Removed DC IP to work on any env

2017-08-26 11:01:47 -04:00 · 2017-08-26 11:01:47 -04:00 · 439c015f57
parent d6980ad919
commit 439c015f57
2 changed files with 2 additions and 4 deletions
--- a/data_science/jupyter_notebooks/lateral_movement/.ipynb_checkpoints/LM_Basic_Behavior-checkpoint.ipynb
+++ b/data_science/jupyter_notebooks/lateral_movement/.ipynb_checkpoints/LM_Basic_Behavior-checkpoint.ipynb
@ -97,6 +97,7 @@
   "cell_type": "code",
   "execution_count": 4,
   "metadata": {
+    "collapsed": true,
    "scrolled": false
   },
   "outputs": [],
@ -113,7 +114,6 @@
    "               ],\n",
    "               'must_not': [\n",
    "                    {\"match\" : {'event_data.IpAddress': \"::1\" }},\n",
-    "                    {\"match\" : {'event_data.IpAddress': \"172.18.39.2\" }},\n",
    "                    {\"match\": {'event_data.TargetUserName': \"ANONYMOUS LOGON\"}}\n",
    "               ],\n",
    "               \"filter\": [\n",
@ -149,7 +149,6 @@
    "               {\"match\": {'event_id': 3}}\n",
    "           ],\n",
    "           'must_not': [\n",
-    "               {\"match\" : {'event_data.DestinationIp': \"172.18.39.2\" }}, \n",
    "               {\"match\" : {'event_data.User': \"NT AUTHORITY\\SYSTEM\"}}\n",
    "           ],\n",
    "           \"filter\": [\n",
--- a/data_science/jupyter_notebooks/lateral_movement/LM_Basic_Behavior.ipynb
+++ b/data_science/jupyter_notebooks/lateral_movement/LM_Basic_Behavior.ipynb
@ -97,6 +97,7 @@
   "cell_type": "code",
   "execution_count": 4,
   "metadata": {
+    "collapsed": true,
    "scrolled": false
   },
   "outputs": [],
@ -113,7 +114,6 @@
    "               ],\n",
    "               'must_not': [\n",
    "                    {\"match\" : {'event_data.IpAddress': \"::1\" }},\n",
-    "                    {\"match\" : {'event_data.IpAddress': \"172.18.39.2\" }},\n",
    "                    {\"match\": {'event_data.TargetUserName': \"ANONYMOUS LOGON\"}}\n",
    "               ],\n",
    "               \"filter\": [\n",
@ -149,7 +149,6 @@
    "               {\"match\": {'event_id': 3}}\n",
    "           ],\n",
    "           'must_not': [\n",
-    "               {\"match\" : {'event_data.DestinationIp': \"172.18.39.2\" }}, \n",
    "               {\"match\" : {'event_data.User': \"NT AUTHORITY\\SYSTEM\"}}\n",
    "           ],\n",
    "           \"filter\": [\n",