Ping log in Cortex XDR

 

Hvis du har Cortex XDR Pro pr TB så kan du laste ned XDR VM Broker, den tar i mot syslog og sender videre til din Cortex XDR plattform.

Med en liten IPs.ini fil som IP-liste, en ping_and_send_to_syslog.cmd og en Send-Udp.ps1 fil så kan en lett lage egen syslog.

Jeg starter bare .cmd filen som da går i en loop og pinger alle IP`er i ini filen.
Loggen går til en Cortex XDR widget slik at jeg har full logg på de enhetene jeg ønsker det på.

Edit: la på en liten linje til i scriptet, slik at en får med CPU, Minne, HDD og Fan.

Photo on computer login

 

Er du en som liker å ha kontroll på egne pcer?

Hva med å ta en bilde av den som logger på pcen din?

Satt opp som en test på min pc, alt du trenger er et program som kan ta bilde via et bat script.

Åpne Task Scheduler og legg inn at den starter TakePhotoOnLogin.bat hver gang den trigger "At log on" eller "on workstation unlocked" så får du deg et fint fotoalbum.
Om en ønsker så kan en helt sikkert få lagt inn at bildet blir sendt til deg selv på mail.

Jeg har to kamera tilkoblet akuratt nå så jeg la inn begge.

P.S. I dette tilfelle diskuterer vi ikke personvern.... det tar vi en annen dag.

Social Media Awareness

Privacy Settings:
Regularly review and adjust your privacy settings on social media platforms to control who can see your posts and personal information.

Be Selective:
Be mindful of the information you share publicly. Avoid sharing sensitive personal details like your home address, phone number, or financial information.

Think Before You Share:
Before posting, consider the potential implications of your content. Once something is online, it's difficult to completely remove it.

Avoid Oversharing:
Be cautious about sharing too much information about your daily routines, vacations, or personal events. This information could be exploited by malicious individuals.

Beware of Friend Requests:
Only accept friend or connection requests from people you know and trust. Cybercriminals may create fake profiles to gather information.

Use Strong Passwords:
Ensure your social media accounts are protected with strong, unique passwords. Enable two-factor authentication for an added layer of security.

Be Cautious with Links:
Don't click on suspicious links or download files from unknown sources, even if they're shared by a friend. These could lead to malware or phishing attempts.

Verify Before Sharing News:
Before sharing news articles or information, verify their credibility to avoid spreading false information.

Geolocation:
Be cautious when sharing your location. Avoid revealing your exact whereabouts unless necessary.

Check App Permissions:
Review the permissions you've granted to apps connected to your social media accounts. Remove unnecessary or suspicious apps.

Review Tags and Mentions:
Regularly review posts in which you've been tagged or mentioned. Remove any that you're uncomfortable with.

Beware of Verification Code Requests:
Never share verification codes received via SMS or other methods. Scammers may try to trick you into revealing these codes.

Avoid Responding to Unsolicited Messages:
If you receive unsolicited messages asking for personal information or offering deals that seem too good to be true, exercise caution.

Verify Account Information:
If a friend's account suddenly requests money or sensitive information, verify their identity through a different communication channel before taking any action.

Identifying a Compromised PC

Unusual Behavior:
Should your computer display unusual behavior, like unexpected pop-ups, frequent crashes, or slower performance, it might be compromised.

Unauthorized Software:
If you notice unfamiliar programs or software running on your computer that you did not install, it could be a sign of compromise.

Browser Changes:
Check your browser for unexpected changes, such as a new homepage, search engine, or unfamiliar toolbar. These alterations may indicate a security breach.

Disabled Security Software:
If your antivirus or security software has been turned off without your knowledge, it's a red flag.

Unexplained System Crashes:
Frequent crashes or sudden system shutdowns might be caused by malicious software.

Suspicious Email Activity:
If you notice your email account sending out emails you didn't compose, it could indicate unauthorized access.

Changes in File Access:
If you suddenly cannot access files or folders you previously could, it may be due to unauthorized changes.

Unwanted Browser Changes:
If your web browser frequently redirects you to unfamiliar or malicious websites, it could be a sign of malware.

Excessive Pop-ups:
A sudden influx of pop-up advertisements, especially those containing dubious offers, is a potential indicator of compromise.

New User Accounts:
If you find new user accounts on your computer that you didn't create, it could be evidence of unauthorized access.

Recognizing Phishing Attempts

Verify Sender:
Carefully examine sender email addresses to ensure authenticity. Cybercriminals often use similar addresses to deceive us.

Exercise Caution with Links:
Before clicking on any links, hover over them to reveal the true URL. Be cautious of links requesting personal information.

Question Urgent Requests:
Be skeptical of emails demanding immediate action or generating a sense of urgency. Cybercriminals often exploit urgency to prompt hasty decisions.

Attachments from Unknown Senders:
Refrain from opening attachments sent by unfamiliar sources, as they may contain malicious content.

Familiarize Yourself with Fake Websites:
Cybercriminals may create fake websites that resemble legitimate ones. Always verify the website's URL before entering any personal information.

Spelling and Grammar Mistakes:
Be wary of emails with multiple spelling or grammatical errors. Legitimate organizations usually maintain professional communication standards.

Generic Signatures:
Look out for emails with generic signatures lacking specific names, titles, or contact information.

Unusual Sender Email Addresses:
Be cautious if the sender's email address seems unusual or unrelated to the organization.

Mismatched URLs:
Verify that the URLs in emails match the official domain of the organization. Cybercriminals often use slightly altered URLs.

Requests for Personal Information:
Be cautious of emails asking for sensitive information, even if they appear to be from trusted sources. Legitimate organizations rarely request sensitive data via email.

Fast firewall test

Hvis du kan åpne noen av disse linkene fra din jobb PC så er brannmuren i din bedrift konfigurert feil.

http://portquiz.net:1433/

http://portquiz.net:3389/

http://portquiz.net:5900/

...og du skal selvfølgelig ikke kunne nå disse fra en server!

PaloAltoNetworks firewall - policy configuration

Jeg får av og til spørsmål om hvordan en PANW NGFW skal konfigureres, regner da med det er snakk om regelsett og ikke alt det andre som administrator kontoer, multifaktor, sertifikater osv.

Tenkte derfor jeg skulle skrive noen få huskeregeler om brannmur regler.

1. Alle regler skal ha en Sikkerhets Profil.
2. Alle regler skal ha applikasjon og port (eller app-default)
3. Alle servere (eller servergrupper) skal ha egen regel for det som er spesielt med akkurat den.
4. Felles regler som ms-update, sertifikat nedlasting o.l. er en fordel å ha, disse skal over alle «serverxxx til internett» reglene dine.
5. Alle IOT dingser skal ha egne regler.
6. «Ansatte pc til internett» skal  være hvitliste regel med applikasjoner og app-default, den regelen havner ofte på rundt 300 -350 applikasjoner, det er mye sikrere enn alle 4300 som finnes i PaloAltoNetworks verden pr nå.
7. Hvis en f.eks. behøver tilgang til en webportal.bedrift.no:8443 for administrering så skal det være egen regel for dette, da med egen URL kategori. Hvis mulig så legg også på de få brukerne som skal nå webportalen.
8. Noen andre port baserte regler blir det også, men stort sett ikke mange, legger med et eksempel her.

Etter du har gjort det på listen over bør din AIOps - Best Practice Assessment (BPA) se noenlunde slik ut.