapter! I dug through my big box of extra adapters, but nothing was 5v and 2A. I went to Radio Shack to see what they had. They wanted $45 for the adapter kit!! Can you believe that?! I’m not sure this Roku is even worth that much.

I hit the interwebs and was happy to find a D-Link AF1205-B Power Adapter DC 5V 2A 120V for only $9. I got it today, and it works!  So if you are looking for a power adapter for a Roku N1000, the D-Link adapter is the winner!