Mark Ulmer MarkUlmer
MarkUlmer
/ gist:abc72b9702b8193f29627fb3208b4ccb
Last active
December 25, 2018 00:10
Linux Mint on MacBook Pro
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # When installing Linux Mint on a MacBook Pro these command | |
| # will help with proper configuration | |
| sudo apt install bcmwl-kernel-source mbpfan xorg-driver-synaptics |
MarkUlmer
/ gist:4df5b111ac55768b74ddda16a50baa9a
Created
August 28, 2017 16:18
ArcSight Logger Search - Windows Events for Group Membership Changes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| deviceEventClassId IN ["Microsoft-Windows-Security-Auditing:4737","Microsoft-Windows-Security-Auditing:4732","Microsoft-Windows-Security-Auditing:4757","Microsoft-Windows-Security-Auditing:4733","Microsoft-Windows-Security-Auditing:4729","Microsoft-Windows-Security-Auditing:4756"] and NOT (destinationUserName ENDSWITH "$") and NOT (sourceUserName ENDSWITH "$") |
MarkUlmer
/ gist:14ec5290ea24ba6e5b02dcf65946323c
Created
August 28, 2017 16:17
ArcSight Logger Search - Windows Events for Group Changes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| deviceEventClassId IN ["Microsoft-Windows-Security-Auditing:4758","Microsoft-Windows-Security-Auditing:4754","Microsoft-Windows-Security-Auditing:755","Microsoft-Windows-Security-Auditing:4735","Microsoft-Windows-Security-Auditing:4734","Microsoft-Windows-Security-Auditing:4731","Microsoft-Windows-Security-Auditing:4730","Microsoft-Windows-Security-Auditing:4727","Microsoft-Windows-Security-Auditing:4737"] and NOT (destinationUserName ENDSWITH "$") and NOT (sourceUserName ENDSWITH "$") |
MarkUlmer
/ gist:87308c61053c0e02273af35e356f6861
Created
August 28, 2017 16:16
ArcSight Logger Search - Windows Events for Account Changes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| deviceEventClassId IN ["Microsoft-Windows-Security-Auditing:4740","Microsoft-Windows-Security-Auditing:4722","Microsoft-Windows-Security-Auditing:4738","Microsoft-Windows-Security-Auditing:4781","Microsoft-Windows-Security-Auditing:4720","Microsoft-Windows-Security-Auditing:4725","Microsoft-Windows-Security-Auditing:4724","Microsoft-Windows-Security-Auditing:4723","Microsoft-Windows-Security-Auditing:4767","Microsoft-Windows-Security-Auditing:6279"] and NOT (destinationUserName ENDSWITH "$") and NOT (sourceUserName ENDSWITH "$") |
MarkUlmer
/ 91-arcsight.conf
Created
February 17, 2017 20:02
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Filename: 91-arcsight.conf | |
| # Filepath: /etc/security/limits.d/ | |
| ## Required for ArcSight applications | |
| * soft nproc 10240 | |
| * hard nproc 10240 | |
| * soft nofile 65536 | |
| * hard nofile 65536 |