| <Created by Ashishsecdev> | |
| Logins | |
| 4625 - Failed Login (Bruteforce) | |
| 4624 - Succesful Login | |
| 4648 - Logon was attempted using explicit credentials. | |
| 4802 - Screensaver invoked. | |
| 4778 - RDP session reconnected. | |
| 4820 - Kerberos TGT was denied as the device does not meet the access control restrictions. | |
| ------ |
| Data Classification: Done? | |
| Any compliances applicable? Yes, then which one? | |
| Meeting the compliance requirements and standards? | |
| Sensitive Data Classification? | |
| Who has the access to what data? | |
| Access Controls? What Roles, Profiles and Permissions? | |
| Coding Standards? | |
| Static Scanning of Code? | |
| Data Loss Protection Enabled? | |
| 2FA/SSO Enabled? |
| ##, | |
| .##* | |
| ### | |
| ### | |
| (##(, ###* | |
| /###### #. # #( ###* | |
| .###########. %@ ###/ ### | |
| ####.########/ @@ ####. #### |
First we install the following packages to use the openscap command-line tool: sudo apt-get install libopenscap8 python-openscap
We will also install the SCAP security guide: sudo apt install ssg-base ssg-debderived ssg-debian ssg-nondebian ssg-applications
| Retrieves all of the trust relationships for this domain - Does not Grab Forest Trusts | |
| ([System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()).GetAllTrustRelationships() | |
| Grab Forest Trusts. | |
| ([System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()).GetAllTrustRelationships() | |
| # Source: https://github.com/ashishsecdev/Wazuh-Inventory-Automation/blob/main/Wazuh_Automation.py | |
| import requests | |
| import json | |
| import csv | |
| url = "http://Wazuh-Endpoint.com:PortNumber" | |
| agentNames = "/agents" | |
| URL = url + agentNames |
