|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [ISSForum] TCL scripts for fusion module
From: CAUSEY, David (davidc
lmi.org)
Date: Mon Jul 18 2005 - 11:34:00 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I have written them for:
-Locked AD account
-Global/Local group user added/removed
-Login Failure
-Password Change Success/Failure
-RDP Login Audit
-User Acct Created / Deleted
-Server Sensor service stopped (sends me an email to tell me who stopped
it. I never got it working right though. Since it is the ISS services
that are being stopped, the scripts don't have a chance to complete.)
Most of these send me the user name (i.e. User name JSMITH added RJONES
to ACCOUNTING group) because most of what I needed to know was in that
field. All of the TCL scripts had to be different though.
If you send me your TCL script I can test it for you. ISS also has a
util called TCLTESTER which works pretty well for testing scripts in a
pseudo-ISS environment.
David
-----Original Message-----
From: Mendetta, Michael L [mailto:michael.l.mendettalmco.com]
Sent: Monday, July 18, 2005 9:17 AM
To: Mendetta, Michael L; CAUSEY, David; issforumiss.net
Subject: RE: [ISSForum] TCL scripts for fusion module
I have written a script only for the user account created event in a
server sensor policy. I want to wait to get it working before I go
trying to write any more.
Michael Mendetta
CS Security Analyst
LM EIS
-----Original Message-----
From: issforum-bouncesiss.net [mailto:issforum-bouncesiss.net] On
Behalf Of Mendetta, Michael L
Sent: Friday, July 15, 2005 7:08 AM
To: CAUSEY, David; issforumiss.net
Subject: Re: [ISSForum] TCL scripts for fusion module
What have you written scripts for?
Michael Mendetta
CS Security Analyst
LM EIS
-----Original Message-----
From: CAUSEY, David [mailto:davidclmi.org]
Sent: Thursday, July 14, 2005 5:00 PM
To: Mendetta, Michael L; issforumiss.net
Subject: RE: [ISSForum] TCL scripts for fusion module
If I understand your question, yes, I have written some. What do you
need? Email me offline if you want.
David
dcauseylmi.org
-----Original Message-----
From: issforum-bouncesiss.net [mailto:issforum-bouncesiss.net] On
Behalf Of Mendetta, Michael L
Sent: Wednesday, July 13, 2005 1:25 PM
To: issforumiss.net
Subject: [ISSForum] TCL scripts for fusion module
Has anyone written/used TCL scripts in a server-sensor policy for use
with the fusion module to provide more granular filtering?
Michael Mendetta
CS Security Analyst
LM EIS
_______________________________________________
ISSForum mailing list
ISSForumiss.net
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to mod-issforumiss.net
The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
_______________________________________________
ISSForum mailing list
ISSForumiss.net
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to mod-issforumiss.net
The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
_______________________________________________
ISSForum mailing list
ISSForumiss.net
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to mod-issforumiss.net
The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]