Fortinet sudo wget -O cef_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_troubleshoot.py&&sudo python3 cef_troubleshoot.py https://learn.microsoft.com/en-us/azure/sentinel/connect-cef-syslog-ama?tabs=portal
Category: Research
Research Undertaken
SSH Commands to enable PUA and Realtime Protection on Linux Servers
Fortigate – Message meets Alert condition – Failing SPF\DKIM
Removet the username ( From ) via unset command
The pop-up and the “Personalize Offers and Discounts for Microsoft Products”
Recently had a user with a company PC get the below popup This setting is only for Home Versions of Office ( Not Enterprise , there’s no […]
Microsoft Sentinel
https://pariswells.com/blog/research/microsoft-sentinel-pricing Create a new Log Analytics workspace because you probably have all your logs everywhere Enable Sentinel On Logs Analytics Choose Common for SecurityLogs Install Connectors for […]
Senitel where operator:Failed to resolve table of column expressions named IdentityInfo
Trying to turn on Authentication Methods Changed for Privileged Account. It errors out in Set rule logic. “where operator:Failed to resolve table of column expressions named IdentityInfo […]
SQL Analysis Services slow
Make sure you whitelist the MDF Files from Defender! Configure antivirus software to work with SQL Server – SQL Server | Microsoft Learn
Essential 8 PDF Hardening ( Adobe )
https://github.com/pariswells/public-code/tree/master/AdobeHardening
ASR Wildcard Exclusions not Applying
Per this website : https://learn.microsoft.com/en-us/defender-endpoint/configure-extension-file-exclusions-microsoft-defender-antivirus You can only use a maximum of six wildcards per entry. More :
CSP version of Microsoft Windows 10 Enterprise Upgrade/SA 1Y Open Value
To transfer a customers Open Value version of KV3-00489 to CSP you should use this Windows Enterprise E3 https://support.microsoft.com/en-au/windows/windows-10-enterprise-e3-89de5699-3030-eea1-ee49-1ccbcfe9413f