|
Solaron posted:Well, this process is managed overseas and they're not really open to giving us access to see the inner workings, so I only know what they're telling me. I own the SIEM and that's why I'm even having to be involved. I'm told that Splunk is just forwarding the logs they receive from Netscaler but we're seeing IPADDR TIMESTAMP IPADDR instead of the 3164 format of <PRI> TIMESTAMP IPADDR when we receive the logs from Splunk, and it's breaking the parser. Put logstash on your end and strip the useless crap from it. If you're using ArcSight you can use the CEF codec to format your data.
|
# ¿ May 19, 2017 19:09 |
|
|
# ¿ Apr 29, 2024 00:28 |
|
ChubbyThePhat posted:drat this actually looks fun. It does. Are there tutorials that teach you these kind of things because I'm reading this with close attention but would have no clue where to begin on stuff like this.
|
# ¿ Jul 26, 2017 20:05 |
|
Furism posted:Check your PMs. I'm looking to move in the same direction. Could you PM me the same info?
|
# ¿ Aug 31, 2017 17:15 |
|
Thanks Ants posted:I've not seen the usual vendors crawl out of their holes to tell people to use their Internet security suite that tunnels everything back to their yet, presumably that's on the way You can stop checking LinkedIn for the next 2-4 weeks because every vendor will be unbearable.
|
# ¿ Oct 16, 2017 17:28 |
|
If you're setting up a large environment you have to think about CA's, sub CA's, publishing of ARL's/CRL's and how you want devices to retrieve certs (scep/cmp) etc. And what precious posters said about building a trust and how to manage that trust so it doesn't become worthless due to people loving things up.
|
# ¿ Oct 16, 2017 21:52 |
|
|
# ¿ Apr 29, 2024 00:28 |
|
EssOEss posted:You can paste a key here to check it: https://keychest.net/roca Gemalto hasn't come forward with an official reaction yet. They're "working on it".
|
# ¿ Oct 18, 2017 18:41 |