Did you get your boarding pass to the “Orion” mission?
Send your name to Mars
alex
Smart Connector “Filter Out” issue
ArcSight Smart Connectors has a very useful feature: it is possible to set up a filter to filter out unwanted events and don’t send them to a destination (ESM ArcSight, Logger, etc). It works very well at the ESM ArcSight – you just need to open connector’s properties, select the “Filter” tab and create a … Read more
Python SUDS, WSDL, HTTPS proxy and SOAP authentication.
Today I would like to share a recipe how to utilize WSDL (SOAP) in a Python SUDS script behind the HTTPS proxy. It may be useful for getting some commercial feeds on a server sitting behind the corporate firewall. First of all, I find out the Python SUDS are very convenient. You can download it … Read more
Logger and CIFS share on a Windows 2008 R2 Server
Here is a workaround for the issue with mounting a CIFS share (Windows 2008 R2 Server) at a Logger. I followed usual procedure to configure a remote file system at a Logger. All required parameters for CIFS share were specified: Surprisingly it did not work: I carefully checked parameters, login credentials – everything was correct. … Read more
RedKit Java exploit – under the hood
Here I put some technical details about RedKit Java exploit. I will use real sample of captured network traffic. The analysis was done using the following tools: CuckooBox 0.6, Java Decompiler GUI, Wireshark. Don’t follow any URLs in this post! They may still contain the malware. OK, now step 1: a victim visits an infected … Read more
Facebook hacked
Mauritania hacker (AnonGhost) hacked Facebook. Cool! PasteBin Facebook:
ESM ArcSight plugin – correct device time
Recently I find out a situation when some device puts time stamps using the GMT time zone. It could be easily fixed by changing connector settings. But here is a problem again – settings are global, so it will fix time stamps for this device and will broke time stamps for all other device. The only … Read more
ESM ArcSight plugins – how to
Introduction I attended many sessions at the “HP Protect 2012” conference last September and one of them – the “Plug it in!” by Doron Keller (HP/ArcSight) was very interesting for me. As a former software developer, I always like any possibilities of enriching features of an existing product by writing few lines of code. Furthermore … Read more
ESM ArcSight – how to convert events for Replay (Test Alert) agent
The “Replay” (also known as Test Alert) agent at the ESM ArcSight – is a very powerful tool for developing and debugging rules. You don’t need to wait until a real (and probably rare!) event will be received by the ESM Manager only to check that the rule produced incorrect result. Of course a test … Read more
BitCoin malware
Last weekend a friend of mine told me about some issue with her new laptop: suddenly IE’s home page was set to Desjardins (https://accesd.desjardins.com/). Well, nothing wrong, it is a legitimate web site except one thing that she was not able to change it! I agreed to take a look and asked to run the … Read more