Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Zero Day Exploit of Microsoft Support Diagnostic Tool Detection. What components of Cisco Secure Endpoint will detect and block this vulnerability? https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-to...
FireEye experienced a breach. Their APT toolkit was stolen. FireEye is sharing indicators of compromise and countermeasures on GitHub. How can I use Stealthwatch Cloud to detect those IOCs? https://github.com/fireeye/red_team_tool_countermeasures
It's necessary to organize connector endpoints by their location within the Active Directory organizational unit structure in an automated fashion. Deployment documentation suggests group should be defined at the point of connector deployment. This m...
My enterprise has quite a few third party vendors that are remote to my physical location but need to be able to access systems that have access to PII that is protected by DUO.
Variables at play for each third party vendor:
Multiple individuals.Mult...
Everything working well. Once past initial authentication at ADFS, 2FA prompt comes up on right. The window is pretty small and has a scrolling vertical bar to compensate. This may be cosmetic, but is possibly going to be a lot of calls to my Helpdes...
Thank you Sylvain. I was able to find the same indicator using general search on "msdt". I'm still trying to determine which AMP detection engine is necessary to be certain this is detecting in my enterprise. The indicator doesn't have that informati...
How is it known that this is Behavioral Detection and not Exploit Prevention, Exploit Prevention-Script Control, System Process Protection, or Malicious Activity Protection? Is there a place to look to confirm this?
Hi Ryan,
Conveniently we are licensed for Access. And we do group our staff and students appropriately by AD groups.
Using the group policy was the path I was going down, but targeting groups would require I sync that group. Syncing is bad juju for ...
