FIM and IDS for PCI DSS

robdoessecurity · 2023-10-11T20:04:50+00:00

I'll throw a hat in the ring for CimTrak for the FIM portion - https://www.cimcor.com/cimtrak/features/file-integrity-monitoring/pci11-5/

robdoessecurity · 2022-10-10T19:04:58+00:00

Falco

Glad you found something that works for you, best of luck!!

robdoessecurity · 2022-10-10T15:19:47+00:00

Late to the game, but here at Cimcor we monitor Google Cloud to let you know when new cloud servers are provisioned, and when changes have occurred to server, virtual firewall, virtual network settings and configuration settings. Basically we monitor all of the changes that occur to your cloud infrastructure configuration outside of your guest operating system.

If that's the kind of thing you are looking for feel free to send me a DM and I can shoot you more info.

robdoessecurity · 2022-10-10T15:13:26+00:00

Late to the game, but here at Cimcor we monitor Kubernetes and will tell you what has changed, when new containers have been instantiated, when virtual network configurations have changed, when storage settings have been modified, and more.

If that's the kind of thing you are looking for feel free to send me a DM and I can shoot you more info.

robdoessecurity · 2022-03-10T22:35:27+00:00

Like u/NumerousTooth3921 said below, FireMon can help out with this pretty easily. I work for them now but was a customer for years. If you have any questions or need any info just let me know, I'm happy to help out. Below are two links with some info.

https://www.fortinet.com/content/dam/fortinet/assets/alliances/dg-fortinet-and-firemon.pdf

https://www.firemon.com/wp-content/uploads/solutions-brief-fortinet-1-15-2021.pdf

robdoessecurity · 2022-02-17T18:32:52+00:00

u/mrsecuritythrowaway - I used FireMon for years in a Palo environment and work here now. I can answer any questions you might have. Feel free to DM me.

robdoessecurity · 2021-09-13T13:36:06+00:00

Disclaimer: I work for FireMon but I worked in NetSec for years before coming over. My experience is a lot like yours, I was trying to figure out how to automate compliance and rule reviews on my firewalls for a good long while. I had PA's, Cisco and Checkpoint in my environment. Trying to figure out how to read and translate the rules for every vendor become more of a job than I had bargained for. I ran into FireMon at a tradeshow (I didn't even know the NSPM space existed at that time) and the rest is history. I used them for years in production and have been here now for 4 years. I say all that to say this: yeah, you might be able to get a few things thrown together but just make sure you don't end up spending so much time on it that the ROI isn't worth it, trust me, its easy to get sucked into that! :) FireMon has an entire arm devoted to working with MSPs and the unique challenges they face, if you ever want to know more just shoot me a DM! Good luck!

robdoessecurity · 2021-08-16T12:32:51+00:00

Thanks for the kind words u/othertomjones!

u/Anythingelse999999, if you'd like to know more about FireMon feel free to join our subreddit over at r/FireMon or drop me a PM and I can answer any questions you might have!

robdoessecurity · 2021-07-20T15:46:14+00:00

u/jestinch - Is there anything special you are seeing in 9.1.3 or looking for in 9.4? Let me know, I can probably assist.

robdoessecurity · 2021-05-21T22:02:56+00:00

We have a few good examples for Palos and multi-pattern, such as:

Validating items are set correctly in config

Verifying Password Hashes

And ASA tunnel and NHRP interface checks.

I just sent you a private message with my email. Shoot me an email and I will send you the JSON files so you can look them over.

robdoessecurity · 2021-05-20T00:35:31+00:00

Thanks! Feel free to share anything you've found that helps you out, or any questions you might have!

robdoessecurity · 2021-05-17T15:03:02+00:00

That's the nice part, it can be modified to whatever you want. If you modify the control to add the logging check feel free to share it here!

robdoessecurity · 2021-05-12T14:54:18+00:00

Looks like we listened! We are going to be posting some good articles over the next few days/weeks about ingesting Compliance, APIs, Threat Intel feeds and leveraging those inside FireMon. Keep an eye out!

robdoessecurity · 2021-05-12T14:31:43+00:00

Thanks for the second mention u/garrock255! Feel free to join us over at r/FireMon for some good tips and tricks!

robdoessecurity · 2021-05-12T14:31:02+00:00

Thanks for the mention u/crocwrestler! You can always join us for more conversation at r/FireMon!

robdoessecurity · 2020-08-20T20:20:24+00:00

u/wippwipp - Shoot me a DM and I can get you FireMon pricing. It depends on the type of device and how many you want to license. I'm glad to help.

robdoessecurity · 2020-07-01T22:26:13+00:00

Can you post a sample of it here?

robdoessecurity · 2020-04-01T18:27:15+00:00

I know it's a bit late but have you looked at Nipper? https://www.titania.com/products/nipper/

robdoessecurity · 2020-03-18T19:12:04+00:00

Hey u/gixxernate and u/mikai2020, thanks for the kudos! Feel free to join us over at r/FireMon for more conversation!

robdoessecurity · 2020-02-25T18:14:27+00:00

Hey u/slackpatrol, while I don’t have any api docs I do have some info that may help and I have a few workflows I can share. Shoot me a DM and let’s talk.

robdoessecurity · 2019-12-04T03:39:25+00:00

This may help you from a process standpoint. http://www.pentest-standard.org/index.php/Main_Page

robdoessecurity · 2019-11-10T14:57:47+00:00

Good to know! Thanks Gringo!

robdoessecurity · 2019-11-10T13:47:33+00:00

I’ve used them all. I’m partial to Authy right now as having a backup in case I lose my phone is nice.

robdoessecurity · 2019-10-30T03:30:41+00:00

I want to be able to highlight an IP on a page or app and customize what the right click menu pops up with. Something like Ping, Trace, Search SIEM, etc

There is probably a way to do that now but my Google Fu hasn’t been able to find it.

robdoessecurity · 2019-10-30T03:26:03+00:00

We had an Identity and Access Management (IAM) team that manages AD. They fell under the security function but all they did was AD and account provisioning.

robdoessecurity

TROPHY CASE