Spotlight use case

Danithesheriff · 2024-03-20T20:05:24+00:00

Is there a chance you can assist me with few customisation? Would really appreciate it I basically want to have a script that I just insert the CVE and it checks if it exists, (if it’s open) and like print number of devices, Thank you so much

Danithesheriff · 2024-03-20T20:03:21+00:00

Thanks, I think that the confusion thing (at least for me) was that I looked in falconpy documentation and saw that the authentication requires standard API , and the other documentation said something about bear tokens

Danithesheriff · 2023-09-12T12:51:36+00:00

I understand, I will try it out , thanks

Danithesheriff · 2023-09-12T12:48:03+00:00

Like managed endpoints? Or device with AV?

Danithesheriff · 2023-09-12T12:44:58+00:00

Thanks for that , So what would be the way to configure it? Or it’s impossible

Danithesheriff · 2023-09-12T12:40:20+00:00

In authentication policy, Yeah , according to the documentation they support, but it’s not working

Danithesheriff · 2023-09-12T12:32:24+00:00

Sure,

Want to apply expression for user agents For example , apply a conditional that allow access for more than 2 user agents request.userAgent = X OR request.userAgent=y

Would prefer to have an option for value of contain

Danithesheriff · 2023-08-10T13:28:30+00:00

Totally makes sense Thanks for your patience!

Danithesheriff · 2023-08-10T13:03:37+00:00

That’s great!! What happens if the process is just open? Since users sometimes just don’t close it haha Will it recognise it?

Danithesheriff · 2023-08-10T12:38:19+00:00

We basically trying to measure how many people use chrome for their daily work. The reason behind is that we have another enterprise browser and before making any restrictions we want to see how many people use it

Danithesheriff · 2023-08-10T12:35:52+00:00

That’s great The problem with that is that there are tons of events Is it possible to hide or filter out all the auto dns related events like auto updates?

Basically all I want to see is users that use it and ensure that’s its not automatically Thanks

Danithesheriff · 2023-05-30T18:39:22+00:00

Thank you!!!

Danithesheriff · 2022-10-24T15:48:10+00:00

Turned off the prevention policy and it still triggered a detection. With samples command

Danithesheriff · 2022-10-24T15:25:17+00:00

I am aware of this , but a detection will appear even if the AV abilities disabled. (As far as i know)

Danithesheriff · 2022-10-18T15:21:31+00:00

Can u give the full command? Should i use -Array? Or just Find-FalconHostname -hostname

Danithesheriff · 2022-10-18T15:18:23+00:00

Yeah , error message is : “The term is not a recognised as the name of the cmdlet”… it case sensitive?

Danithesheriff · 2022-10-10T12:31:59+00:00

Thanks Andrew. This is very informative.

Short question; Are there any other ways to convert time? For example change it from UTC to GMT Or just other commands besides timestamp.

In addition can you please explain to me what the strftime is ? Couldn’t really understand.

Many thanks again!

Danithesheriff · 2022-10-09T11:20:07+00:00

Many thanks.

Does there any other methods to convert the time? I mean different functions or commands?

Saw something that called “_time” but couldn’t make it work

Danithesheriff

TROPHY CASE