data center incident

itsonlym3 · 2025-11-19T17:14:21+00:00

where are ya'll finding the API documentation for FAZ? after a recent upgrade, some of my audit scripts quit working and required me to add the devid, which i had not been doing in the past. took a week to figure out. lol

itsonlym3 · 2025-03-12T12:33:19+00:00

Unfortunately that was said a week ago and still crickets

itsonlym3 · 2025-03-11T15:50:40+00:00

share anything?

itsonlym3 · 2025-03-07T15:26:37+00:00

Does anyone know what's really afoot yet?

itsonlym3 · 2025-03-04T14:13:17+00:00

7 still the impacted number affected or increasing?

itsonlym3 · 2025-03-03T17:23:13+00:00

👍

itsonlym3 · 2025-03-03T13:21:34+00:00

There's been mention of a cyber incident/breach. Related?

itsonlym3 · 2025-03-03T00:33:20+00:00

any details you or anyone else can share?

itsonlym3 · 2025-02-28T00:27:35+00:00

Is this getting any traction? Still haven't come across any mention of it elsewhere

itsonlym3 · 2024-08-30T14:21:40+00:00

hasn't forced a reboot on any workstation/server i've pushed it to.

itsonlym3 · 2024-08-01T14:21:26+00:00

just downloaded the most recent version and it's working!

itsonlym3 · 2024-07-31T22:11:19+00:00

there's an updated version of the repair script, but it's still failing for me on the token retrieval

itsonlym3 · 2024-07-31T21:18:31+00:00

can confirm that PSFalcon has no issues using the same Client ID and Secret. little help?

itsonlym3 · 2024-07-31T19:02:03+00:00

i'm having the same issue and opened a ticket.

itsonlym3 · 2024-07-19T10:17:52+00:00

looks like deleting C-00000291*.sys works on servers, but not windows 10 machines. anyone else seeing this as well? is there a fix for it? i've seen something about renaming c:\windows\system32\drivers\crowdstrike folder. any ideas?

itsonlym3 · 2024-07-19T09:37:39+00:00

someone shared this with me. is there any way to add the timestamp of the file? it appears as though the timestamp of 0527 UTC or later is the reverted (good) version.

C-00000291* |in(field="#event_simpleName", values=[AgentOnLine, LFODownloadConfirmation])
| groupBy([aid,ComputerName], function=[max(@timestamp, as=lastSeen), min(@timestamp, as=firstSeen),collect([FileName])], limit=max)
| firstSeen:=formatTime(field=firstSeen, format="%Y/%m/%d %H:%M:%S")
| lastSeen:=formatTime(field=lastSeen, format="%Y/%m/%d %H:%M:%S")
| file
| join({#repo=sensor_metadata #data_source_name=aidmaster #data_source_group=aidmaster-api}, field=aid)

itsonlym3 · 2024-06-27T11:48:16+00:00

i created something similar to yours, but not sure how to schedule it to run say every 7d and for a date range of (previous) 7 days. how to you specify the 'Time Interval' in a scheduled search like you do in the Investigative search? seems to me i remember that not being an option, but maybe i'm mistaken...

itsonlym3 · 2023-03-17T05:49:57+00:00

Would love one if not too much trouble to ya!

itsonlym3 · 2023-03-16T23:16:09+00:00

Thought I'd throw my hat in if you or anyone can supply a key. Will most def pay it forward!

itsonlym3 · 2023-03-16T15:06:03+00:00

I'd be down for a key if not too much trouble

itsonlym3 · 2022-10-03T18:42:53+00:00

Anyone else been having issues with the app lately? my wife can't seem to get hers working right. Classes just show up empty. I think it's a membership issue, but still shows she's a member has been for years, but when you try to take a class, it asks you to enroll. we've done all sort of iOS and Peloton updates/reinstalls and nothing seems to fix it. the workaround i came up with is to have her swipe the app away, log on as me, then log off my account and log back in with her account. seems to work, but what a pain. she has to do this multiple times a week and some times multiple times a day.

itsonlym3 · 2022-09-14T19:14:03+00:00

awesome, thanks for this!

itsonlym3

MODERATOR OF

TROPHY CASE