Python readline()

 

import os, sys

fp = open(filepath, 'r')
line = fp.readline()
cnt = 1
while line:
   print("Line {}: {}".format(cnt, line.strip()))
   cnt += 1
   line = fp.readline()

Linux Initial Sweep

While we response any incident, we should make a list including indicators for instance IP address, domain name, file name and path, etc. With the indicator, we check if there is missing evidence or initial sweep.

$ grep -E -f ../IOCs/knownbad.txt ./*.log > ../result.txt
$ cat ../IOCs/knownbad.txt
\bws0\.txt
markup%5D=
[TRIMMED]