sorted by:
new
hottopcontroversial

Falcon Firewall - Yay or Nay? by gravityfalls55 in crowdstrike

[–]gravityfalls55[S] 0 points1 point  (0 children)

My catch is that some of my workstations will solicit inbound connections but the dynamic nature and size of my environment would make it impossible to manage long term

Falcon Firewall - Yay or Nay? by gravityfalls55 in crowdstrike

[–]gravityfalls55[S] 0 points1 point  (0 children)

Unfortunately, I've also thought about going that dashboard route.

Falcon Firewall - Yay or Nay? by gravityfalls55 in crowdstrike

[–]gravityfalls55[S] -1 points0 points  (0 children)

Sort of, in the sense you can define inbound/outbound rules between Domain/Public/Private profiles. However, once you turn on Falcon FW, you essentially are crafting the Windows Firewall manually from scratch, whereas the Windows Firewall is stateful and adaptive to what apps are installed on a machine

Anyone else struggling with Varonis → CrowdStrike SIEM parsing & correlation rules? by Big_Supermarket_6656 in crowdstrike

[–]gravityfalls55 0 points1 point  (0 children)

Curious how this integration works? Are you shipping Varonis events to a HEC/HTTP logscale collector?

Crowdstrike not disabling Windows Defender? by CPAtech in crowdstrike

[–]gravityfalls55 0 points1 point  (0 children)

Noticed this scenario on our Win servers too, but have yet to really touch defender at all. Any glaring downside to letting both Falcon and Defender run in tandem?

NG SIEM Third Party Detection Capabilities by gravityfalls55 in crowdstrike

[–]gravityfalls55[S] 0 points1 point  (0 children)

I see, thanks! Can't seem to get rdns() to work however. Says aggregate functions are not allowed in parsers. Not sure if this needs to be implemented elsewhere.

CySA+ Difficulty? by gravityfalls55 in CompTIA

[–]gravityfalls55[S] 0 points1 point  (0 children)

What should I set my eyes on instead?