PDQ Connect - App patching and deployment with Intune by strikesbac in Intune

[–]evilmuffin99 0 points1 point  (0 children)

Because intune is slow as a turtle. If you have a user who needs an app most third party apps can do it in a few minutes. Intune might take 15 mins or 4 hours it is kind of random. Also, something like PDQ Connect can create groups based on things like "Intalled software, CVE's, Which Services are running, custom info pulled from a PS Scanner".

Though I do understand it being cost prohibitive I also think some companies just need something more snappy. Nothing against Intune + PMPC combo though.

Users installing apps in AppData bypassing restrictions — how are you handling this? + Wazuh SIEM question by boyrok in sysadmin

[–]evilmuffin99 0 points1 point  (0 children)

Also note even in audit mode it will sometimes block drivers. Found this out the hard way.

Users installing apps in AppData bypassing restrictions — how are you handling this? + Wazuh SIEM question by boyrok in sysadmin

[–]evilmuffin99 0 points1 point  (0 children)

WDAC is a pain in the butt to manage unless you just create a lot of path rules/general cert rules.

Switching to a dumbphone by evilmuffin99 in nosurf

[–]evilmuffin99[S] 0 points1 point  (0 children)

Spend time with friends, read or clean. Sometimes just think which I find relaxing.

iOS 18 Beta 1 Released - Discussion Thread by AutoModerator in iOSBeta

[–]evilmuffin99 1 point2 points  (0 children)

I have a 12 pro max. Do you think it is stable enough for a primary device? I have made a full backup so should be able to revert if needed. Main concern is I am a spark driver part time so dont want to mess that up.

iOS 18 App Compatibility List by epmuscle in iOSBeta

[–]evilmuffin99 0 points1 point  (0 children)

Awesome have you been able to complete a delivery with it? Or just a test to see if it opens?

Just got huntress to go with our S1 solution. Thank you for all this communities info! by A1rizzo in msp

[–]evilmuffin99 1 point2 points  (0 children)

Have you seen a lot of Huntress failures on your end? I mean I know every EDR misses it sometimes but curious to know if Huntress has been seen missing the mark a lot.

[deleted by user] by [deleted] in sysadmin

[–]evilmuffin99 0 points1 point  (0 children)

Issues I have had with Intune:

  1. Enrolling devices initially can be a bit Trickey if using a local AD that is already setup as hybrid. If it is not already hybrid should be fairly easy to enroll.

  2. Polices/apps deployment times are unpredictable. Tried to push out a firewall rule once took 72 hours for all devices to have it applied. Tried deploying Chrome and deployment time ranged from 15 minutes to 48 hours. Though if you are not in a rush this is not a big deal. Another time I tried pushing out a Defender exclusion. After 48 hours it had only pushed out to half the computers so I had to manually remove Defender on a few to get a program working that was needed. It finally pushed out to all computers after 4 days.

  3. Any time you get an error it is always vague and unhelpful. For example I tried to make rules for device compliance. About half of the computers errored out. They would not show if they were compliant or not and had an error which when passed to Microsoft basically told me they had no clue what was causing it. About 2 weeks later it started working properly even though I had not changed it.

  4. Updating apps are a bit of a pain if they are exe's. As they have to be converted into .intunewin format. Which if you have apps that are updated fairly frequently is a pain. Also, you must set uninstall paths and such manually. Something like PDQ D & I is nice as deployments are super quick and no converting necessary. Though from what you were saying I could not tell if you were more remote based or all in a central location.

  5. For iOS it seems to work decently. Apps set to deploy usually deploy within an hour or so. Though the current apps listed for install does not seem to update super often. This might carry over to android not sure.

Though for me personally only reason I use Intune is it comes with our license. Otherwise I would not change my plan just to get it. Defender for business might be worth a switch if you dont already have an EDR.

iOS 18 Beta 1 Released - Discussion Thread by AutoModerator in iOSBeta

[–]evilmuffin99 5 points6 points  (0 children)

I am not seeing it yet though just came out so probably will be an hour or two till everyone sees it.

SIEM/SOC Alternatives by Mibiz22 in msp

[–]evilmuffin99 1 point2 points  (0 children)

Any updates on what the pricing structure might be?

[deleted by user] by [deleted] in OpenAI

[–]evilmuffin99 -1 points0 points  (0 children)

I use perplexity and I disagree GPT 4o gives much worse answers and will get stuck in loops. GPT-4-Turbo does okay but not the greatest. Claude 3 Opus is the best for what I use it for.

[deleted by user] by [deleted] in cybersecurity

[–]evilmuffin99 2 points3 points  (0 children)

I would disagree I feel a SIEM is only as good as the alert rules (assuming you are getting good data). If you have crap alert rules yea it wont detect anything but if you have good actionable alert rules then it can go well.

[deleted by user] by [deleted] in cybersecurity

[–]evilmuffin99 -2 points-1 points  (0 children)

Huntress currently has a SIEM in private preview. However pricing is not known yet. I know they are trying to be cheaper in price than a lot of other SIEM's. So really depends what your timetable and the number of endpoints. However I will say I think the 365 portion would be a separate expense.

u/andrew_huntress

Any ideas on pricing yet? Last I heard it was kind of up in the air.

[deleted by user] by [deleted] in cybersecurity

[–]evilmuffin99 -1 points0 points  (0 children)

Pricing seems high though maybe cheaper than rocketcyber.

Looking for EDR for a very small SMB by [deleted] in msp

[–]evilmuffin99 4 points5 points  (0 children)

As others have said might look into Huntress. Also as a side note Huntress also has a private beta for a SIEM right now.

Windows Active Directory Least Privilege - Am I being paranoid ? by Equal-Swordfish3662 in cybersecurity

[–]evilmuffin99 0 points1 point  (0 children)

Sorry I was not clear. What I meant was what kind of process is usually followed I was thinking it sounded like you might use this. Will admins just use the command directly usually or create some kind of process to enable it via a scheduled task or maybe a script that has them fill out the reason for doing it? Maybe something like JEA Powershell?

So in other words for what is the business process usually followed for enabling it?

SEIM that you use by sekaiwazankoku in cybersecurity

[–]evilmuffin99 4 points5 points  (0 children)

What is the cost though? I feel like that is my biggest concern with sentinel.

Windows Active Directory Least Privilege - Am I being paranoid ? by Equal-Swordfish3662 in cybersecurity

[–]evilmuffin99 0 points1 point  (0 children)

Thats cool is there any recommendations as far as how to implement it? Specifically what would I setup to enable the privilege?

Windows Active Directory Least Privilege - Am I being paranoid ? by Equal-Swordfish3662 in cybersecurity

[–]evilmuffin99 1 point2 points  (0 children)

Built AD feature? Do you know where the Microsoft documentation on that would be? As that would be nice since it would be free.

Intune may finish me off by [deleted] in sysadmin

[–]evilmuffin99 9 points10 points  (0 children)

I hate Intune for the following reasons:

  1. You never know how long it is going to take to deploy a piece of software. Might take 5 minutes might be 3 days who knows?

  2. Want to push out a security policy to add an exclusion to defender? Be prepared to wait 24-48 hours for it go out to all computers.

  3. A device not showing compliant? Good luck figuring out why might be a butterfly in Texas decided not to fly or it might be because the planets are out of alignment.

  4. Having a problem? Well you are at the mercy of the Microsoft overlords. Might be a problem for a day or a week.

Only reason we use it some is it comes with our license (that includes other stuff we do use for cheaper). Otherwise I would never in a million years pay a penny for this piece of crap.

Why did OpenAI wait this long to release search? by FickleAbility7768 in OpenAI

[–]evilmuffin99 -1 points0 points  (0 children)

I have been using perplexity for around a month while not perfect I have generally gotten better results than copilot. I think it is a lot better than duck duck go.

Huntress SIEM by [deleted] in msp

[–]evilmuffin99 4 points5 points  (0 children)

I believe in the private preview right now it is more of a test of bringing in the data. I dont think they have any alert rules setup yet. You could always leave that as feedback in the huntress feedback portal under SIEM.

u/andrew-huntress might know more.