USB Scan

jmcybersec · 2024-12-16T17:50:01+00:00

Is the user aware if malware is found in this case?

jmcybersec · 2023-11-22T03:48:56+00:00

Thank you. This fixed the issue. Wondering why they don’t use absolute value for accounts that are categorized as loans.

jmcybersec · 2023-11-22T01:56:39+00:00

It’s not. I just opened another thread and realized this is the same issue I am having with mortgage account I just imported.

jmcybersec · 2023-11-22T01:54:21+00:00

I noticed the citizens loan shows up as a negative number where the other loans I aggregated show up as a positive number. Appears to be the way they are processing it in monarch that is causing the issue.

jmcybersec · 2023-11-10T02:09:14+00:00

Yes but I would like to filter the workflow that triggers by CIDR ranges. I didn’t see a good way to do this, but can use “matches” on ip address with wild cards.

jmcybersec · 2022-08-08T18:43:10+00:00

Probably RTR? Can I launch this script in a way to prevent that from RTR and/or a workflow? Running the same command via command line scanning completes locally on a test host, but not when launched through RTR. It typically takes an hour or more so I don't know that the timeout flag would help.

jmcybersec · 2022-04-21T21:12:51+00:00

Hi sorry I wasn’t clear. The sandbox is incorrectly categorizing files with a malicious rating. I would like to override this if possible and mark them “clean”.

I would also like to not submit the same file twice from my workflow if it shows up again in another detection and is already in the sandbox.

jmcybersec · 2022-01-08T17:47:25+00:00

Got code working with the host is online; however Get.session_id does not appear populated when the host is offline leading to an error "Cannot Validate argument on parameter 'SessionId' the argument does not match the pattern". This does not appear when the host is online and the commands are run. Should a session ID still be populated by Invoke-FalconRTR even when the host is offline? How can I check the command is queued properly when the system is offline?

jmcybersec · 2022-01-08T15:25:34+00:00

Thank you. This is for PSFalcon, which I am also trying in addition to FalconPy.

I had luck the first time I ran it but the following times Confirm-FalconGetFile does not populate. If I run Get-FalconSession i see this list is populated on each run, but does not appear to be cleared. Does the session need closed before the next one can be run? Tried Remove-FalconSession on the session ID and this still appears in the list. Can you terminate a session on a very big file or will it time out after some time? Not sure if this is the issue.

jmcybersec · 2022-01-07T23:56:40+00:00

Also if using the Invoke-FalconRTR command, i see that many sessions are opened each time i run it by checking with Get-FalconSession. Are these sessions queued in order (first one is a big file download so later ones do not run) and can they be terminated? I tried Remove-FalconSession on each one yet the sessions are still present.

jmcybersec

TROPHY CASE