Recently Updated Pages

Firmware and RERF file

Lychee Slicer

Most active to date: https://github.com/sebaxakerhtc/rdpwrap Config file update: https://github.c...

apt update; apt install ipxe; wget 'https://boot.netboot.xyz/ipxe/netboot.xyz.lkrn' -O /boot/ipxe...

/etc/pve/lxc/###.conf lxc.cgroup2.devices.allow: c 10:200 rwm lxc.hook.autodev: sh -c "modprobe t...

alias dcud="docker-compose up -d" alias dcd="docker-compose down" alias dcp="docker-compose pul...

https://www.varonis.com/blog/investigate-ntlm-brute-force More specifically, you will need to us...

bin time doc | summarize initial_time = min(TimeGenerated), end_time = max(datetime_add("Second"...

// The query_now parameter represents the time (in UTC) at which the scheduled analytics rule ran...

earliest=$initial_time$ latest=$end_time$ index=$index$ EventCode=4624 NOT Logon_Type IN ("5") ho...

(index=_audit host=* action=search sourcetype=audittrail search_id!="rsa_*") | eval user = if(us...

| rest splunk_server=local count=0 /services/saved/searches | where disabled=0 | rename action.co...

Log Analytics: Logs Rules Analytics OfficeActivity | where ingestion_time() > ago(5m) | where...

OR PREVIOUS works like an OR statement in parenthesis. a AND b OR PREVIOUS c would look like a &&...

Use Routing Rules with forwarding > bypass correlation For IP ranges, use Network Hierarchy.

[http://www.siem.su/docs/ibm/Technical_remarks/Reference_Data_Collections_Technical_Note.pdf]

Use AQL filter query username LIKE 'testUser' and LONG(DATEFORMAT(starttime, 'yyyyMMdd')) < 2...

When a building block or rule matches it's specific fields, do not fire matched events and NOT w...