Thursday, January 10, 2013

How to add WMI data source

4:06 AM  Nadeem  1 comment

  • Open WMI ports (135-139,443,445) between windows server and receiver.
  • Create a domain user account and add it to the local administrator group of the windows server.
  • Use the same account credentials in configuration settings of the data source to be added for the same windows server.
  • Add new data source in the receiver with following settings.
  • Make sure you check Use RPC option.
  • Make sure Parsing is enabled. Logging is optional and is used in case you want to save the events to ELM as well for reference.
  • Click on connect button to test connect and write settings to the receiver.
Read More

How to use custom Snort Rules in IBM Provincia GX 5108

2:08 AM  Miraclesoul  No comments


How to use custom Snort Rules in IBM Provincia GX 5108











alert tcp any any -> 46.236.100.36 80 (msg:"PTCL local.se accessed"; content:"local.se"; nocase; sid:5001;)

 NOTE: if the content:"" parameter is not defined, the IPS will not be able to log the events, as it looks content in the packets
Read More

Tuesday, January 1, 2013

Configuring Firemon in Sun Virtual Box

3:50 AM  Miraclesoul  1 comment

This Post defines step by step method of configuring Firemon Server using Virtual Box









using the above settings you will be able to setup firemon successfully, else it will fail for several reasons giving several errors.

Thanks
Fahad


Read More

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites More