WireShark is an interactive network protocol analyser and capture utility. The MBSA is a tool that can be used to detect missing security updates and typical security misconfigurations. The Dude from MicroTik can automatically scan all devices within a given subnet and then draw and layout a map of your network. TCPView allows you to view detailed TCP and UDP connection information in a user friendly format. PipeList displays a list of named pipes on your system, including the number of active instances and the instance threshold.
ShareEnum allows you to scan and view the security settings of file shares on your network. Whois performs a lookup of the registration information of a given IP address or domain name. Wi-Fi Inspector is a powerful Wi-Fi management and troubleshooting tool that allows you to locate and verify Wi-Fi devices, detect rogue Access Points, troubleshoot connections, and search for Wi-Fi networks. Using this MMC snap-in you can quickly visualize the user and group permissions of a local or remote folder or drive in a hierarchical format to help identify problems.
One excellent example is sysmon-config by SwiftOnSecurity.Here are 101 System Admin tools which make System Admins’ life easy. Fortunately, you don’t need to start from scratch as the open nature of sysmon means that there are many shared configuration files which can be adapted for many needs. Whether you are looking for malicious activity or simply trying to debug a misbehaving program, it is all too easy to have sysmon generate a lot of noise in the logs. One of the biggest challenges with sysmon is filtering out uninteresting data. The example above is just a sample of available options, check the references section at the end for more complete documentation.
You could for example exclude common network connection ports or known good executables from your environment. Each of the main level options within the tag can include sub options to include or exclude particular indicators.
0 kommentar(er)
