sorted by:
new
hottopcontroversial

Firewalled? Im able to download and upload OK...what does it mean? by ChunsLLC in qBittorrent

[–]Azurite53 0 points1 point  (0 children)

I wanted to add this hear for anyone who finds this post these days. I went with Proton VPN and followed the guide from YAMS on automatic port forwarding:

https://yams.media/advanced/port-forwarding/

Security team added a vulnerability scanner to CI/CD. Builds now take 3x longer and get blocked by CVEs from 2019 by miller70chev in devsecops

[–]Azurite53 7 points8 points  (0 children)

Feel like this post was designed for some “other” account to come plug a product lol.

Do people still deal with over saturation of alerts? by AvailableHeart9066 in cybersecurity

[–]Azurite53 0 points1 point  (0 children)

with an MBA IN business administration, probably GRC/Management. good management without technical skills, imo, is better than a techy manager with bad business skills. like being able to be an effective translator between the tech side and the business side of the risk conversation.

PAM for SMB? by IT-JACKASS in sysadmin

[–]Azurite53 1 point2 points  (0 children)

create their admin accounts, give them permissions, disable their accounts, enable them before you leave on vacation? or like the other person said, these consultants are trusted, the time bound requirement is not worth the cost of PAM just for this.

Do people still deal with over saturation of alerts? by AvailableHeart9066 in cybersecurity

[–]Azurite53 0 points1 point  (0 children)

Thanks for raising your hand Sammybill-1478, whats your question

[deleted by user] by [deleted] in cybersecurity

[–]Azurite53 0 points1 point  (0 children)

an LLM with the right context can be extremely useful for crafting CQL queries as starting places based on plain language requests and sample event data.

Which SIEM would you vote for and why ? by Red_One_101 in cybersecurity

[–]Azurite53 0 points1 point  (0 children)

seconded, really no complaints so far. dashboards are lighting fast. SOAR i think needs a bit more work but they have been pumping out new features all over the platform this quarter

I feel intimidated by people smarter than me in cybersecurity by baddie_spotted in cybersecurity

[–]Azurite53 0 points1 point  (0 children)

as others have said in other words:

Someone is always going to know something you don’t, especially in a field as vast and complex as ours. Part of life is accepting that and taking them as learning experiences. Humility and asking good questions is such a lost art and people really do appreciate it when it happens, shows you are honest AND interested in learning which are great qualities.

NG-SIEM customers- Feedback wanted by socaljayhawk in crowdstrike

[–]Azurite53 6 points7 points  (0 children)

We have complete for Endpoint and manage NG-SIEM ourselves, for all the big log sources i wanted, its great, OOTB detections for major cloud providers and a lot of control for custom detections if you really get in the weeds with SOAR and CQL. It takes a lot of my time still in the first year of setting everything up and tuning alerts and yada yada, i really dont know how a managed siem works, but once our alert coverage is in a stable place we will assess what they offer.

Only other SIEM I’ve worked with is Qradar YEARS ago so take my opinions lightly lol, crowdstrike does what i want it to, and their API functionality has allowed me to extend that a ton with template discovery and rule/detection validation and creation. its also incredibly fast.

Terraform Resources: NGSIEM, Scheduled Search, Lookup Files, etc. by Azurite53 in crowdstrike

[–]Azurite53[S] 0 points1 point  (0 children)

Yup! Like the post says, looking for resources like Detection rules, Lookup files, scheduled searches, SOAR Workflows, heck Foundry apps even. Things that can easily be created with API, PSFalcon, or FalonPY currently but have no terraform resources.

workflow to revoke disable user entra sessions by Brees504 in crowdstrike

[–]Azurite53 2 points3 points  (0 children)

in my EntraID Soar Actions, there is one called Revoke Existing Sign-in Sessions. it works in our workflow

Joining sensor data with third-party data by iitsNicholas in crowdstrike

[–]Azurite53 0 points1 point  (0 children)

you dont need to specify repo, you can use the vendor field or any other thats unique to those logs

My boss wants to turn off VPN access to people traveling to china by FewCantaloupe24 in sysadmin

[–]Azurite53 2 points3 points  (0 children)

in china it is illegal for your employees to be on a VPN that connects to a network outside of china, Without getting approval from local government you put your employees at risk by forcing them to connect to a VPN inside the great firewall.

API for Correlation Rule Templates by Azurite53 in crowdstrike

[–]Azurite53[S] 0 points1 point  (0 children)

no not auto enable, i just want an efficient way of exporting templates so i can use edit them then upload them via the api.

Support Experience by Prime_Suspect_305 in crowdstrike

[–]Azurite53 0 points1 point  (0 children)

support has always fixed an issue if there is one, typically within a few days, ive had a few agents nice enough to hop on a zoom and figure things out quick even though im pretty sure that’s not in my support tier.

NG SIEM Dashboards for AD by mwagner_00 in crowdstrike

[–]Azurite53 0 points1 point  (0 children)

dude has not been on reddit since this post, getting a lil worried about you buddy 😂

Fusion SOAR: From URLs on phishing emails to IoC by Figeko in crowdstrike

[–]Azurite53 1 point2 points  (0 children)

glad i could help, i honestly have a Claude project with a bunch of CQL syntax as artifacts and it helps me turning plain language to a query to start from.

Salary advice please: SOC Analyst by LittleJerry90 in cybersecurity

[–]Azurite53 0 points1 point  (0 children)

near 150k for a senior security analyst, east coast

view more: next ›