This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About Bruno_Alipio
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About Bruno_Alipio
07-06-2022
6Posts
2Likes
1Solution
Jul 06, 2022Last Visited
User
Activity
User
Profile
Latest posts by Bruno_Alipio
| Subject | Views | Posted |
|---|---|---|
| 3079 | 08-11-2020 01:52 AM | |
| 3150 | 08-10-2020 04:08 AM | |
| 3639 | 11-22-2018 07:03 AM | |
| 10667 | 10-23-2018 06:38 AM | |
| 10722 | 10-17-2018 06:42 AM | |
| 11297 | 10-17-2018 06:04 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 08-10-2020 04:08 AM | |
| 1 Like | 10-17-2018 06:42 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 Like |
User Badges
Community Statistics
| Member Since | 05-19-2016 01:33 AM |
| Date Last Visited | 07-06-2022 11:08 AM |
| Posts | 6 |
| Total Likes Received | 2 |
08-11-2020
01:52 AM
Hi @dfalcon, thanks for the feedback, I opened a case in support but unfortunately they where not able to help. I'm just trying to figure out the standard behavior if the prerequisites are not met. If the bitlocker process cant save the recovery keys to the AD, should it present a GUI to the user asking for USB/print/local file? Is there anyway that the XDR agent is enabling the bitlocker and asking for a silent process?
... View more
08-10-2020
04:08 AM
1 Kudo
Hello, I wanted to check if someone can shed some light on this issue I had. During a Cortex XDR PoC, the end user activated the Disk encryption policy on a couple of workstations without confirming the pre-requisities so these workstations encrypted the HDD (C:) and after the first reboot started asking for the bitlocker recovery key. Now, the issue is that the key is not present on Active Directory and the user said that it got no other prompt to save the key on the endpoint. My question is that if XDR activated the bitlocker policy and if it was not able to save the recovery key, should it encrypt anyway? I now have a couple of workstations that have their disks encrypted and no way to rollback or unlock them. Thanks in advance for any tips/help/comments.
... View more
11-22-2018
07:03 AM
After a week of logs from a NGFW I tryed to ML rules from it and got a couple of "suspicious" rules, for example these two below:
In these, as you can see, the source, destination and service are any. What is the threshold that makes Expedition consider an any on the src.ip ou dst.ip? Is there a way to get the full list of destinations?
Thank you.
... View more
10-23-2018
06:38 AM
Hi @LukeBullimore,
Im not facing the issue anymore. I have my directory structure /PALogs/PaloAltoSCP owned by "expediton" and everything is running ok now.
For the first "process files" I had to change the owner to www-data:www-data but after that reverted back to expedition:expedition (to let the NGFW device export the logs directly via SCP) and everything is running fine. I now can have the new exports on this directory, have expedition finding them and processing without issues.
Hope this helps.
... View more
10-17-2018
06:42 AM
1 Kudo
Got it. permissions on the folder !
same issue as this: https://live.paloaltonetworks.com/t5/Expedition-Discussions/Expedition-csv-logs-stuck-in-pending/m-p/219279#M165
... View more
10-17-2018
06:04 AM
Hi all,
I sucessfully exported the logs from my PA200 (currently on release 7.1.16) via SCP to the PALogs folder.
Expedition can find the files but when I do the "Process Files" I get the dreaded " No supported files to process ". Can I get an hint on what am I doing wrong here?
... View more
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks