7696081846

7696081846



ilienvault

■ creators of ossirr

1 Introduction

We are using WMI to remotely collect Microsoft Windows events and data in an agent-less way. To get these logs to the AlienVault Unified SIEM (OSSIM) you have to configure a few things on OSSIM and also on the Windows machines if you want morę security. We are using WMI to remotely collect Microsoft Windows events and data in an agentless way. To get these logs to the AlienVault Unified SIEM (OSSIM) you have to configure a few things on OSSIM and also on the Windows machines if you want morę security.

2 Configure Windows

In any case you should create a separated limited user on Windows for security reason. Don't use the administrator account in an productive environment just use it for testing. In this scenario I created a limited user called wmiuser with the password wmi. To give that limited user access to remotely login and for capturing the logs, we have to configure a few permissions in the DCOM settings. To enable the using of SDEE you must have direct access to Cisco device and also administrator credentials to change configuration. Follow the next steps:

2.1. Grant DCOM remote launch and activate permissions for the new user

1.    Click Start, click Run, type DCOMCNFG, and then click OK.

2.    In the Component Services dialog box, expand Component Services, expand Computers, and then right-dick My Computer and click Properties.

3.    Go to My ComputerDD Properties dialog box, click the COM Security tab.

4.    Under Launch and Activation Permissions (picture 1), click Edit Limits.

5.    In the Launch Permission dialog box, follow these steps to add our "wmiuser" user:

6.    In the Launch Permission dialog box, click Add.

7.    In the "Select Users, Computers, or Groups" dialog box, add your name in the "Enter the object names to select" box, and then click OK.

8.    In the Launch Permission dialog box, select our user in the "Group or user names" box. In the Allow column under Permissions for User, select Remote Launch, Local Activation and Remote Activation, and then click OK.

ujujuj. VQult.com



Wyszukiwarka

Podobne podstrony:
ilienvault■ creators of ossirr7 Troubleshooting 7.1 How to check if you have a connection with the W
ilienvault ■ creators of ossirr m __ 25SSK SSSSŁ- c ■ tg □ S
olierwouU■ creators of ossirr4 wmi-security-logger.cfg ;; wmi tesCing plugin ;; Warning: evenCs will
Topological Asymptotic Expansion of the Shape Functional Now we are in position to establish the asy
520 J. Giergiel, W. Żylski 4. Comments and conclusions In the problem of dynamics of mobile robots,
JCTóOO & Mercedes-BenzThe history of our relationship At JCTóOO we are incredibly proud to be tr
165 K. Inoue et al. drical ceramic. We are also designing another disk-type RF window. We will test
Feeling nostalgie? Great! You’ve come to the right place. We are passionately dedicated to learning
Usc tlić phrascs to complctc (lic scntcnccs bclow. I. We are taught how to
284 JANUSZ KRUK are obviously wrong in the light of natural Sciences. Views are current according to
DSC01478 (4) Pilotaż pełnomorski — istotne pytania What hours do Deep Sea Pil ols work? We are suppo
Using ipconfig to Troubleshoot IF Addressing Windows XP Professional provides ipconfigto view TCP/IP
f21 27 Information a IY6017 We are now using Example 11
00159 ?4c16223a2d3f0de1b2dffe62c6e97a 160 McWilliams Introduction Control charts are widely used to
00360 Zf345dd7a4cd0dcee5807a96535464f 364 Obenchain Introduction We describe ways to use cost-of-po
14 Introduction Analysing the phenomena related to various aspects of child language lear-ning, we c

więcej podobnych podstron