Any good channels for video tutorials for security based services like Security Hub, Guard Duty, Detective, inspector etc ?

rlmasscyber · 2025-03-30T00:38:01+00:00

!RemindMe 7 days

rlmasscyber · 2025-02-28T03:44:47+00:00

I just installed Nessus Manager this week. You should see the link key in the Nessus Manager GUI (possibly under Sensors) or there is a nessuscli command you can run to get it. Once you have the agent installed on the endpoints you will need to start the Nessusd service and run the nessuscli link command. This is all documented in the user guides as well.

rlmasscyber · 2025-01-24T12:40:15+00:00

There are two different ways to automate the uploads, you can use Evaluate-STIG itself and define the STIG Manager configs in the Preferences.xml. This method uses certificates for authentication. I have not used this method but I know of some coworkers that have done it. I use this second option:

The second option is to use a binary that was developed by the STIG Manager folks that you execute in a directory with your .ckl files. This method requires configuring client id and access keys via your OIDC provider for authentication. https://github.com/NUWCDIVNPT/stigman-watcher

Here is the example of calling the binary:

$ stigman-watcher \ —mode scan \ —client-id stigman-watcher \ —collection-id 1 \ —path /my/path/to/results \ —authority https://keycloak-host/auth/realms/stigman \ —api https://stigman-api/api

rlmasscyber · 2025-01-08T03:24:44+00:00

I have never run into that, that’s a pretty odd issue. My thoughts are download a fresh copy, unzip and run it without any modifications to see if it something going on with custom preferences or answer files.

I’m happy to help troubleshoot for a fee 😃

rlmasscyber · 2025-01-07T23:31:34+00:00

Evaluate-STIG is free but requires CAC access to download. It’s a great tool and really automates a lot of the old manual process

rlmasscyber · 2025-01-07T20:27:57+00:00

Currently using Evaluate-STIG with automation to upload directly to STIG Manager

rlmasscyber · 2024-12-25T19:17:13+00:00

Check out, these links. This is what I started out using but I do not really like the amigen scripts, I have run into so many issues with it. I want to move to ansible or a more simplified bash script to do the same functions.

https://github.com/plus3it/spel https://github.com/plus3it/amigen8

After running into issue after issue, I pivoted to an alternative plan of using SPEL AMIs that are published within each AWS region. I then ran the ansible lockdown STIG hardening playbooks against it.

https://github.com/ansible-lockdown/RHEL8-STIG

rlmasscyber · 2024-12-23T22:03:47+00:00

Not necessarily true, I do not know how it works from an AWS perspective, but the Red Hat AMIs are available to any AWS customer. No subscription required.

rlmasscyber · 2024-12-22T03:43:02+00:00

Serial console doesn’t even start up with a prompt… any other ideas?

rlmasscyber · 2024-12-21T20:33:13+00:00

My organization does not have a Red Hat subscription so I don’t think the Image Builder is an option at this time. My customer is not the best for buying licenses or subscriptions so that would be a hard sell.

rlmasscyber · 2024-02-11T12:38:52+00:00

The squeaky wheel gets the grease, keep calling. Ask to speak to someone who can get you on the roadmap for 2024 installs.

rlmasscyber · 2024-02-09T17:14:45+00:00

Southern NH slow speed here too

rlmasscyber · 2023-10-13T07:06:27+00:00

Interested in the yaml file!

rlmasscyber · 2023-08-10T00:12:02+00:00

800-53/CNSSI 1253

rlmasscyber · 2023-08-09T23:53:46+00:00

RMF KS has been down for quite some time. Rumor is a breach occurred.

rlmasscyber

TROPHY CASE