I administrate a Stealthwatch environment. It is composed of a SMC, a FC and a FS. Long ago I discovered a type of Brute force attack. But now it seems that it no longer works. I tried to replicate a brute force attack and changing the thresholds on the policy management so, but with no result
Trigger alarm when number of connections greater than: 1
Trigger alarm when average bytes per connection is below: 1 K
I open about 100 flows per minute with my brute force script. The strange thing is that Stealthwatch shows under flow search only one flow with the subject port that is the first source port used, the duration is relative to the total duration of the attack. I cannot find the other source ports. (I checked the behaviour with wireshark I see all the source ports).
Do you have any idea what's wrong with my Stealthwatch?
IntroductionFeatured AuthorsLive QuestionsQ: How is automation part of the Zero Trust framework?Q:What do you think is the biggest difference between work in cybersecurity and network security?Q: I got the old CCNA R&S, as we know there...
Meet the Authors Event - CCIE Security and Practical Applications in Today’s Network: Zero Trust
(Live event – Thursday, 29th, 2020 at 10:00 a.m. Pacific / 1:00 p.m. Eastern / 6:00 p.m. Paris)
This event had place on Thursday 29th, October 2020 at 10hrs P...
Get more with Firepower 6.6.1 – Cisco’s latest suggested release
The latest suggested release for Firepower delivers a Modernized UI, faster eventing, improved usability, and compatibility with the Cisco SecureX platform
In September 2020, Cisco of...
This is a work in progress. I will be working as the SME for pxGrid to update some questions, answers and general information here as time permits.
In my setup I see pending approvals under Web clients but also All Client?
In pxGrid 1.0, we have “Dynam...
I am not able to login to the ASAv device on AWS. I get the following message when I try from another EC2 (ubuntu 16.04) no matching key exchange method found. Their offer: diffie-hellman-group14-sha256 When I try from my Mac - I just get n...