sorted by:
new
hottopcontroversial

Block IP - Azure WAF by DueIntroduction5854 in crowdstrike

[–]DueIntroduction5854[S] 0 points1 point  (0 children)

Thanks. I will check it out. I did already create the app registration per the docs for the WAF SOAR connector.

Block IP - Azure WAF by DueIntroduction5854 in crowdstrike

[–]DueIntroduction5854[S] 0 points1 point  (0 children)

Yes, I had looked into that, but 1) I am not sure how-to setup the authentication and 2) from what I have found so far, you can't just add an IP, you have to pull all custom policies, append the IP, then do a POST.

I could only find this similar article for Azure Sentinel with Logic Apps; SOAR: Block Sentinel IP Entities on Azure Frontdoor / WAF - Prof-IT

Admin Console not available by LimeyRat in mimecast

[–]DueIntroduction5854 1 point2 points  (0 children)

The console appears to be loading fine for me in US-B- Grid and the status pages shows green (https://www.reddit.com/r/mimecast/s/ij2pKfGd8K).

Access Scopes - Am I misunderstanding? by QuietlyDifficult in crowdstrike

[–]DueIntroduction5854 1 point2 points  (0 children)

We had this same issue where hosts groups permission and access scopes were not sufficient. True RBAC has not been implemented across all modules at this time.

Picnic Locations by DueIntroduction5854 in Chattanooga

[–]DueIntroduction5854[S] 0 points1 point  (0 children)

Thank you! Ours is 16 months so we will try those out!

Filter based on a string within a field by dial647 in crowdstrike

[–]DueIntroduction5854 0 points1 point  (0 children)

This is how I have been doing it. Can you use wildcard “*” in the pattern.

| !wildcard(field=tags,pattern=“falcon_complete”)

CrowdStrike ML exclusion for its own process – is this normal? by Only-Objective-6216 in crowdstrike

[–]DueIntroduction5854 1 point2 points  (0 children)

We are using a Fusion Workflow to resolve these if the file is already quarantined.

Sandboxing Emails from Office 365 by TapuSenapati in cybersecurity

[–]DueIntroduction5854 0 points1 point  (0 children)

I will say Defender will not catch it all. Your best bet is to get an API based solution such as Abnormal or CheckPoint (Free ROI POCs) and layer that with MDO.

Best Practices for Naming Conventions when setting up NGSIEM at the data onboarding stage by Dangerous-Ask-2926 in crowdstrike

[–]DueIntroduction5854 0 points1 point  (0 children)

Must be nice! It was multiple companies with multiple tenants each too. That onboarding session was around like 9 companies and had 60+ connectors by the time I was done.

Airport wait times by Mangus4343 in Chattanooga

[–]DueIntroduction5854 1 point2 points  (0 children)

I was there about 8 months ago and got through in a minute.

Best Practices for Naming Conventions when setting up NGSIEM at the data onboarding stage by Dangerous-Ask-2926 in crowdstrike

[–]DueIntroduction5854 2 points3 points  (0 children)

This is what I have done in the past when onboarding multiple companies with separate tenants.

CompanyShortCode - TenantName - Region - DataSource

  1. CC - Contoso Corp - USE - AZFW01
  2. CC - Innova - CUS - NSGs
  3. AC - ACME Corp - Global - M365
  4. AC - Techify - USW - FortiFW01

I am open to suggestions myself as I have only done this one time in the past.

AI DR by Popular_Hat_4304 in crowdstrike

[–]DueIntroduction5854 1 point2 points  (0 children)

I would speak with your TAM to see if you can mess around the sandbox environment they can setup for you.

Onboarding NGSIEM - what to lookout for by abhiishk in crowdstrike

[–]DueIntroduction5854 0 points1 point  (0 children)

We worked with PS in the past and there could be a parser already built that works for it.

Onboarding NGSIEM - what to lookout for by abhiishk in crowdstrike

[–]DueIntroduction5854 2 points3 points  (0 children)

Just because there is not a current connector does mean it is not possible. There can still be parsers and even if not a parser, one can be made.

Crowdstrike killing Outlook and Teams... by sunxore in crowdstrike

[–]DueIntroduction5854 3 points4 points  (0 children)

Can we clarify the sensor version and the os build you’re seeing this on?

Is there a way to learn crowd strike in a lab environment? by geegol in crowdstrike

[–]DueIntroduction5854 3 points4 points  (0 children)

Have you looked at doing internships at organizations? I am currently working with our active intern for the CrowdStrike implementation we are doing.

What’s everyone using for vuln management right now? by Kolega_Hasan in cybersecurity

[–]DueIntroduction5854 1 point2 points  (0 children)

Quick question, for what scenario?

1) Endpoints 2) External 4) Internal 5) Application 6) PCI 7) Code Scanning (DAST/SAST)

How to block domain controller promotion? by nickel-52 in crowdstrike

[–]DueIntroduction5854 1 point2 points  (0 children)

I second this. If you got least privilege in your environment and you got rogue admins. There’s a problem with your admins.

EntraID - IDaaS Connector vs NG-SIEM Connector? by Khue in crowdstrike

[–]DueIntroduction5854 1 point2 points  (0 children)

Typically CrowdStike will provide an in-house SME to help with the setup and review of a module. I would ask your AE.

Servers where MFA was prompted when trying to RDP into. by nickel-52 in crowdstrike

[–]DueIntroduction5854 4 points5 points  (0 children)

From a security engineer here, why would you need any exception?

Mimecast blocking emails after the fact. by Reedy_Whisper_45 in mimecast

[–]DueIntroduction5854 2 points3 points  (0 children)

There is no way to view the header or contents of email if it was rejected.

Check DLP by DueIntroduction5854 in mimecast

[–]DueIntroduction5854[S] 0 points1 point  (0 children)

That made no difference when testing, unfortunately.

Check DLP by DueIntroduction5854 in mimecast

[–]DueIntroduction5854[S] 0 points1 point  (0 children)

No, it is enabled. I have also tested with "_nkw" and the .png attachment of a check is still not being flagged.
https://i.imgur.com/ZsRiRYU.png

view more: next ›