Requires: EventSentry NetFlow license pfSense 2.4 or later psexec kittyportable Starting with EventSentry v4.0.3 EventSentry can log events when a potentially malicious IP address has been detected via NetFlow. This event can subsequently be used to trigger a process that remotely logs into the pfSense firewall to block the IP addr...
The easiest way to get notified in realtime whenever a user is created in Active Directory is by forwarding MicrosoftWindowsSecurityAuditing event 4720https://system32.eventsentry.com/security/event/4720. This event is logged to the Security event log whenever an Active Directory user is created. More informa...
Recent CVE advisory CVE20200796https://cve.mitre.org/cgibin/cvename.cginame=CVE20200796 explains a remote code execution vulnerability that exists in the way that the Microsoft Server Message Block 3.1.1 SMBv3 protocol handles certain requests that affect Windows 10 and Windows Server. Microsoft has released a patch for this vulnera...
Utilman.exe is the utility program that is launched when the Ease of Access button on the login screen is clicked. At the time of writing it is still vulnerable to be replaced by cmd.exe allowing an attacker to simply reset any user password since the tool is executed with admin rights Infohttps://4sysops.com/archives/resetawindows1...
This guide illustrates how to completely disable WinRM and how to deploy it over the network using the free tool EventSentry Admin Assistanthttps://www.eventsentry.com/adminassistant. 1. Disabling WinRM 2. Network deployment using EventSentry Admin Assistant Disabling WinRM The Windows Remote Management WinRM service is Micro...
EventSentry can detect both successful and unsuccessful ZeroLogon attacks by examing various event patterns on domain computers. To use this package: Download the package using the link shown below Open the EventSentry management console Click on Packages Click on Import Select the ZeroLogon package resource 15
Starting with EventSentry v4.2.3 web attacks can be detected with a set of regular expression rules that can be applied to any monitored log file including IIS log files. New EventSentry installations not pre 4.2.x upgrades automatically have these rules activated in all IIS Windows log file packages except for 2008 users who upgra...
The EventSentry dashboard includes the generic Search tile which can be used to display data from any page in the web reports e.g. event log data. The Search tile also offers the ability to extract select data strings from events and display them in custom columns. This method can be applied to any type of event logged to the event log. ...
