tag:blogger.com,1999:blog-6417275079333363490.post1738221617823853247..comments2023-07-22T02:53:13.759-07:00Comments on Greg Martin's blog - InfoSecurity 2.0: Arcsight Unified Windows Connector de-mystifiedGreg Martinhttp://www.blogger.com/profile/11631833625444365559noreply@blogger.comBlogger7125tag:blogger.com,1999:blog-6417275079333363490.post-12294695078891405052010-06-24T04:11:34.393-07:002010-06-24T04:11:34.393-07:00Hi Greg,
I have recently received an IDS "wi...Hi Greg,<br /><br />I have recently received an IDS "windows system32 directory file access" alert from the unified connector to the destination Windows server.<br /><br />However this happen only randomly on a few occasions. <br /><br />Appreciate your advice if there is something I am missing here. Thanks.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-6417275079333363490.post-14859143000550409802010-04-21T10:40:36.419-07:002010-04-21T10:40:36.419-07:00Hi Anon,
I have not yet used the Sophos connector...Hi Anon,<br /><br />I have not yet used the Sophos connector but it sounds like there is database connection issues... Are you connecting remotely to the DB or running the connector as software right on the Sophos box? As for the Windows connector a hint would be to split the connector load as much as possible, try not to have more than 75 hosts on each connector and spread them across multiple connector appliances. Also make sure you are not polling one Windows server from multiple connectors!! Hope that helps.Greg Martinhttps://www.blogger.com/profile/11631833625444365559noreply@blogger.comtag:blogger.com,1999:blog-6417275079333363490.post-2283710988762972252010-04-21T05:58:25.999-07:002010-04-21T05:58:25.999-07:00Hi Greg,
I've experienced the same issues with...Hi Greg,<br />I've experienced the same issues with the unified connector and am working through it right now. <br /><br />I was wondering if you heard any issues with the Sophos connector on the latest build. I'm seeing jdbc:odbc:SOPHOS all through the log. Followed Arcsights instructions completely but I don't think it likes that connection. Place a support ticket but always looking for additional tips if you have any.<br /><br />Thanks!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-6417275079333363490.post-20320207001125390972010-02-09T12:31:13.093-08:002010-02-09T12:31:13.093-08:00sly: check out this great write up on WMI scriptin...sly: check out this great write up on WMI scripting with python by my twitter buddy Corey http://coreygoldberg.blogspot.com/2008/12/python-monitor-windows-remotely-with.htmlGreg Martinhttps://www.blogger.com/profile/11631833625444365559noreply@blogger.comtag:blogger.com,1999:blog-6417275079333363490.post-65020824941043951722010-02-09T11:48:20.952-08:002010-02-09T11:48:20.952-08:00Antonio: Sorry you are going to need to put that d...Antonio: Sorry you are going to need to put that domain user in the Administrator group... Not sure of a way around that.Greg Martinhttps://www.blogger.com/profile/11631833625444365559noreply@blogger.comtag:blogger.com,1999:blog-6417275079333363490.post-21517051415245916362010-02-05T04:43:19.130-08:002010-02-05T04:43:19.130-08:00This comment has been removed by a blog administrator.slynoreply@blogger.comtag:blogger.com,1999:blog-6417275079333363490.post-24080552232003221962010-01-07T16:50:47.961-08:002010-01-07T16:50:47.961-08:00Hi,
I´m having a hard time configuring the corr...Hi, <br /><br /> I´m having a hard time configuring the correct priviledges for a domain user, not administrator, to be able to collect events from DCs and server of that domain.<br /><br /> Servers are all running Windows 2003.<br /><br /> What´s your suggestion ?TheUnFhttps://www.blogger.com/profile/07067301174419887070noreply@blogger.com