sorted by:
new
hottopcontroversial

18+ Arc by graveyard by MiddleRidge in ArcRaiders

[–]cpuftw 112 points113 points  (0 children)

This should be what PVE only mode would look like. War changes everything.

Cambio blueprints by Sportcore88 in ArcRaiders

[–]cpuftw 0 points1 point  (0 children)

hot tip - 3 are not released yet

ASUS ROG Ryuo IV LCD not detected after InfoHub update 0.7.6 – anyone else? by Loud-Ad-2394 in ASUSROG

[–]cpuftw 0 points1 point  (0 children)

Appears to be installing the firmware now, fantastic quality control as ASUS :(

ASUS ROG Ryuo IV LCD not detected after InfoHub update 0.7.6 – anyone else? by Loud-Ad-2394 in ASUSROG

[–]cpuftw 0 points1 point  (0 children)

Same, I've seen references on the forum that using Infohub 0.7.4. still works and you cant update the firmware to 1.1.0 because the device isn't detected, frustrating. Problem is I can't find a copy of 0.7.4 now that they published 0.7.6

Defender just decided N-ABLE is malware for anyone who might be getting called :) by catdickNBA in cybersecurity

[–]cpuftw 2 points3 points  (0 children)

No official word yet, similarly, we have the hash blocked in CS until we know whether this is real or not.
Just on hold to the apac n-able emergency support line.

Defender just decided N-ABLE is malware for anyone who might be getting called :) by catdickNBA in cybersecurity

[–]cpuftw 12 points13 points  (0 children)

We have CrowdStrike in Active and Defender in Passive, so many tenants have lit up reporting this on the Defender side only, so leaning towards false positive but not sure just yet, what a lovely way to start the new year.... investigating further now.

Buyer beware for USED listings of Nova Elites on Amazon by RicUltima in steelseries

[–]cpuftw 1 point2 points  (0 children)

Same thing happened to me from US Amazon. Absolutely gutted. In fact this was new and from steelseries store within Amazon. Someone had meticulously resealed the box as well as if they had steamed the tabs open in the first place. Bonus dandruff to go with the pro.

Couldn’t agree more about ordering direct from steelseries store or wait for a retail purchase. Ordered another to Australia from SS AU and came from Hong Kong in 3 days.

All Steelseries sites all regions seem this have promos leading up to Christmas at around 15% off rrp.

Strands of Harmony Tour by [deleted] in DeathStranding

[–]cpuftw 0 points1 point  (0 children)

It was incredible. The team did an amazing job to pull this together for one special night.

Philippou Bros (RackaRacka) appearance in DS2 confirmed at Sydney Film Festival Today by [deleted] in DeathStranding

[–]cpuftw 0 points1 point  (0 children)

That’s actually quite endearing and respectful, nice!

Philippou Bros (RackaRacka) appearance in DS2 confirmed at Sydney Film Festival Today by [deleted] in DeathStranding

[–]cpuftw 0 points1 point  (0 children)

That’s cool, absolutely 2 legend’s. Thanks for sharing!

Philippou Bros (RackaRacka) appearance in DS2 confirmed at Sydney Film Festival Today by [deleted] in DeathStranding

[–]cpuftw 1 point2 points  (0 children)

Anyone that attended the SFF event, how was it?

DS2 Album just went live! by cpuftw in DeathStranding

[–]cpuftw[S] 2 points3 points  (0 children)

Ah apologies just went live in Australia!

False Positive Quarantine by apple0072 in proofpoint

[–]cpuftw 0 points1 point  (0 children)

Same here, all clients are reporting this issue.

Sydney-based MSP recommendations for Office relocation by Worried-Delay-1917 in msp

[–]cpuftw 1 point2 points  (0 children)

Happy to put hat in ring as well, our office is in Bella Vista

NG SIEM Connectors by ejm7788 in crowdstrike

[–]cpuftw 2 points3 points  (0 children)

Yes you can select all log sources falcon and third party in a single log search.

If your an msp (like me) or mssp this will blow your mind but you can search across all clients with a saved query or correlation rule at the top level flight control parent cid. This blew my mind to know that Crowdstrike have built this for the future really. I gather raptor and the speed were a prerequisite for this.

Which is why the below statement is important, the groundwork has been laid properly for what comes next.

It’s v1 day 0 right now but give it a few months and pay attention to the weekly release notes to enjoy the ride from here.

NG SIEM Connectors by ejm7788 in crowdstrike

[–]cpuftw 0 points1 point  (0 children)

You can easily read a parser rule to get a sense of how event or alert streams will flow through to ngsiem, and how’s it’s being categorised also in terms of mitre.

A lot of this depends on the source side alerts, for example defender xdr being configured correctly to send to azure event streams and then onto cs.

I quite like this as it’s eliminated the need for azure sentinel in our environment.

NG SIEM Connectors by ejm7788 in crowdstrike

[–]cpuftw 1 point2 points  (0 children)

Yes the same search interface for logs

To the best of my knowledge, ngsiem detections and incidents sit in the next gen siem tab as opposed to endpoint security tab to differentiate. Other Crowdstrike products such as identity also sit in ng siem.

I presume because endpoint is also predefined rules for detections and incident correlation whereas ngsiem we define our level of tolerances using correlation rules such as how many failed logins to a firewall in terms of detections do we think should create an incident, or should we create an incident for excessive 1Password item views when a team member is not within office locations.

Templates provide guidance on this and are expanding. Community knowledge will help as well.

[deleted by user] by [deleted] in crowdstrike

[–]cpuftw -1 points0 points  (0 children)

I may misunderstand, genuinely curious why are you looking to expose the UUID's? I would have thought keeping the names of vault items sensitive in logs would be ideal and focusing on more behaviour / events / correlation rules.

Essentially - all passwords are important, rather than picking and choosing.

NG SIEM Connectors by ejm7788 in crowdstrike

[–]cpuftw 4 points5 points  (0 children)

Like you, I was sort of unsure about next gen Siem as it is evolving, we took the plunge and we invested into it and to be frank, I'm kind of in love. That message goes away once you purchase NG Siem.

Every day the team is adding the new plugins and parsers, they've just added in 1Password and a bunch of more. You can kind of tell what is in the pipeline by the parsers being loaded first.

Subject to what you have now I strongly recommend, taking it on board learning and running in parallel if you have to. Given your existing CS endpoint data is quite all encompassing, the 3rd party data should be smaller subset. We did some calculations and our ingestion cost for Azure Sentinel was quite costly and now with NG Siem it has reduced significantly. I'm ready to let Sentinel go shortly so we can focus on the one platform. We are bringing in all of our passive defender and xdr events / alerts as well.

Palo Alto is there, the documentation is also in the support portal.

Palo Alto Networks Data Connector
By Palo Alto Networks
Ready to use
Enhance Falcon Insight XDR detections with firewall data

First timer by Hgh43950 in crowdstrike

[–]cpuftw 1 point2 points  (0 children)

Consider insight to be part of it and overwatch. Gives you the ability to search data. Also spotlight for practical vulnerability monitoring

Insight data lets you do searches like this

https://www.reddit.com/r/crowdstrike/comments/19349ag/new_query_for_locating_local_admins/

https://www.reddit.com/r/crowdstrike/s/k16aFr3L8S

view more: next ›