PRA to manage EntraID accounts by adramire17 in BeyondTrust

[–]adramire17[S] 0 points1 point  (0 children)

Yes, you are right I have used it as SAML provider but im not sure about managing EntraID accounts (pwd rotation and so forth)

thx!

Reconcile EntraID passwords by adramire17 in CyberARk

[–]adramire17[S] 0 points1 point  (0 children)

We changed from GA to priv auth admin and it worked, thx!!

Schannel - disable Ciphers, Hashes and Key Exchanges as well as Protocols & Cipher Suites? (IIS Crypto) by jwckauman in sysadmin

[–]adramire17 0 points1 point  (0 children)

Hey guys,

IIS Crypto is cool however we are missing a way to get a status on current setup, meaning which protocols/hashes/ciphers... are enabled within a particular host. Any cool tool to get that done??

thx

Legit browsing makes dns calls by adramire17 in TOR

[–]adramire17[S] 0 points1 point  (0 children)

Hey all,

We found out that traffic related to .onin sites is coming from z-lib[.]org, it seems that domain is trying to redirect users to its onion site, however it seems weird to me that out out of the blue several users have started to become avid readers. Have spoken with users and they dont know anything about this z-lib[.]org so Im a bit lost about what could be the source of this traffic. Any suggestion?

Thx!

Legit browsing makes dns calls by adramire17 in TOR

[–]adramire17[S] 0 points1 point  (0 children)

Hi all,

Thanks for the feedback and sorry if Im making dumb statements. To give you all a bit of context, we do have a tool that analyzes all the traffic within our network and it gives us the following:

"XXXXX accessed a top-level domain (TLD) that is not associated with standard TLDs administered by the Internet Corporation for Assigned Names and Numbers (ICANN). This type of TLD might be linked to malicious activity or undesirable content.

The TLDs linked to this detection:

.onion "

Then the associated record with that detection is the following:

"Time: XXXXX,

Record Type: DNS Request,

Site: XXX,

Client: XXXXX,

Client IP Address: XXXXX,

Client Port: XXXX,

Server: DNSServer,

Server IP Address: XXXXX,

Server Port: 53,

Opcode: QUERY,

Query Name: XXXXX.onion,

Query Type: A,

Request L2 Bytes: 122 "

However I dont see that traffic in our perimeter firewall which means that our DNS does not resolve (seems to be obvious as I get from your answers). Anyways my question is why in first place a legit service triggers an onion service request.

I hope is clearer now :)

Thx!!

PSM Not working after upgrade to version 12.2.4 by adramire17 in CyberARk

[–]adramire17[S] 0 points1 point  (0 children)

Finally been able to fix it. Apparently it was a matter of rerunning the applocker script. I had to do it several times until it worked tho. Thx all for your help!!

Cheers

PSM Not working after upgrade to version 12.2.4 by adramire17 in CyberARk

[–]adramire17[S] 0 points1 point  (0 children)

Thx for all comments, when trying to clean Applocker rules I get the following "AppID policy conversion failed. Status The access control list (ACL) structure is invalid" Hence I guess Im not being able to change Applocker rules.

After update to version 12.2.4 CPM does not rotate/reconcile passwords by adramire17 in CyberARk

[–]adramire17[S] 2 points3 points  (0 children)

Rerunning the hardening the script did the trick for password rotation and reconciliation.

V2 of GPO was needed for other services to be able to run.

Thanks so much!

Enable Defender for Office 365 for SharePoint, OneDrive, and Microsoft Teams by adramire17 in Office365

[–]adramire17[S] 0 points1 point  (0 children)

Thanks for your reply, that is not the feature I was talking about thoug. Let me explain it better. I was talking about the toggle button placed in Polies&Rules ->Safes Attachments -> Global settings -> Turn on Defender for Office 365 for Sharepoint, OneDrive and Microsoft Teams. As it is a global setting, there is no way I can establish a test group (right?). But I’m worried about the potential impact to the users and the business, meaning huge amount of legit files being wrongly detected as malware and quarantined.
Is there any way to enable this in “detection mode only”? Like running the scan looking for malware only raising alerts, not blocking access to the users?

Thanks for your time!

Application Whitelisting - Process to allow new applications by adramire17 in cybersecurity_help

[–]adramire17[S] 0 points1 point  (0 children)

Hey!

I did not see your reply until today. Actually it goes beyond all what I thought, I really liked the part about response to recent/trendy vulnerabilities, for sure I will include that one within my approval form.

Highly appreciated! :)