mhobbelen
mhobbelen
After enabling IDS (or IPS) and enabling all rules, the engine is not working (running IPS test like curl -A "BlackSun" www.google.com doesn't trigger an alert on the firewall (USG...
This query only returns the default criticalassets defined by MS, not the custom classifications or the default ones which are manually changed to a higer classication. At the moment, only...
| graph-match (Account)-[HasPathTo*3 .. 9]->(Administrator) where HasPathTo.EdgeType in ("HasSession", "HadSession", "AdminTo") and Administrator.AccountName =~ "Administrator" and Account.ObjectType == "Identity" and Account.Source != Administrator.Source and HasPathTo.Source != HasPathTo.Destination project User =...