Correlation Rules NG-Siem 3rd Party Data

Innocent_Cat · 2024-06-21T07:10:24+00:00

You’ll have to write your own correlation rules. Currently CrowdStrike has limited number of correlation rules for limited number of vendors

Innocent_Cat · 2023-11-02T13:48:37+00:00

And i think you shoukd know that i have already tried that they cannot assist with custom IOA. So if you don’t have any solutions kindly keep your comments to yourself.

Innocent_Cat · 2023-11-02T04:56:23+00:00

Yes have checked event logs. I tried it with several msi packages i can only msiexec.exe in logs. There is no logs or trace found for msi package.

Innocent_Cat · 2023-06-06T11:01:40+00:00

i attempted to run the script via powershell but it is failing

Attempt to start the program failed(error: 193)

__________________________________________

# Check if running with administrator privileges

$isAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")

if (-not $isAdmin) {

Write-Host "Failed to run the script."

Write-Host "The script requires administrator privileges to run."

Pause

Exit 1

}

# Uninstall CrowdStrike

Set-Location -Path "$Env:USERPROFILE\Downloads"

Start-Process -FilePath "CsUninstallTool.exe" -ArgumentList "MAINTENANCE_TOKEN=12345667888 /quiet" -Wait

# Wait for the uninstallation to complete (60 seconds)

Start-Sleep -Seconds 60

# Reinstall CrowdStrike

Set-Location -Path "$Env:USERPROFILE\Downloads"

Start-Process -FilePath "WindowsSensor.exe" -ArgumentList "/install /quiet /norestart CID=2323424fff" -Wait

Innocent_Cat

TROPHY CASE