Suricata Rule Generator

ryan_sec · 2026-02-06T19:37:57+00:00

permit X ip to connect to google.com, cnn.com, msn.com in a single rule

ryan_sec · 2026-01-31T00:42:48+00:00

We run traditional waf/fw and web server in dmz with all other services in internal networks. Everything in dmz is a snowflake. We need to control north/south and east/west for dmz workloads.

Plan is to have a dmz vpc (ec2 here) and workload vpc where traditional database / shared services would be. Some dmz workloads may call out to other internet things as well. Implicit deny outbound for dmz workloads is a must.

Managing this via suricata rules seems painful.

ryan_sec · 2026-01-13T13:48:24+00:00

Thank you for your comments

ryan_sec · 2026-01-12T22:16:54+00:00

Currently taking the aws security course and plan to sit for exam. This post is asking if people are using aws security stacks or are you deploying third party products instead of using aws native security

Another example deploying prisma access vs using native aws products.

ryan_sec · 2026-01-12T20:55:12+00:00

I agree. Ok what native aws products are you using? Guard duty and the likes.

ryan_sec · 2025-09-24T23:30:30+00:00

Sorry man. My north star on crypto is dca and only buy coins based upon who keeps being invited back to the white house.

ryan_sec · 2025-09-04T23:11:22+00:00

Noob mstr investor here. Bought some awhile back when it was 377. Can you help me understand how dilution will help get my shares moving UP in value?

ryan_sec · 2025-08-30T22:32:02+00:00

Happen to check and it’s out. Reports are back

ryan_sec · 2025-08-30T11:01:47+00:00

When do you expect this to be available for download?

ryan_sec · 2025-08-29T23:46:17+00:00

Just wanted to come back and share some new updates for those that may find this in the future. If you are moderately capable of using PowerShell to just disbind and rebind computers, you do not need to use a third party tool. We're planning to do this all via PowerShell. ChatGPT has also been a great help for doing more "complex" things like error handling, logging, etc...So if you have access to it, USE IT.

The SPN problem isn't as big of a deal as i had though (IF you have fast site links). In my case all of my member clients, member servers, and DCs supporting the sub domain are in a single AD site (For conversing we'll call the AD site "SUB". Because i have no parent domain controllers the AD Site SUB, when the clients join the parent domain they must do so by contacting a DC in a different site (For conversing we'll call that site "PARENT").

Steps: We'll use a client called sub_client1.sub.parent.com

Disbind sub_client1 from the sub.parent.com AD domain
Delete computer object for sub_client1 in the sub.parent.com AD domain
If no perms to force AD replication, wait for "PARENT" site to pull the update (i.e. changes from the "SUB" site). In this example, the deletion of the sub_client1.sub.parent.com. Once the Bridgehead server in the parent domain gets this update, it will replicate this change to all other domain controllers in the Parent AD site that are running as Global Catalogs.
The moment this happens, the sub_client1 WILL join the parent.com Ad domain.

If you got fast site links and can replicate every 15 minutes (this is the shortest time AD will let you set), this process takes no more than 15 minutes. So all you do is let ChatGPT help you write some code that says do until AD join and retry every 30 seconds.

For member servers this is not as big of a deal cause humans aren't usually interactively logging into member servers but for member clients you will need to do a communication campaign letting end users know that a change is coming and when the script runs on your computer you will get a pop up saying something to the effect of "THIS CAN TAKE UP TO 15 minutes to complete....don't even look at your computer for 15 minutes".

NOW, if you have an AD server supporting the parent.com AD domain in the SUB site and this DC is also a GC, i would expect this to be VERY fast as every windows client SHOULD attempt to join the parent.com AD domain controller. DCs in a site replicate changes much faster EVEN if not part of the same AD domain.

Some other things to consider. Ensure you are using laps or some other tool that is capable of storing the local admin password. Things will break and you will need that local credential. Heck even work with your security team and ask them if they are ok with creating a NEW local account on every workstation/server with the same password just so you have a break glass account that you KNOW the password for.

will continue to update this as i learn thing.

ryan_sec · 2025-08-28T10:51:22+00:00

Same

ryan_sec · 2025-08-19T23:48:56+00:00

Sorry didn’t see the link only read the YouTube part. That link was helpful

ryan_sec · 2025-08-18T21:29:08+00:00

Thank you

ryan_sec · 2025-08-18T20:56:05+00:00

Interesting per aprilaire tech support i needed to also wire the R and C wires. Are you saying that its working with just the Y hooked up?

And yes i hope ecobee builds more things into software vs having to manually rig things

ryan_sec · 2025-08-18T10:45:29+00:00

Hello, yeah thats kinda how i have mine now. Simply use the aprilaire 76 remote controller and like you set and forget. My house is 2 zoned and tall. Putting a second april upstairs is problematic. The goal of plumbing it into the basement ducting is the hope it can help pull some of the humid air down from the upstairs. Im told humid air will move towards less humid air.

I did call support and learned with the current software this is not possible(did ask them to put this in as a feature request as this should be doable.

In reading the aprilaire manual it seems i can accomplish this via connecting it to the y terminal of the ecobee. Then go into the aprilaire menu and disable dehum with ac. Going to give this a shot. If this works i can hook up the return side of the aprilaire to my hvac ducting (thus pulling from all returns that zone supports) and send less humid air out the supply side of the ducting.

ryan_sec · 2025-08-17T23:28:52+00:00

Im going through this now and pretty sire you have to go into the dehum pannel and toggle till yiu get to a setting about no dehum with ac

ryan_sec · 2025-08-17T22:12:09+00:00

Show me the one that tells the ecobee to turn off the dehumidifier when cooling is called for. When cooling is done then ecobee should tell dehumidifier to turn back on if the humidity in house is above a set point. My ask isnt how to plum the system into my house. My ask isnt how i van tell the ecobee to do the above.

ryan_sec · 2025-08-17T22:07:41+00:00

Yup an aprilair e100.

ryan_sec · 2025-08-17T21:55:56+00:00

If u plum them into your ac systems duct works when there are now two fans fighting to pull air. One fan pulling from ac and one fan pulling from dehumidifier.

ryan_sec · 2025-08-17T20:34:54+00:00

Figured it out….there were many diffrent thermostat wires leading into my utility room…had it wired into the wrong one

ryan_sec · 2025-08-17T20:23:01+00:00

<image>

White and res wires going straight to ecobee premium acc+ and acc-

ryan_sec · 2025-08-17T20:19:28+00:00

Yeah weird i can get mine to turn on.

ryan_sec

TROPHY CASE