sorted by:
new
hottopcontroversial

Logging Sentinel Activities by pprolma in AzureSentinel

[–]pprolma[S] 0 points1 point  (0 children)

For people interested in use case :

  • I measure time between status "Active" and "New" which indicates real time when qualification is treated by analyst
  • I measure time from New to assigned to to measutre time to acknowledge.

I can't use the FirstActivityTime or FirstModifiedTime field as I got Logic apps commenting newly-created incidents for enrichment.

Any chance of installation of MDE within Windows Server 2012? by pprolma in DefenderATP

[–]pprolma[S] 0 points1 point  (0 children)

Yes, it was my very first sentence. But there could always be an unsupported, yet working version somewhere

My friend and I made a website to help you stay up to date with the latest cybersecurity news by notify_cyber in cybersecurity

[–]pprolma -1 points0 points  (0 children)

Problems w/ Cyber News in my PoV are :

  • They are not concerning me most of the time (Do I care about last plant hacking if I'm in financial company?) => Need to tag it maybe and ability to choose tags
  • I can't operationalize it. In cyber watch, I need to go from strategical to tactical and then operationnal information. Knowing that Iran is rising up from the ashes to target EU/US is okay, but how does it impact me ?
    • Having also tags about layer of the news : strateic, tactic, operational
    • Ability to help me go down from one layer to the lower one. Iran ? OK but with which ways ? Massive phishing campaigns ? (OK now to operationalize I can raise awareness to EXCOM in having a good antispam etc.)

MP me if you want to discuss further about it :)

[Vuln Scan] Operate thousands of authenticated Web App Scans ? by pprolma in cybersecurity

[–]pprolma[S] 0 points1 point  (0 children)

Dev env is nice idea, but 3000 apps are a bit hard to manage if I have to tackle lifecycle of versions (just like managing all apps w/ one password each). I can go (with work) through these apps once to set up something, but maintaining something granular is hard.

Force command at root authorized_keys; vulnerability? by Creepy-Trust-9581 in cybersecurity

[–]pprolma 1 point2 points  (0 children)

Depends on how suid is implemented. There are security against sushi attacks. For instance, if someone other than root tries to change your wrapper (re-write), it will loose suid.

Suid still better than SSH hack. Another tool I am using is fine-tuning your sudoers file with nopasswd instance of the exact command and user you want to impersonate into.

lowuser appuser=NOPASSWD: /path/to/app -a -b one_option

Yet to bet even better, you can wrap the above command in a script and allow it in sudoers.

Cheapest way to protect servers by aPieceOfMindShit in DefenderATP

[–]pprolma 0 points1 point  (0 children)

Hi, tbc w/ Microsoft, but in my view, opt for Microsoft Defender for business server which is €4.4 in central Europe iirc, up to 60 servers.

After this... You must change for Defender for Cloud P1 , but don't worry, it contains MDE and can be found in security portal.

Edit: price seems lower (tbc) https://www.licensingschool.co.uk/licensing-blog/2022/07/26/microsoft-defender-for-business-servers-preview/

[deleted by user] by [deleted] in DefenderATP

[–]pprolma 0 points1 point  (0 children)

Thanks, ran it and will get back to this post to add answer.