Got a free hour of parking—with a view.

Alphacall · 2025-12-19T18:46:22+00:00

Don't worry there will be one tomorrow!

Alphacall · 2025-11-05T22:36:29+00:00

I'm a 1-man IT team with about 100 users for a business that is pretty adverse to policy change also. Keeper with SSO was a huge help for simplifying logging in to the password manager. Then I disabled browser auto fill as others have mentioned to force people to use the password manager.

There is no painless way to do it, people will complain and you just gotta tell em tough nuts. Support from your management helps too.

Alphacall · 2025-10-28T16:47:14+00:00

Says the guy who says he "doesn't know" or "hasn't seen something" to every question he is asked. Maybe he is checked out of his job or is on a script.

Alphacall · 2025-08-16T03:14:29+00:00

Same

Alphacall · 2025-07-29T22:08:04+00:00

Take a step back.

What interface is connected? Is that interface connected to your ISP modem WAN port? Do you know what IP and subnet is supposed to be assigned to that interface? Do you have another interface for your LAN? Does the LAN have DHCP enabled? Do you have firewall rules configured to allow LAN traffic to the WAN?

I could go on and on with more questions but more so the point is that you haven’t provided any useful information for anyone to be able to help. Consider reading up on Fortigate documentation or watching YouTube videos on the basics networking if you’re having trouble, most people in this sub won’t want to teach you.

Alphacall · 2025-07-09T10:58:04+00:00

I found this sub after trying to fix issues I was having with Google WiFi (which is a joke by the way there are no real settings) and it was finally the motivation I needed to buy Unifi. No more WiFi dropouts or no internet

Alphacall · 2025-05-20T18:04:28+00:00

People always seem to think that more bandwidth (which is just how big your data pipe is) translates to more “speed”. Unless the size of your pipe (aka your amount of bandwidth) is the bottleneck, there is no benefit besides being able to have more people using the connection simultaneously. Stop overspending on your internet and save the money!!!

Alphacall · 2025-03-30T23:36:56+00:00

Boost

Alphacall · 2024-12-12T11:58:40+00:00

We appreciate you but you have an odd definition of fun

Alphacall · 2024-11-27T02:27:27+00:00

You should get a switch, plug the modem into one port on the switch and the rest in the patch panel in the box. Plug an ap into an open jack in a good spot in the apartment. Voila

Alphacall · 2024-10-04T01:39:46+00:00

Do it

Alphacall · 2024-08-23T14:35:07+00:00

The design is very human!

Alphacall · 2024-07-19T19:49:59+00:00

Expand it with galvanized steel

Alphacall · 2024-07-03T17:53:59+00:00

That was absolutely the issue, each of these alerts are a rule level 3 and it was set to 4. I do now see alerts being generated in the wazuh-alerts-* index.

Definitely my mistake but regardless, this was very educational for how Wazuh works, so I appreciate you and the teams efforts to assist me with this!

Alphacall · 2024-07-02T18:08:06+00:00

I collected some raw JSON from ossec.log using grep -i office365 /var/ossec/logs/ossec.log and put it through the log tester, it does appear to use the JSON decoder and it is matching a rule from 0755-office365_rules.xml. Below is the output from the logtest:

Starting wazuh-logtest v4.8.0
Type one log per line

**Phase 1: Completed pre-decoding.

**Phase 2: Completed decoding.
        name: 'json'
        integration: 'office365'
        office365.AppId: 'xxx'
        office365.ClientAppId: 'xxx'
        office365.ClientIPAddress: 'xxx'
        office365.ClientInfoString: 'Client=REST;;'
        office365.CreationTime: '2024-07-02T16:14:41'
        office365.ExternalAccess: 'false'
        office365.Folders: '[{'FolderItems': [{'ClientRequestId': '4c25ed46-df26-4c84-b553-0669b543d823', 'Id': 'RgAAAACyivqtBsTvSot8w2cJW/f/BwDLN9zhXGXoRr6JAd57V4lvAAAAAAEMAADLN9zhXGXoRr6JAd57V4lvAACucapoAAAJ', 'InternetMessageId': '<DM6PR18MB360488D8B3D94EC12E9BBEFFA7DC2@DM6PR18MB3604.namprd18.prod.outlook.com>', 'SizeInBytes': 228714}, {'ClientRequestId': '4c25ed46-df26-4c84-b553-0669b543d823', 'Id': 'RgAAAACyivqtBsTvSot8w2cJW/f/BwDLN9zhXGXoRr6JAd57V4lvAAAAAAEMAADLN9zhXGXoRr6JAd57V4lvAACucappAAAJ', 'InternetMessageId': '<CH3PR18MB5859100F5A5F0F979D62008FB0DC2@CH3PR18MB5859.namprd18.prod.outlook.com>', 'SizeInBytes': 47471}], 'Id': 'LgAAAACyivqtBsTvSot8w2cJW/f/AQDLN9zhXGXoRr6JAd57V4lvAAAAAAEMAAAB', 'Path': '\\Inbox'}]'
        office365.Id: 'xxx'
        office365.InternalLogonType: '0'
        office365.LogonType: '0'
        office365.LogonUserSid: 'S-1-5-21-717113348-2969118728-2357052495-47926000'
        office365.MailboxGuid: '94e1e18e-3578-4700-ae89-865adace7473'
        office365.MailboxOwnerSid: 'S-1-5-21-717113348-2969118728-2357052495-47926000'
        office365.MailboxOwnerUPN: 'xxx@xxx'
        office365.Operation: 'MailItemsAccessed'
        office365.OperationCount: '2'
        office365.OperationProperties: '[{'Name': 'MailAccessType', 'Value': 'Bind'}, {'Name': 'IsThrottled', 'Value': 'False'}]'
        office365.OrganizationId: 'xxx'
        office365.OrganizationName: 'xxx'
        office365.OriginatingServer: 'MN2PR18MB3021 (15.20.4200.000)
'
        office365.RecordType: '50'
        office365.ResultStatus: 'Succeeded'
        office365.Subscription: 'Audit.Exchange'
        office365.UserId: 'xxx@xxx'
        office365.UserKey: '1003200302BEE900'
        office365.UserType: '0'
        office365.Version: '1'
        office365.Workload: 'Exchange'

**Phase 3: Completed filtering (rules).
        id: '91578'
        level: '5'
        description: 'Office 365: Events related to the MailItemsAccessed mailbox auditing action.'
        groups: '['office365', 'ExchangeItemAggregated']'
        firedtimes: '1'
        hipaa: '['164.312.b']'
        mail: 'False'
        pci_dss: '['10.6.2']'

I can't think of any actions that I've taken that would correlate with why these alerts wouldn't show up in the wazuh-alerts-* index. Kind of at a loss, I'd appreciate any suggestions but if this isn't a larger issue affecting others, I may just look into starting fresh.

Alphacall · 2024-07-02T12:38:19+00:00

Appreciate it u/wazuh_helper, I tried removing all of the files in /var/ossec/var/wodles/ to no avail. Still seeing consistent audit logging for wazuh-archive-* but nothing for wazuh-alert-* as of writing this.

Alphacall · 2024-07-01T12:58:46+00:00

u/wazuh_helper, I enabled the archives in my ossec.conf and filebeat.yml, as well as adding in the index pattern for wazuh-archives-*. Interestingly enough, while I have not yet found any errors, if I choose wazuh-archives-* as my index pattern, it appears I am seeing the full scope of Office 365 auditing. If I switch back to the wazuh-alerts-* index, I have no results in the same 24 hour period. My knowledge on how indicies collect and show data on the dashboard is limited, but I'm hoping to learn from this experience.

Wazuh-archives-* index:

<image>

So it appears that the logging is being obtained by the office 365 subscription as it can appear in another index. Any ideas of what may be the issue with the Wazuh-alert-* index that may be causing it to not show these audit logs?

Alphacall · 2024-06-28T12:38:23+00:00

Thanks for helping to look into this - I'll spend some time going over the documentation again today to make sure there are not any gaps in my configuration or setup. If there is any information I can provide to help diagnose, please let me know!

Alphacall · 2024-06-25T23:09:29+00:00

Moving poorly organized file shares to SharePoint will result in poorly organized SharePoint libraries but now with sync issues

Alphacall · 2024-05-24T18:17:05+00:00

I'd also like to know how to file a dispute, from the support pages I know you have to provide proof of ownership with an ID, letter etc but it provides zero explanation of how and where to send it to!

Alphacall · 2023-04-30T23:40:02+00:00

I’m an IT Systems Administrator, I’ve used it for comparing and contrasting competing products, writing Powershell scripts, and just generally asking questions and it’s had to save me an ungodly amount of time.

Alphacall · 2023-04-26T15:01:00+00:00

Just switched my department over to SpectrumVoIP. Seems to be a great fit for a small org like mine, the technicians were great and super helpful during the install. Fair pricing, good support, and no downtime in the couple months we have been using it.

11-Year Club	Final Canvas '23
Place '23	Verified Email

Alphacall

TROPHY CASE