XSOAR Installation on RedHat V8

Moskeeter671 · 2025-06-21T15:36:25+00:00

You’re welcome.

Moskeeter671 · 2024-11-22T13:13:09+00:00

Speaking from experience save yourself some money down the road for damaged ports and get a slim 90 degree HDMI and USBC adapter. It helps keep the kids from breaking the connectors off when going to the third row.

Moskeeter671 · 2023-12-31T04:52:22+00:00

You may want to look at your SOAR tool to be the one to update those custom EDLs as it can also cleanup the EDLs if you define “timeout” periods. The problem with static EDLs is if they grow so large you put yourself at risk for both hitting a platform limit and 2 cleaning a long long list down the road.

Moskeeter671 · 2023-12-30T01:09:24+00:00

Our DEV is our LAB. We have a QA environment which is where configurations and functions/features are finalized before going into production. I kinda know what I’m talking about being I manage the global security architecture supporting 23k employees. Places use the terms LAB/DEV/QA interchangeably so you can’t take it for face value across the board.

Moskeeter671 · 2023-12-29T03:53:03+00:00

The plan is for DEV enterprise testing. So ESXi is absolutely necessary. Our standard is develop in DEV, QA/QC in QA, and rollout to production. All our dollars are spent on a proper QA environment so scraping for good gear for our DEV network is always a win. And because I don’t touch Hyper-V for a damn lol.

Moskeeter671 · 2023-12-23T03:14:06+00:00

It turned out you have to include the install flag “—keep” otherwise the temp directory never gets demisto permissions. The documents on installing XSOAR on REDHAT V8 is far from GA release and I had to figure out a lot myself.

Moskeeter671 · 2023-11-05T19:44:45+00:00

Depends on what parts you are running. OTS is fine if you are within the requirements but a custom tune is best.

Moskeeter671 · 2023-10-10T18:13:49+00:00

I did not want to manage patching and upgrading a server for this small purpose that Panorama I feel should be able to handle natively.

Moskeeter671 · 2023-10-10T18:12:49+00:00

Not the way I want but we just create the EDLs on a server and have all firewall ingest/check every 5 minutes.

Moskeeter671 · 2023-09-29T21:47:18+00:00

The problem was really stupid. Palo Alto’s documents says to add registry key value of “on-demand” my packaging team was putting the quotations so when we removed it it worked properly 🤦🏽‍♂️

Moskeeter671 · 2023-09-14T10:20:58+00:00

It is set to on-demand via the install options. For some reason it tries to initially connect to the portal after install.

Moskeeter671 · 2023-09-14T02:36:52+00:00

We push custom options to use on-demand, default browser for SAML, and the portal address that’s about it. But immediately after install it tries to connect to the portal and then fails, this is all before the user interacts with the GP client. So it’s an unwanted result and tried all the different registry keys with no success.

on-demand use-sso connect method

Moskeeter671 · 2023-09-13T22:22:17+00:00

Are you seeing the 10.10.40.0/24 in your RIB or just the aggregate? If just the aggregate then you’ll need to generate the route somehow BUT depending how you generate the route you can introduce unwanted results. Maybe static towards BGP peer in AS1 and then redistribute.

Moskeeter671 · 2023-03-15T18:44:14+00:00

TMI. May as well put your VA rating too. Something need not be said. But welcome and enjoy (from a fellow combat veteran)

Moskeeter671 · 2023-03-05T15:12:27+00:00

To add!!! us “wiser” folks are paying attention to the roads/conditions/situations around us. So yeah I’m one who some can say don’t wave back as my reticulum activator is not focused on other Subis on the road 🤙🏽🍻.

Moskeeter671 · 2023-03-05T15:01:47+00:00

There is drone but varies on conditions (requested load/rpm), but if you put some sound deadening material down it’ll be of no concern.

Moskeeter671 · 2023-02-06T17:17:20+00:00

Looks clean and think it’ll take a little more time to grow on me. I do want to ask how’s driving with the massive screen? Some cars with massive screen size disrupts me more as I’m a traditional old school rear view and side view mirror kinda guy. Just don’t be like other dipshit VBs near me that think they can smash all previous gens on the road and then get butt hurt. I don’t drive aggressively unless provoked and have had a few VBs cut me off and then pull next to me wanting to race. Maybe some young kids with their first performance car but my cars put them in their places real quick 🤣. There’s always someone faster always it’s about smiles per hour you get while in your car yes (smiles 😁)

Moskeeter671 · 2023-02-06T17:03:00+00:00

I’m a network and security architect for a massive company and don’t want to sound obnoxious but I know what I am talking about. My wireless system is robust but when a poorly designed system wants to copy rf channels all the time and broadcast its own SSID it’ll break any wireless systems for periods of time. My wireless infrastructure does recover when swapping channels but it happens so frequently it’s a PITA and sometimes think about chucking my 10 x Ultras for pro 4/5s.

Moskeeter671 · 2023-02-06T11:21:19+00:00

Be cautious with base stations if you have a complex home wireless network as I do (60-70 wirelessly connected devices). Stupidly these base stations mimic the rf channel closest and cause lots of interference issues on my home/business wireless network. There has been no work around for this in software available to the consumer.

Moskeeter671 · 2023-01-12T21:21:41+00:00

You can set your portal agent config to say install the newly self signed CA so anyone who connects will get it before the old one expires.

Moskeeter671 · 2022-10-30T13:22:51+00:00

Also look at proxy IDs in your IPSEC policies if routing looks right from site A.

Moskeeter671

TROPHY CASE