Guy Bruneau's Handler Pages



The main purpose of my handler pages is to provide information and updates for some of the projects and presentations I have published here on this site.

Installing Pi-hole Page (Updated 11 March 2019)

My Elastic Projects Page (Updated 22 March 2024)


My Papers & Presentations

DNS Sinkhole Gold Paper (SANS GCIH)
DNS Sinkhole SANSFire Presentation (2011)
Log, Log, Log Everything Remotely (BSides Ottawa 2014)
Tips Tricks To Achieve Ludicrous Speed (RSA Global Summit 2014)
Metadata Is Like Gold, Tips Tricks To Mine It (RSA Charge 2017)
Scripting with RSA NetWitness Console and Automation Via API & SDK (RSA Charge 2019)

Scripts for NetWitness API, SDK & Snort Rules

Note: Before using script, edit and configure with the correct IPs, user account and password. I use custom accounts for this. See RSA Charge 2019 presentation. It requires
RSA Charge 2019 Shared (Update Jan 2022) & Script with output Example

Snort Rule Parser

This script is used to parse the Snort rules to load on a NetWitness PacketDecoder. See Internet Storm Center article how to use it available here. Download the script here.

NetWitness Decoder ASN Custom Feed

In order to build and load the ASN list into any decoder, follow the instructions at the beginning of the Perl script. Download the zip file which contains the XML and the Perl script to build the feed here.