Halooooo – WindowsTechs.com

Configured KQL not working properly – CiscoISE event 60095 and 60098

Posted on August 30, 2023 by Halooooo

I have a default KQL below which is used to detect when Cisco ISE failed backup, it fires an alert in Sentinel.
But it is not working as expected – it does fire an alert, but returning a timestamp only.
Nonetheless, I can see it is also su… Continue reading Configured KQL not working properly – CiscoISE event 60095 and 60098→

ICMP timestamp – firewall configured to drop timestamp request, but vulnerability scanner can send request and get a response

Posted on February 7, 2023 by Halooooo

We use an external scanner (Qualys) to scan our external assets. We have a firewall in front of the external assets, but it is configured to whitelist the scanner so that the external assets get scanned in-depth. But the firewall is also c… Continue reading ICMP timestamp – firewall configured to drop timestamp request, but vulnerability scanner can send request and get a response→