There has been a lot of great work done to generate STIG baselines for the various VMware products. This content is publicly-available on Github under the vmware/dod-compliance-and-automation repository. As I’m currently focused on using VMware Photon 5, I’m going to explore that process with you now. Initial Testing Before applying your STIG, you’ll probably want …
I’m pretty inexperienced when it comes to Fluentd logging, but I have a necessary use case to use it to ingest some log files with a non-standard format. There’s documentation on how parsers work, and there are even examples of how it should automatically happen. But, then there’s also the reality that I discovered that …
There are many common approaches to logging. However, since my home environment is running SecurityOnion (SO), I’m going to focus on three common ones and show how to do an end-to-end configuration with SO. If you’re curious about Filebeat, I’ve already written about it here. Fluentd Fluentd is extremely popular, while providing many options and …
For a while now I’ve been curious about the application of multi-factor authentication for Linux console and SSH access. It’s a particularly challenging use-case, especially if you operate in an air-gapped configuration, and yet need to meet industry standards such as PCI’s Control 8.5.1, or NIST 800-53’s Control IA-2(1). Multi-factor is essentially a requirement to …
Read more “MFA Tutorial – Yubikey Usage for both Console and SSH”
So, you’ve got Security Onion (SO) running from the Security-Appliance-in-a-Box via Ansible. Now what? How do you begin to ingest logs from your other devices into the included Elastic instance? I’m glad you asked! There’s a couple steps you’ll need to follow. Allow Access First you’re going to need to open the firewall to allow …
Read more “Ingesting External Logs via Security Onion’s Elasticsearch”
On my first attempt to install Security Onion in my Security-Appliance-in-a-Box, I ran into a weird networking issue. The install script failed with the error “The IP being routed by Linux is not the IP address assigned to the management interface (ens1)“. Looking around online, I discovered that I’m not the first person to experience …
For my home network I’ve historically used an IPfire firewall, running on a Raspberry Pi. In general, it’s been a great little setup, however I’ve decided that I wanted to move to a beefier rig that contains both a pfSense Firewall, and a NIDS tap that feeds into a Security Onion Server, all on the …
We’ve talked at length about how we got started on Salesforce, now let’s explore (in a development/test instance) what it looks like practically as it’s implemented. When a user logs in the are greeted with the entirety of our portfolio. From this they can chose from a variety of areas such as On-Premises vs. Cloud …
Read more “Portfolio and Lifecycle Management – Tooling Overview”
As I mentioned in the introduction one of the primary drivers towards low-code development is increased velocity and a lower bar of entry. Both of these are good things, however, as we saw earlier the lower bar of entry might not be enough. Additionally, the increased velocity (due to more contributors from a non-technical background) …
Read more “The Road to Low-Code | Lifecycle Management and Feature Cataloging”
So, now you’ve built this low-code platform and overly optimistic expectation is that all your users who previously had requests are going to be tripping over each other to implement their features. Well, not so much… We’ve had a mixed response coming from our users around embracing the low-code mentality. In some cases it’s very …
Read more “The Road to Low-Code | Will (and Should) They Come?”