Josh Brower comments

Results 44 comments of


                                            Josh Brower

Generic Log Sources - Network protocols/services

`category` sounds good to me!

Feature request podman support

I agree with @fignew, this becomes a more pressing issue with the lack of Docker packages with Fedora and RHEL/CentOS 8.

Suggestion to add Praeco as elastalert visualizer

https://github.com/jertel/elastalert2

Add Build Number to Windows

Initial support here - https://github.com/endoflife-date/endoflife.date/pull/799

Security Onion 2?

@EchoGangster SO2 has a Sigma editor within Playbook - https://docs.securityonion.net/en/2.3/playbook.html

Add ability to see MDM information for Windows hosts

Yes, I think something like this would work: `select key,data from registry where path like 'HKEY_LOCAL_MACHINE\Software\Microsoft\Enrollments\%\ProviderID';` ![image](https://user-images.githubusercontent.com/954732/184506126-734f615a-966b-4572-b72c-bb3b70781dee.png)

Add ability to see MDM information for Windows hosts

I should mention that when I disconnected the test system from MiradoreMDM and reran that query, there were no results.

Add ability to see MDM information for Windows hosts

I think the `DiscoveryServiceFullURL` is what you would be looking for: `select key,data from registry where path like 'HKEY_LOCAL_MACHINE\Software\Microsoft\Enrollments\%\DiscoveryServiceFullURL';` ![image](https://user-images.githubusercontent.com/954732/184965730-db4adaf9-57d4-4c16-9ff0-6989b9e406d0.png) Here is what else is available to query: ![image](https://user-images.githubusercontent.com/954732/184965495-caecbe19-d7a0-4b1c-b79c-07e64b37ebce.png)

Add ability to see MDM information for Windows hosts

@noahtalerman Let me check a couple things

Add ability to see MDM information for Windows hosts

No, Windows Autopilot is not used very time a device enrolls to MDM. There are multiple ways that a device can be enrolled - In the above miradore example, I...