RSA NetWitness. Disable AD accounts and add Domains to a Proxy block list with a mouse click. Examples and code

This article is aimed to demonstrate the flexibility of the RSA Netwitness solution by showcasing some simple mouse click response activities. The first example demonstrates the disablement of Active Directory Domain User Accounts using just one mouse click. The second example use a similar approach to add domains to a proxy blacklist.  All necessary commands, settings and code are provided at the bottom of the article. I hope you will find this useful and if you have any comments or suggestions please let me know.

Example 1. Mouse Click Active Directory User Account Disablement

Brief infra overview:

  • 192.168.1.111 – NW Server & Packet Hybrid
  • 192.168.1.119 – NW ESA & Log decoder
  • 192.168.1.130 – Windows 2012 DC with domain RSA.LAB
  • 192.168.1.131 – Centos Apache, PHP & Squid Proxy installation

Screenshot overview:

1

2

3

 

4

5

Example 2. Mouse Click Proxy Blacklist Domain Activity

Brief infra overview:

  • 192.168.1.111 – NW Server & Packet Hybrid (RSA internal demo VM)
  • 192.168.1.119 – NW ESA & Log decoder (RSA internal demo VM)
  • 192.168.1.130 – Windows 2012 DC with domain RSA.LAB
  • 192.168.1.131 – Centos Apache, PHP & Squid Proxy installation

Screenshot overview:

6

7

8

9

10

If you like replicate this setup please leave a comment or send me a message and I will send you all required setup & config files.

 

Geplaatst op september 25, 2016, in RSA NetWitness. Markeer de permalink als favoriet. Een reactie plaatsen.

Geef een reactie

Vul je gegevens in of klik op een icoon om in te loggen.

WordPress.com logo

Je reageert onder je WordPress.com account. Log uit / Bijwerken )

Twitter-afbeelding

Je reageert onder je Twitter account. Log uit / Bijwerken )

Facebook foto

Je reageert onder je Facebook account. Log uit / Bijwerken )

Google+ photo

Je reageert onder je Google+ account. Log uit / Bijwerken )

Verbinden met %s

%d bloggers liken dit: