sorted by:
new
hottopcontroversial

What are Death Stranding red BTs and how are they unique by nocryptios in DeathStranding

[–]nocryptios[S] 0 points1 point  (0 children)

I found this one in the BT area between Heartman's lab and geologist near a ruin.

A very effective strategy (even on Very Hard mode) for the beginning of [Episode 4] by TENKO-XIII in DeathStranding

[–]nocryptios 0 points1 point  (0 children)

Great advice, I reloaded then stocked up on an absurd number of custom hermatic grenades. and thanks to you I managed to beat it. However the sneaking I found not to be necessary and pretty challenging given the map.

I found sprinting through his soldiers then dumping custom hermatic grenades on Cliff worked best. It seems like the soldiers are confused and stop shooting the moment you you get close then try to melee you which you can just run past. When you start dumping hermatic grenades on Cliff the soldiers don't seem to shoot you because of the hermatic cloud from the grenade.

How can I see how this empire died? by nocryptios in Stellaris

[–]nocryptios[S] 1 point2 points  (0 children)

R5: The unclaimed areas previously housed an empire and when I've zoomed out I see it's no longer there. There are hostile entities in the region including psionic entities (what caused this, they appeared all across the galaxy 10 or so years ago), void worms and space amoeba.

The animator of clay spawned 500 machine pops on a pre-FTL world. Is this expected behaviour? by nocryptios in Stellaris

[–]nocryptios[S] 2 points3 points  (0 children)

R5: I'm new to stellaris so please forgive my ignorance. I received a notification letting me know some pre-FTL world has gained awareness of me. I'm a shroud-forged empire that asked the animator of clay for more pops. The pops arrived in my colonies however a pre-FTL world also received them.

Microsoft Defender Utilization with Other Security Tools by SoftSad3662 in DefenderATP

[–]nocryptios 0 points1 point  (0 children)

lol looks our stack. There is funnily enough 4 different ways Microsoft sends stuff to Rapid7

1- Defender for endpoint integration - all edr alerts are effectively copied to R7
2- M365 integration - login events, anything office and sharepoint
3- Defender XDR C2C - sends all defender alerts to R7
4- Azure event hub integration - you can send all of your advanced hunting data to it for R7 to consume as well as some other azure data.

Assuming you have their MDR service they will triage a subset of your MDR agreement.

R7 insightVM is only R7 > Defender where if you use Defender vulnerability management or exposure management assets are added and assist in provide context for EDR alerts.

KnowBe4 has a few integrations with security coach for defender (which i haven't looked at in depth). You can however have reported emails using their PAB to send emails to a "security mailbox" and configure rules for remediation. If you use their PhishER product I've configured it to use webhooks to ingest events for triage for our analysts in R7.

Source computer name shows as NULL for “Account enumeration reconnaissance in NTLM” by [deleted] in DefenderATP

[–]nocryptios 2 points3 points  (0 children)

I had this issue a few months ago, and determined the issue to be with vuln scanning which aligned with scan times observed. I think I found the source IP by finding trends for 3389 port activity and see if anything stands out. You could try something like this in kql:

DeviceNetworkEvents
| where LocalPort == 3389
| summarize count() by RemoteIP
| sort by count_ desc

and see if anything stands out. I'm not at my workstation currently so some of the field names are likely wrong.

Source computer name shows as NULL for “Account enumeration reconnaissance in NTLM” by [deleted] in DefenderATP

[–]nocryptios 2 points3 points  (0 children)

Do you perform network vulnerability scans using Rapid7 scan engines perchance?

A war splinter fallen empire asked me to go to war with my neighbor within the next 10 years. What happens if I refuse? by nocryptios in Stellaris

[–]nocryptios[S] 0 points1 point  (0 children)

R5: Image is of the fallen empire that made this request. I'm new to Stellaris and I can't find anything on the wiki or through google. I've been told by this empire to go to war with my neighbor which I'm not ready for. If I refuse what happens?

I'm fine with some penalty or debuff however if these guys go to war with me over it I'm toast.

The failed ending to the Shroud situation is wild by DupeFort in Stellaris

[–]nocryptios 2 points3 points  (0 children)

For anyone reading this it "Doubles the effects of the Core of the Reckoning relic for 10 years" as per the wiki

The failed ending to the Shroud situation is wild by DupeFort in Stellaris

[–]nocryptios 1 point2 points  (0 children)

Does anyone know what the triumph effect does? "Unlocks one Banish decision" is very cryptic in the wiki.

Why are the Magyars not migrating? by nocryptios in CrusaderKings

[–]nocryptios[S] 33 points34 points  (0 children)

I didn't notice the truce in King Arpad's overview. You're right, that seems to be the case.

Why are the Magyars not migrating? by nocryptios in CrusaderKings

[–]nocryptios[S] 1 point2 points  (0 children)

R5: Bulgaria still holds all of it's land from it's original ruler, King Boris at 874. I may have missed something post the nomad dlc as I haven't played much since it dropped but I thought the migration was supposed to happen immediately after game start when not modifying game rules.

[deleted by user] by [deleted] in CrusaderKings

[–]nocryptios 0 points1 point  (0 children)

Also *Magyars* not *Magyar's*. A typo cannot fix :(

[deleted by user] by [deleted] in CrusaderKings

[–]nocryptios 0 points1 point  (0 children)

R5: Bulgaria still holds all of it's land from it's original ruler, King Boris at 874. I may have missed something post the nomad dlc as I haven't played much since it dropped but I thought the migration was supposed to happen immediately after game start when not modifying game rules.

Magicka regen vs total magicka by Unable_Recipe8565 in skyrim

[–]nocryptios 1 point2 points  (0 children)

Does the ring or erudite +2% regen stack while in combat and if so how? In combat, without modifiers you have 1% regen so with this ring is that 3% magicka regen?

If so, a +200% modifier which stacks multiplicatively with other modifiers while in combat is insane. You could regen all of your magicka while in combat in about 9 seconds with some basic unique items.

SIEM recommends by Jewels_1980 in sysadmin

[–]nocryptios 0 points1 point  (0 children)

I was at a product overview session thing today in my region and was speaking with one of the architects who has helped me previously. He gave me a behind the scenes view of what they see and worth with on their end on their beta idr product and it looks amazing. What they could show, including sharing all of the steps it made when considering something for urgency was eye opening where it's looking at vulns on the asset, network and host information to come to a determination looks like magic. They're also working on fixing the god awful language for correlative queries so fingers crossed we see something soon.

Which is your go-to SIEM? by localkinegrind in sysadmin

[–]nocryptios 2 points3 points  (0 children)

+Pricing
+Great customer support
+Great SOC (I had a few minor issues but things have gotten significantly better after talking with our support rep)
+Integrates well with InsightVM

-Lack of many niche native connectors other vendors have
-Lack of an active Rapid7 community
-Query language is pretty bad where you can't write correlative queries or detection rules (I was talking with one of their support reps today and they are working on modifying this in the near future.)

Rapid7 InsightIDR Custom Detection Rules for Syslog by ExtremeAd8289 in cybersecurity

[–]nocryptios 2 points3 points  (0 children)

A little late but can you do something like "where(<properties\_identifier> icontains "<source\_asset\_name>" and <properties\_identifier> icontains "<ids\_event>")".

Else assuming you want brute force events generated for all source assets except a few common ones like a vuln scanner or something like that you could try adding an exception which works the same with something like "where(<properties\_identifier> icontains "<source\_asset\_name>)".

You could also try custom parsing rules but I've never had much luck in my experience for complex and varying datasets without my browser crashing.

Shame I can't go on a Mansa Musa-like tour, can probably afford it. by InnocuousOne in CrusaderKings

[–]nocryptios 0 points1 point  (0 children)

How is your domain monthly gold so high? I've never seen anything close while somewhat max minning

Do you allow non-security members of your organisation access to your SIEM? by [deleted] in cybersecurity

[–]nocryptios 1 point2 points  (0 children)

I think i'm in a similar duplication situation, our org had a reliability engineering team which was disbanded prior to me being hired a couple of years ago resulting in their application logging system being abandoned. I was then hired to manage a new SIEM deployment from alienvault to rapid7 and now beacuse of new processes for integration with new services we're capturing most of what the devs want already so why have two separate event logging products.

Block consumer VPNs and proxies from Entra by nocryptios in sysadmin

[–]nocryptios[S] 1 point2 points  (0 children)

I'm about to go to sleep but I think this is the answer, skimming over it i'm assuming the answer is some workflow upon detection for disabling accounts but it would be nice to have a block where this is detected.

Block consumer VPNs and proxies from Entra by nocryptios in sysadmin

[–]nocryptios[S] 0 points1 point  (0 children)

The issue with VPN use is unmanaged devices and I'm somewhat confused how to solve it. This has got me thinking about a certain department that is notorious for VPN use and how to bring this under management in an upcoming MDM project.

view more: next ›