Read: 22 mins. Splunk is a GREAT tool to aggregate and correlate information from a variety of sources, and its SPL queries can help surface what you may need. In this post, we extend our previous Active Directory Account Lockout Troubleshooting article with Splunk Dashboards. SimpleXML source codes are provided to create visual representations of Windows Security event log data to aid with lockout investigations. They can also help identify data or behavior patterns and how many accounts are failing authentication over a specific time period.
Read: 10 mins. The myQ Chamberlain Smart Garage Control provides a homeowner the option to remotely control the garage door via a smartphone app with real-time notification and other conveniences, including scheduled closes for when you accidentally left it open. I had strong security and hacking concerns. See what they were, what steps I took to address them, and what I thought of the device.
Read: 3 mins. Configuring Single-Sign on (SSO) for Proofpoint Targeted Attack Protection (TAP) with Azure Active Directory (AD) was not a simple task as documentation was lacking. This article will guide you how to configure SAML with Service Provider-initiated login.
Read: 3 mins. The Security Operations Center (SOC) noticed logins to Azure Active Directory (AAD) from yahoo.com and gmail.com email addresses and asked the IT Security team to investigate. At the time, we did not allow many B2B Guest credentials for those domains, but alarmingly, the accounts in question successfully authenticated even though they did not exist in our AAD tenant. Who were those people? Did we have a security breach? What did they access?
Read: 12 mins. How do you find out who made a change to an Active Directory or Builtin Local Group? Which users were added to or removed from a group? When was a group deleted? In this post, we look at Group and Membership change Event IDs, and explore how to use Splunk to find relevant information to aid in your investigations.
Read: 6 mins. We have recently enabled Single-Sign On (SSO) for our Cisco Umbrella dashboard and had to convert the existing, non-SSO accounts to use SSO. What should have been a straight-forward process was greeted with login issues and an inexplicable association with the OpenDNS dashboard. Here is how we secured the accounts and got SSO to work for each of them.