Press "Enter" to skip to content

SIEM System Use Cases

johnyan 0

Working on LogRhythm – Cloud SIEM project. LogRhythm’s SIEM solution combines enterprise log management, security analytics, user entity and behavioral analytics (UEBA), network traffic and behavioral analytics (NTBA) and security automation and orchestration. That integrated approach can make for efficient security operations, from threat detection to incident response. Because SIEM is a core security infrastructure with access to data from…

Palo Alto Firewall Migration Plan Tasks List

johnyan 0

It is simple breakdown for a complicate firewall migration plan. It can be used to plan migration from existing firewalls to new Palo Alto Firewall. The tasks should be modified based on the real production situation in your environment. This is for on prem case. For cloud situation, the tasks will be slightly different. But most will be same.

Enable CyberArk File Copy / Paste Function Between PSM RDP Sessions

johnyan 0

Enable Copy/Paste Function Between PSM RDP Sessions By default, the settings disables this function. You will not be able to copy / paste between PSM RDP sessions, although SSH sessions work. Following steps can show you how to enable this : ยท        1.  Go to Administration > Options > Connection Components > PSM-RDP > User Parameters 

Symantec Endpoint Detection & Response (EDR) Notes

johnyan 0

Symantec EDR (Endpoint Detection & Response, Previously ATP – Advanced Threat Protection) exposes advanced attacks with precision machine learning and global threat intelligence minimizing false positives and helps ensure high levels of productivity for security teams. Symantec EDR capabilities allow incident responders to quickly search, identify and contain all impacted endpoints while investigating threats using a choice of onpremises and…

Vulnerability: SSL/TLS use of weak RC4(Arcfour) cipher port 3389/tcp over SSL

johnyan 0

Recent during a vulnerability scan , there is RC4 cipher found using on SSL/TLS connection at port 3389. The solution in the Qualys report is not clear how to fix. This post is going to record some searching results found online how to fix this SSL/TLS RC4 Cipher Vulnerability. SSL/TLS use of weak RC4(Arcfour) cipher port 3389/tcp over SSL QID:…

The rocket-fast Syslog Server – Rsyslog Client and Server Configuration

johnyan 0

Rsyslog is an Open Source logging program, which is the most popular logging mechanism in a huge number of Linux distributions. It’s also the default logging service in CentOS 7 or RHEL 7. Rsyslog daemon in CentOS can be configured to run as a server in order collect log messages from multiple network devices. In this post, I am using…

Bulk IP Reputation Check using Security Websites and Open Source Scripts

johnyan 0

This topic has been haunted in my mind for quite a while. As an information security guy, we got tons of reports about end point activities. One of them is the website ip or urls they were accessing. A typical network abnormal behaviour for an infected or compromised end point is huge amount of accessing malicious ip or bad reputation…