This blog will focus on Plixer’s current capability to extract flow from the different solutions Aruba has to offer today. I will go over the integration steps with Aruba ClearPass and the role we play in an automated role-based access monitoring setup using ClearPass.
Read moreBlog
How to get the best ROI for your SIEM: Tips on picking the right NDR
Posted on - by James Dougherty
Has management made enhancing your network monitoring toolset with an NDR component a priority for the new year? Have the demands of the pilgrimage to a fully remote office shed some light on dark places on your network? Are you concerned that the one thing your significant other wanted for Xmas won’t be available on Amazon? Don’t worry about it—seems like everyone is facing these issues nowadays.
Read moreInspecting encrypted traffic with JA3 and JA3S fingerprinting
Posted on - by Jeff Morrison
Two years ago, I wrote a blog about tracking malware in encrypted traffic. The overall theme of that blog was that encryption has become much more of a standard. 2017 in particular was a milestone year in which the volume of encrypted traffic officially surpassed unencrypted web traffic. It’s safe to say that in three years, that balance has shifted even more in favor of SSL/TLS encryption. In this blog, I’ll explore the concept of JA3 and JA3S fingerprinting and the benefits they introduce when it comes to inspecting encrypted traffic.
Read morePlixer Scrutinizer new UI changes
Posted on - by Ryan Slosser
With the newest release of version 19.0.0, I’d like to go over how Plixer Scrutinizer’s UI has changed to make finding data easier. There are a few new ways to accomplish the same tasks in the newest release that differ from the version 18.20 and under. This blog will cover how to accomplish some common workflows in the new UI, and how to navigate to the data you need even faster than before.
Read moreThe importance of monitoring Windows 10 updates
Posted on - by Timothy Morris
Microsoft has redone their release cycle format, and although it makes things easier for the end user, it can prove difficult to ensure your environment is running the most up-to-date or minimally supported operating systems. Microsoft is now only releasing major feature updates to Windows 10, as opposed to releasing a “Windows 11” or a “Windows 10.1.” Thus it is no longer obvious if an end user is running an outdated operating system. This is a challenge for systems administrators who need to make sure endpoint machines are on the latest Windows 10 update.
Read moreFive ways Plixer Scrutinizer helps retail networks
Posted on - by Joanna Buckley
Even though most of us have looked at a calendar recently and thought, “I could have sworn we were in May, not October,” you can’t deny that the holidays are coming. There’s a chill in the air, forecasts for snow, and floods of emails and holiday advertising from almost every retail outlet. While shoppers are gearing up to find the perfect gift, anyone who works in retail cyber security is also no doubt preparing for the big rush as well. Here are five ways Plixer Scrutinizer can help you if you’re in that role.
Read moreDetecting RDP attacks with NetFlow and metadata
Posted on - by Jake
An ever increasing attack vector in the healthcare industry are attacks against open or unsecured RDP connections that allow a bad actor to gain a foothold into the network and use this to propagate malware or export the client via ransomware. In this blog, you’ll find some simple-to-follow workflows that you can use to identify and remediate any potentially vulnerable servers.
Read moreUsername reporting: NetFlow integration with Splunk
Posted on - by Brian Davenport
I was recently able to explore the Splunk software development kit with a customer. This helped me to implement another way to get username attribution within Plixer Scrutinizer. It’s a great addition to past methods such as Active Directory, Cisco ISE, and CounterACT because in many cases user information will already be logged in Splunk, which saves duplicate work with multiple systems.
Read moreHow to detect suspicious ICMP traffic
Posted on - by Scott
A few years ago, we added a behavioral algorithm to Plixer Scrutinizer that looked at all the flow data that was collected and determined if there was possible ICMP tunneling taking place. That algorithm alarmed if it determined that packet sizes were abnormal for ICMP traffic from a Windows or Linux platform.
Read moreHow to detect a reverse SSH tunnel
Posted on - by Khalil Ismayilov
Today we are going to talk about Plixer’s new Flow Analytics algorithm, Reverse SSH Shell, which has been included in the latest Plixer Scrutinizer update. The Reverse SSH Shell algorithm identifies possible reverse SSH tunnels to external destinations.
Read more