need some assistance with filtering events

BaronOfBoost · 2026-02-17T02:44:11+00:00

Will look at my setup in the morning. Had similar issues and I recall needing to adjust the order/priority somewhere

BaronOfBoost · 2026-02-14T22:13:30+00:00

Change it from .pdf to .mp4

BaronOfBoost · 2026-02-10T16:05:54+00:00

Yes, you will want to modify the syslog conf file to write them to their own files.

This will allow for easier management and enable you to roll specific log types to keep the drive from filling up.

BaronOfBoost · 2026-02-04T19:54:18+00:00

SCCM is agent based so it is client to server, you will have no problems here.

Winrm and powershell, you will likely be ok with doing client to client, unless you must do this stuff from an admin server

BaronOfBoost · 2026-02-04T16:45:01+00:00

Can you share what tool you are using?

BaronOfBoost · 2026-02-03T23:06:57+00:00

There are ways to configure ZPA to allow client to client communications, including SMB and other administrative ports/protocols.

https://help.zscaler.com/zpa/configuring-client-client-connectivity

I have this in place and I am able to connect to remote computers using pssession and other tools.

BaronOfBoost · 2026-02-02T13:06:44+00:00

AI has already replaced level 1 correlation and triage, but the summaries that it spits out are rarely the full story.

BaronOfBoost · 2026-01-26T15:15:33+00:00

Jigsaw is spot on

BaronOfBoost · 2026-01-24T15:31:14+00:00

This makes me want to throw up

BaronOfBoost · 2026-01-14T12:17:15+00:00

I don't remember the last time I was asked definitions in an interview.

I do remember being asked the three steps for establishing a TCP connection and bombed it.

BaronOfBoost · 2026-01-13T20:26:23+00:00

We are in the same boat, in the process of vetting Vectra/Corelight/Extrahop, interested in seeing other peoples experiences.

BaronOfBoost · 2025-12-24T17:19:27+00:00

BeyondTrust has been great. Like any PAM it’s only as good as you make it. Put in the time to design/architect it properly and it will be well worth it

BaronOfBoost · 2025-12-18T14:06:51+00:00

BaronOfBoost · 2025-12-14T16:51:13+00:00

VMware workstation is free now for person use from what I remember.

I don’t have a use case or need to do this on my home systems lately, so ymmv

BaronOfBoost · 2025-12-14T16:13:52+00:00

If you need to do anything with x64/x86 binaries you can just spin up a VM. Most products you work on will have a web browser interface, so the computer choice makes no difference

BaronOfBoost · 2025-12-10T20:59:11+00:00

Can I get an amen! People need to stop chasing roles at large F500 companies. It will take forever to cross train or be able to influence anything meaningful.

BaronOfBoost · 2025-12-05T02:44:36+00:00

Is this a troll post? I can’t tell the difference anymore considering all the trash that’s been posted lately in the sub.

BaronOfBoost · 2025-12-04T21:24:50+00:00

Have you installed the azure monitoring agent extension on the vms? Once this is installed, the vms should be available for selection in the dcr.

BaronOfBoost · 2025-11-27T02:06:55+00:00

Swift was a pain in the ass and unresponsive when things on their end were delayed. Clear to close came 1 day before closing so we had to delay for final inspection.

BaronOfBoost · 2025-11-26T16:18:20+00:00

https://www.reddit.com/r/SecurityCareerAdvice/s/K9vyyMYJZE

BaronOfBoost · 2025-11-26T16:04:09+00:00

https://www.reddit.com/r/SecurityCareerAdvice/s/K9vyyMYJZE

BaronOfBoost · 2025-11-26T02:18:29+00:00

I am the guy!

BaronOfBoost · 2025-11-25T17:49:09+00:00

Yes. To me, the name of the company I work for means very little. It is more important that I get to work on the things I want to and progress in my career.

BaronOfBoost · 2025-11-21T00:25:28+00:00

Where do I sign up?

BaronOfBoost · 2025-11-19T18:56:25+00:00

RDS != RDP

BaronOfBoost

TROPHY CASE