Comments
-
I have been doing a great deal of work with threat intelligence feeds over the past 6 months. Most of the issues come from flash and java, which tend to be adds embedded from 3rd party websites (If not already using the EFF's Privacy Badger install it and force the companies to change the bad practices) My tool of choice…
-
I guess the main point is we are using work around, with text files for example, to make the LEM do what we want anyway so why not add the fiction and make it simpler Thanks Tony
-
Also why not add add a semi or automated setting under admin to update the connector via the GUI. Plus have links to the KBs for each connector from within the GUI itself.
-
Or better yet move is to the GUI under an admin login!
-
Anyone looking for a complete lists of blocklists should take a look at the import script for pfSence https://forum.pfsense.org/index.php?topic=86212.msg508975#msg508975 Thanks Tony
-
This is exactly what I wanted to know / understand, please update the manual, and even the cli, as depreciated feature.
-
In one of my other posts note how the graphs are not very useful for my needs. For example, unless I missed something, there is no way to create a graph that show a list of top TCP traffic servers and top TCP ports used on these servers at the same time. I have resorted to exporting and doing it in other software. I might…
-
Jeff Thanks for the quick reply but this contradicts the manual and CLI * "If you have a High Availability (HA) system, upgrade the primary appliance(s) first, followed by the secondary appliance(s)" * Via the CLI "promote * In a failover set, promote appliance to primary." What gives? Thanks Tony
-
Not being able to find details and examples for LEM drove me nuts for a few days until I thought about what I needed to search for Basically don't try and search for how to do something in LEM, instead Google for the event or log data that you need to trigger from. Then use nDepth to search for that item, from there look…
-
Its a dedicated system with one VM, no reason not to. Also noticed via TOP when running reports CPU jumps, plus we are already at 5M events per day with a few burst to 12M and just getting started will be 20x this soon, and this is after reducing the noise via policy.
-
Yep changing to csv worked
-
Tried to import the the txt file and it did not work, nothing was even logged to LEM Internal Events or watchlog! Any ideas? Thanks Tony
-
Update: Something strange is going on, just noticed when I make a change to the rules text description as well as enable / disable its not updating the Manager! I see the changes via the watchlog and when I do a refresh on the webpage everything updates. This happens with both IE 11 and Chome, latest versions, but Firefox…
-
I am working on a project like yours now. And agree that nDepth is more complex then it needs to be, at first, it takes time to understand why things are setup they way they are. My biggest grip is not being able to use filters I create in monitor in nDepth and the other way around, PINA. The LEM is only going to report on…
-
Util they add this feature you would use powershell to create a custom actions by watching a text file, group, email, popup message or even SNMP. Basic command to copy file listed in a text file, would need to expand it update the text file after the copy is complete: Get-Content myfile.txt|Foreach-Object{copy-item -path…
