@DustinB3403 said in NXLog and Windows for Graylog:
@flaxking said in NXLog and Windows for Graylog:
When I was playing with graylog, I was using Beats
Care to elaborate?
Flexible and made to work with different solutions
https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-overview.html
@DustinB3403 said in NXLog and Windows for Graylog:
@flaxking said in NXLog and Windows for Graylog:
When I was playing with graylog, I was using Beats
Care to elaborate?
Beats is essential what wazuh uses as well to send to elastic stack.
@DustinB3403 said in NXLog and Windows for Graylog:
So there are a few options for Graylog and utilities to get the logs from Windows to Graylog (or anything else). One of the recommended tools is NXLog as it's FOSS.
And while I was able to get Graylog setup and installed I can't for the life of me get my sample workstation to actually send any logs to my graylog server.
Does anyone have any pointers on this?
wazuh
Terminator is my favorite. Not sure if there is a Mac version.
This goes without saying but VLAN them unto a separate network and allow whitelist only traffic.
Setup a bastion host in this network to administer them. So setup a Windows Server 2019 server only allow incoming RDP traffic to that. Then specifically allow that server exclusively to RDP to your 2008R2 servers
Setup some type of tool that completely locks down processes and doesnt allow any files to be created on the instances
https://www.symantec.com/products/data-center-security
@Obsolesce said in Spoliers - are you angered when people post spoilers on social media?:
I enjoy spoilers.
I'm the type to want to know what happens before I watch.
For example, on Netflix for a given show I'm watching, I'll scroll ahead to read the descriptions of the ones I haven't seen yet so I know the basics of what will happen.
I don't know why, but it makes it more interesting to me. Same with movies.
That is definitely a unique perspective. IMO it really diminishes the entertainment value. I honestly dont even like reading the current episode description until after I watch it.
@DustinB3403 said in Tar gzip file compression calculation without decompressing the file:
@Pete-S So the simplest way I can think to explain this would be like this.
You have a network share which is relatively organized
You create a compressed tarball of any folder on that share and then move that tarball to offsite storage.
How would I realistically get a hash of that folder pre and post tar and compression and have it make sense? They aren't the same thing, even if they contain the same things.
@Pete-S said in Tar gzip file compression calculation without decompressing the file:
Is it safe to assume that the gzip file is correct when it is created?
This is what I'm looking to verify
Use a FIM like wazuh
It's not about the size of the company, it's how much regulation they are required to follow. Financial companies don't do that shit because they would fail common controls if they have poor practices or use vulnerable software.
Other examples would be NIST 800-53 controls or HITRUST. While they can be annoying to implement and not all are necessary relevant for everyone, they force a good overall security posture.
Without forcing security controls companies will continue to do stupid shit. I'd really like to see something like GDPR here in the US. HIPAA is in an obvious need of a revamp as well.
@flaxking said in Remote management of employees personal cell phones ...:
@IRJ said in Remote management of employees personal cell phones ...:
@flaxking said in Remote management of employees personal cell phones ...:
@IRJ said in Remote management of employees personal cell phones ...:
@flaxking said in Remote management of employees personal cell phones ...:
@IRJ said in Remote management of employees personal cell phones ...:
You can certainly do this with Intune and office 365. Basically you'd be able to wipe all corporate data as long as it's kept in office 365.
With Office 365 MDM, you can't disable the ability to do a full remote wipe. You do have more control over that with GSuite. Does Intune give you more control?
I'm pretty sure you can do what I described, but I'm not 100% sure.
It's not a question of what you can do, it's a question of what can the IT department be prevented from doing. The difference between wiping company data and wiping the whole phone just being different buttons does not reassure me.
This is how you do it - from MS link I posted earlier
"Enable your users to more securely access corporate information using the Office mobile and line-of business apps they know, while ensuring security of data by helping to restrict actions like copy, cut, paste, and save as, to only those apps managed by Intune."
If you restrict actions like copy, cut, paste, saving, screenshots, etc then you keep the data inside Office Mobile. Then you just remove the Office Mobile app remotely.
Are you able to enable remote removal of the app with just this feature?
You actually dont even have to do that. If they cannot login they cannot get to any of the data.
@Dashrender said in Scam calls/emails:
an FYI in case anyone cares... athenaNet has a single user database for their entire system. So if you work at two different hospital/clinics that both use athenaNet, then you only have one account that accesses both systems...
Yeah, unfortunately that is extremely common practice. They just use a different identifier to segment customers.
