Correct paths to new host-based configurations

Cleaned up some more conflicts

.gitignore

@@ -1 +1 @@
-neomutt/accounts
+neomutt/hosts/*/accounts

neomutt/hosts/TDKVXYVKV7/mailboxes

@@ -8,7 +8,7 @@ set folder="imaps://imap.gmail.com/"
 
 # Where archived mail goes
 set mbox="+[Gmail]/All Mail"
-#set mbox="imaps://imap.gmail.com/[Gmail]/All Mail"
+#set mbox="imaps://imap.misfit.rodeo/[Gmail]/All Mail"
 
 # Where postponed messaged die
 set postponed="+[Gmail]/Drafts"

neomutt/hosts/TDKVXYVKV7/main

@@ -0,0 +1,2 @@
+set from="orien.vandenbergh@guidepointsecurity.com"
+set hostname=felurian.guidepointsecurity.com        # Name of the localhost

neomutt/hosts/utage/mailboxes

@@ -0,0 +1,26 @@
+# -*- muttrc -*-
+#
+# Mailboxes for mutt
+#
+
+# Where are mailboxes stored
+set folder="imaps://imap.misfit.rodeo/INBOX"
+
+# Where archived mail goes
+set mbox="+Archive"
+#set mbox="imaps://imap.misfit.rodeo/[Gmail]/All Mail"
+
+# Where postponed messaged die
+set postponed="+Drafts"
+
+# ... and it gets saved in =outbox.
+# Gmail does this automatically, let's not duplicate...
+#set record="+[Gmail]/Sent Mail"
+set record="+Sent"
+
+# Look me up
+set spoolfile="+INBOX"
+
+mailboxes $spoolfile
+
+set imap_check_subscribed = yes

neomutt/hosts/utage/main

@@ -0,0 +1,3 @@
+set from="orien@misfit.rodeo"
+set hostname=utage.i.misfit.rodeo        # Name of the localhost
+

neomutt/macros

@@ -16,6 +16,7 @@ macro index "\ev"    "<pipe-message>less<enter>"                          # View
 macro index "\Cs\Co" "<limit>~h \"X-SpamProbe: GOOD\"<enter><last-entry>" # View good emails.
 macro index "\Cs\Cs" "<limit>~h \"X-SpamProbe: SPAM\"<enter><last-entry>" # View bad emails.
 macro index \Cr       ":source ~/.config/neomutt/neomuttrc<enter>"        "Re-source the neomuttrc"
+macro index "R"       "<tag-pattern>~N<enter><tag-pattern>~O<enter><tag-prefix><clear-flag>N<untag-pattern>.<enter>"  "Mark New as read"
 
 # Macros for use in the pager.
 macro pager "w"      "<enter-command>set invsmart_wrap invmarkers<enter>" # Toggle wrap stuff

neomutt/mailcap

@@ -25,3 +25,4 @@ text/vcard;                 mutt_vcard_filter; copiousoutput
 text/x-diff;                view %s; needsterminal
 
 text/x-patch;               view %s; needsterminal
+application/zip;	    unzip -c %s; copiousoutput; nametemplate=%s.zip

neomutt/neomuttrc

@@ -1,10 +1,9 @@
 set realname="Orien Vandenbergh"
 set signature="~/.signature.txt"
-set from="orien.vandenbergh@guidepointsecurity.com"
 set use_from = yes
 set envelope_from = yes
 
-set hostname=felurian.guidepointsecurity.com        # Name of the localhost
+
 set hidden_host                                     # Hide host details
 set alias_file=~/.config/neomutt/aliases            # Personal mail aliases
 #set query_command="~/bin/mutt-ldap '%s'"           # How to query the company contacts
@@ -64,7 +63,8 @@ set header_cache="~/.cache/neomutt/headers"         # Where to cache imap header
 set message_cachedir="~/.cache/neomutt/bodies"      # "" bodies
 
 #source /usr/share/doc/mutt/samples/gpg.rc           # Use GPG
-source ~/.config/neomutt/accounts                             # Account details
+source ~/.config/neomutt/hosts/`hostname`/main                # General Settings
+source ~/.config/neomutt/hosts/`hostname`/accounts            # Account details
 source ~/.config/neomutt/aliases                              # Load in my aliases.
 source ~/.config/neomutt/auto_views                           # Define auto_views.
 source ~/.config/neomutt/bindings                             # Define key bindings.
@@ -75,12 +75,15 @@ source ~/.config/neomutt/fcc-hooks                            # Define fcc-hooks
 source ~/.config/neomutt/folder-hooks                         # Define folder-hooks.
 source ~/.config/neomutt/headers                              # Configure header display.
 source ~/.config/neomutt/macros                               # Define macros.
-source ~/.config/neomutt/mailboxes                            # Define the list of folders that receive mail.
+source ~/.config/neomutt/hosts/`hostname`/mailboxes           # Host specific settings
 source ~/.config/neomutt/message-hooks                        # Define message hooks.
 source ~/.config/neomutt/non-standard                         # Support for mutt patches.
 source ~/.config/neomutt/save-hooks                           # Define save-hooks.
 source ~/.config/neomutt/subscriptions                        # Define the list of subscribed mailing lists.
 
+color index_subject brightred default '~ihubspotemail.net'
+color index_subject brightred default '~imarketo.org'
+
 # Play with the sidebar?
 #set sidebar_divider_char = '|'
 set sidebar_visible = yes

neomutt/save-hooks

@@ -10,4 +10,12 @@ save-hook '~f @newyorklife\\.com$' "=Customers/NYLife"
 save-hook '=f @rtx.com' "=Customers/RTX"
 save-hook '=f @shu.edu' "=Customers/SHU"
 save-hook '=f @partner.paloaltonetworks.com' "=Partners/PaloAlto"
+save-hook '~f "Krista Trigger via Smartsheet"' "=Customers/Tines"
+save-hook '~s "(Tines|ADP)" ~f automation@app.smartsheet.com' "=Customers/Tines"
+save-hook '=f @adp.com' "=Customers/Tines"
+save-hook '=f @wellington.com' "=Customers/Wellington"
+
+# This is the default, it must be at the bottom...
 save-hook '.*' "=[Gmail]/All Mail"
+#save-hook .* =Archive/`date "+%Y-%m"`
+#save-hook .* "=[Gmail]/All Mail"

scripts/hec_test

@@ -0,0 +1,57 @@
+#!/usr/bin/env python3
+
+import argparse
+from datetime import datetime
+import subprocess
+import json
+
+def build_json(field,path):
+    return json.dumps({field:f"This is a sample json event sent to {path}","hecTest":"yes"})
+
+def build_raw(path):
+    return f"{datetime.now().strftime('%Y-%m-%dT%H:%M:%S.%fZ')} nowhere This is a sample raw event sent to {path} hecTest=yes"
+
+def test_hec(dtype,verbose,baseurl,path,data):
+    url   = baseurl+path
+    cmd   = ['curl','-k',url,'-H',f"Authorization: {args.token}",'-d',data]
+
+    if verbose:
+        print(f"Running command:")
+        print(f">\t{cmd[0]} {cmd[1]} {cmd[2]} \\")
+        print(f"\t{cmd[3]} {cmd[4]} \\")
+        print(f"\t{cmd[5]} '{cmd[6]}'")
+        print()
+    else:
+        print(f"Testing '{dtype}': '{path}'")
+
+    result = subprocess.run(cmd,capture_output=True,text=True)
+    #print("stderr")
+    #print(result.stderr)
+    print(f"\033[0;32mResult\033[0m: {result.stdout}")
+    print("")
+
+parser = argparse.ArgumentParser(
+        prog='hectest',
+        description='Send a set of test HEC message to a receiver, using a variety of endpoints')
+
+parser.add_argument('-t', '--token', required=True,
+                    help='token to use (required)')
+parser.add_argument('-v', '--verbose', action='store_true',
+                    help='print the curl commands for further debugging')
+parser.add_argument('url',
+                    help="base url to send to, example: 'https://host.com:10080'")
+
+args = parser.parse_args()
+
+# Run an array of hec tests
+test_hec('json', args.verbose, args.url,             '/cribl/_bulk', build_json( '_raw',             '/cribl/_bulk'))
+test_hec('json', args.verbose, args.url,      '/services/collector', build_json('event',      '/services/collector'))
+test_hec('json', args.verbose, args.url,  '/services/collector/raw', build_json('event',  '/services/collector/raw'))
+test_hec('json', args.verbose, args.url,'/services/collector/event', build_json('event','/services/collector/event'))
+
+# Run an array of raw tests
+test_hec( 'raw', args.verbose, args.url,             '/cribl/_bulk', build_raw(                     '/cribl/_bulk'))
+test_hec( 'raw', args.verbose, args.url,  '/services/collector/raw', build_raw(           '/services/collector/raw'))
+
+# Can't send raw to /services/collector
+# test_hec(args.url,      '/services/collector', build_raw(               '/services/collector'))