Tools: ELFF Format Explanation

Logs Explanation ****************************************************** This is an ELFF format with custom strings of: ****************************************************** date time time-taken c-ip sc-status s-action sc-bytes cs-bytes cs- method cs-uri-scheme cs-host cs-uri-port cs-uri-path cs-uri-query cs-username cs-auth-group s-hierarchy s-supplier-name rs(Content- Type) cs(User-Agent) sc-filter-result cs-category x-virus-id s-ip s- sitename******************************************************  example: 2013-11-07 01:01:11 1 10.10.10.10 304 TCP_HIT 320 894 GET http http://www.martugbo.com  80 /plugins/tt/tt.php ?src=photos/ce3ccf9cc6cfbbea1bce22547f35b950.jpg&w=86&h=56&zc=1&media=1 jon_do USER_Group\WWU-IA-StandardAccess Unknown 10.10.40.66 image/jpeg "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; xs-q__ic9-390M;iwOfva; … Continue reading Tools: ELFF Format Explanation

Advertisements

Enforce TLS for Partner Organization on Office 365

You can create connectors to apply security restrictions to mail exchanges with a partner organization or service provider. A partner can be an organization you do business with, such as a bank. It can also be a third-party cloud service that provides services such as archiving, anti-spam, and filtering. You can create a connector to … Continue reading Enforce TLS for Partner Organization on Office 365

Using a Client Certificate when Bridging SSL traffic from ISA Server

Introduction One feature that occasionally causes some confusion among ISA Administrators is the option to “Use a certificate to authenticate to the SSL Web server” which is on the Bridging tab of a Web Publishing Rule.  Some people mistakenly believe that this has to be checked for ISA Server to communicate securely with the published resource.   As … Continue reading Using a Client Certificate when Bridging SSL traffic from ISA Server

Windows: How do I find an LDAP User and their Group Base DN for Microsoft Active Directory?

To find the user and group base DN, you can run a query from any member server on your Windows domain. To find the User Base DN: - Open a Windows command prompt. - Type the command: dsquery user -name <known username> (Example: If I were searching for all users named John, I could enter … Continue reading Windows: How do I find an LDAP User and their Group Base DN for Microsoft Active Directory?

Tools: How to identify and clean up Windows computers infected with malware and bots

Solution: Follow the steps below in the given order: Step 1: Disconnect the computer from the network and notify the user that the computer cannot be re-connected until all malware has been successfully removed. Step 2: Find out if the user is familiar with the destination or action that the malware or bot is trying … Continue reading Tools: How to identify and clean up Windows computers infected with malware and bots

Tools: Test your Firewall’s AV, Anti-Bot and Threat Emulation functions

Found this tool from CheckPoint to test your AV, Anti-Bot and Threat Emulation function. https://threatwiki.checkpoint.com/threatwiki/public.htm Test Threat Emulation Click to download a DOC with an exploit. This file will not harm your computer. To confirm the file was detected, use the Smart Log / Smart View Tracker to locate the Threat Emulation log for this … Continue reading Tools: Test your Firewall’s AV, Anti-Bot and Threat Emulation functions