PowerShell script to retrieve security-related events

PowerShell script to retrieve security-related events from the Windows Event Log, specifically from the Security log.

# Define the log name and security-related event IDs (adjust as needed)
$logName = “Security”
$securityEventIDs = @(4624, 4625, 4672, 4688, 4634, 4648, 4768, 4776) # Common security event IDs

# Get security events from the Windows Event Log
$securityEvents = Get-WinEvent -LogName $logName -MaxEvents 50 | Where-Object { $_.Id -in $securityEventIDs }

# Display the results
if ($securityEvents) {
foreach ($event in $securityEvents) {
Write-Output “———————————-”
Write-Output “Time: $($event.TimeCreated)”
Write-Output “Event ID: $($event.Id)”
Write-Output “Message: $($event.Message)”
}
} else {
Write-Output “No security events found.”
}

Event ID Description
4624 Successful login
4625 Failed login
4672 Special privileges assigned (admin logins)
4688 A new process was created
4634 Logoff event
4648 Explicit credential logon (RunAs)
4768 Kerberos authentication (TGT request)
4776 NTLM authentication attempt
[mai mult...]

PowerShell script to retrieve VPN events

PowerShell script to retrieve VPN events from the Windows Event Log. It focuses on events related to VPN connections (RAS and IKEv2).

# Define the log name and event IDs for VPN connections
$logName = “Application”
$vpnEventIDs = @(20225, 20226, 20227, 20255) # Example VPN event IDs

# Retrieve VPN connection events from the Event Log
$vpnEvents = Get-WinEvent -LogName $logName | Where-Object { $_.Id -in $vpnEventIDs }

# Display the results
if ($vpnEvents) {
foreach ($event in $vpnEvents) {
Write-Output “———————————-”
Write-Output “Time: $($event.TimeCreated)”
Write-Output “ID: $($event.Id)”
Write-Output “Message: $($event.Message)”
}
} else {
Write-Output “No VPN events found.”
}

  • Queries the Windows Event Log for VPN-related events
  • Filters based on event IDs typically associated with VPN connections
  • Displays relevant event details.
[mai mult...]

Configurate Bypass Rspamd step by step

Bypassing Rspamd for specific emails, domains, or users requires configuring whitelisting rules and scoring adjustments in Rspamd’s configuration files. Here’s a step-by-step guide to configuring a bypass in Rspamd:

Step 1: Access the Rspamd Configuration Directory

  1. Connect to your server via SSH:

sh

CopyEdit

ssh user@yourserver

2. Navigate to the Rspamd configuration directory:

sh

CopyEdit

cd /etc/rspamd/

Step 2: Whitelist an Email or Domain

To bypass Rspamd filtering for specific senders or domains:

  1. Open the whitelist configuration file (create if it doesn’t exist):

sh

CopyEdit

sudo nano /etc/rspamd/local.d/whitelist_sender.map

2. Add the emails or domains you want to bypass (one per line):

pgsql

CopyEdit

user@example.com

@trusted-domain.com

3. Save and exit (CTRL + X, then Y, then Enter).

4. Now, link this whitelist to Rspamd filtering:

sh

CopyEdit

sudo nano /etc/rspamd/local.d/settings.conf

5. Add the following configuration:

yaml

CopyEdit

whitelist {

priority = “high”;

from = “/etc/rspamd/local.d/whitelist_sender.map”;

apply {

symbols_disabled = [“ALL”];

groups_disabled = [“antivirus”, “antiphishing”, “antispam”];

}

}

 6. Save and exit.

Step 3: Disable Scoring for Whitelisted Senders

If you want to ensure that whitelisted senders have zero spam score:

  1. Edit the scores configuration file:

sh

CopyEdit

sudo nano /etc/rspamd/local.d/metrics.conf

 2. Add:

yaml

CopyEdit

whitelist {

id = “whitelist”;

score = -100;

description = “Whitelisted sender, bypass Rspamd checks”;

}

3. Save and exit.

Step 4: Restart Rspamd

After making changes, restart Rspamd to apply them:

sh

CopyEdit

sudo systemctl restart rspamd

Step 5: Verify the Configuration

To check if the bypass is working:

sh

CopyEdit

rspamc symbols test-email@example.com

  • If the whitelisted sender is working, the spam score should be low or zero.
[mai mult...]

Microsoft calendar configuration step by step

Microsoft Calendar (Outlook Calendar) in different scenarios:

1. Accessing Microsoft Calendar (Outlook Calendar)

For Web Users (Outlook.com)

  1. Go to Outlook.com
  2. Sign in with your Microsoft account
  3. Click on the Calendar icon on the left panel.

For Windows Outlook (Desktop App)

  1. Open Microsoft Outlook
  2. Click on File > Account Settings > Account Settings
  3. Under the Email tab, ensure your email account is set up
  4. Click on Calendar in the navigation bar.

For Microsoft Teams

  1. Open Microsoft Teams
  2. Click on Calendar in the left menu
  3. Ensure it syncs with your Outlook Calendar.

2. Adding and Syncing Calendars

Adding a New Calendar

  1. Open Outlook Calendar
  2. Click on Add Calendar > Create New Calendar
  3. Name the calendar and select a color
  4. Click Save.

Syncing with Google Calendar

  1. Open Outlook Web
  2. Click Add Calendar > Add Personal Calendars
  3. Select Google and sign in to your Google account
  4. Allow access and sync.

3. Sharing your Calendar

  1. Open Outlook Calendar
  2. Click Share (top-right corner)
  3. Enter the email of the person to share with
  4. Select permissions (View, Edit, etc.)
  5. Click Send.

4. Configuring Notifications & Reminders

  1. Open Settings in Outlook.
  2. Go to Calendar Settings.
  3. Enable Email or Pop-up notifications for events.

5. Connecting Microsoft Calendar to Mobile Devices

On Android

  1. Install the Outlook app from the Play Store
  2. Sign in with your Microsoft account
  3. Go to Settings > Accounts > Sync Calendar.

On iPhone

  1. Open Settings > Calendar > Accounts
  2. Tap Add Account > Outlook
  3. Sign in and enable Calendar Sync.
[mai mult...]

Configurarea Active Backup for business pe Synology NAS

1. Instalarea Active Backup for Business

Pentru a configura Active Backup for Business pe un Synology NAS, urmați acești pași:

  1. Autentificare în DSM
    • Conectați-vă la DSM (DiskStation Manager) al Synology NAS
  2. Deschiderea Package Center
    • Accesați Package Center din meniul principal
  3. Instalarea Active Backup for Business
    • Căutați Active Backup for Business și instalați aplicația

2. Activarea Serviciului

  1. Deschideți Active Backup for Business din meniul DSM
  2. Accesați Settings > Enable Active Backup for Business Service
  3. Configurați destinația de backup (un folder partajat pe NAS)

3. Adăugarea Dispozitivelor pentru Backup

Active Backup for Business permite backup pentru:

  • PC-uri și servere Windows
  • Mașini virtuale (VMware/Hyper-V)
  • Servere de fișiere (SMB/NFS)

Backup pentru PC-uri și Servere Windows

  1. Accesați tab-ul PC sau Physical Server
  2. Faceți clic pe Add Device și descărcați Active Backup for Business Agent
  3. Instalați agentul pe dispozitivul Windows
  4. Introduceți adresa IP a NAS-ului și autentificați-vă
  5. Configurați politica de backup (sistem complet, partiție sau fișiere specifice).

Backup pentru Mașini Virtuale (VMware/Hyper-V)

  1. Accesați tab-ul Virtual Machine
  2. Faceți clic pe Add VMware vSphere/Hyper-V
  3. Introduceți creditele de autentificare și configurați backup-ul

Backup pentru Servere de fișiere

  1. Accesați tab-ul File Server
  2. Adăugați sursa de date SMB/NFS și setați programul de backup

4. Configurarea Programului de Backup și a Politicilor de Retenție

  1. Alegeți frecvența backup-ului (manual, programat sau continuu)
  2. Stabiliți politicile de retenție (numărul de versiuni de backup păstrate)
  3. Activați deduplicarea globală pentru optimizarea spațiului.

5. Monitorizarea și Restaurarea Backup-urilor

  • Utilizați Active Backup for Business Portal pentru restaurarea fișierelor, sistemelor sau mașinilor virtuale.
  • Creați medii de recuperare bootabile pentru restaurarea rapidă a dispozitivelor avariate.
[mai mult...]

How to Configure an iSCSI LUN on a Synology NAS

Setting up an iSCSI LUN on your Synology NAS allows you to provide network-based storage to servers and virtual machines efficiently. This guide walks you through the step-by-step process using Synology’s Storage Manager.

Step 1: Log in to Synology DSM
  1. Open a web browser and access your Synology NAS by entering its IP address
  2. Log in using your administrator credentials
Step 2: Open Storage Manager
  1. Once logged in, navigate to Storage Manager
  2. In the left sidebar, click on the iSCSI section
Step 3: Create an iSCSI LUN
  1. Click Create and select iSCSI LUN
  2. Choose a LUN type:
    • Regular LUN – standard allocation method
    • Advanced LUN – uses copy-on-write technology for better snapshot efficiency
  3. Enter a LUN Name
  4. Select the RAID Volume where the LUN will be stored
  5. Specify the capacity for the LUN
  6. Choose the allocation method:
    • Thin Provisioning (saves storage space but allows over-allocation)
    • Thick Provisioning (pre-allocates the full space immediately)
  7. Click Next to continue.
Step 4: Create an iSCSI Target
  1. Choose whether to create a new iSCSI Target or attach the LUN to an existing target
  2. Enter a Target Name
  3. (Optional) Enable CHAP Authentication for security
  4. Configure IQN (iSCSI Qualified Name) if required
  5. Click Next.
Step 5: Review and Apply Settings
  1. Review all the settings configured in the previous steps
  2. Click Apply to create the iSCSI LUN
Step 6: Connect LUN to a Server

After creating the LUN, you need to connect it to a server or virtual machine

  1. On your server (Windows/Linux/ESXi), open the iSCSI Initiator
  2. Enter the Synology NAS IP address to discover available iSCSI targets
  3. Connect to the iSCSI LUN
  4. If required, format the LUN to prepare it for use.
[mai mult...]

What is Microsoft Defender ATP used for?

Microsoft Defender Advanced Threat Protection (ATP), now rebranded as Microsoft Defender for Endpoint, is a comprehensive security solution designed to protect organizations against advanced cyber threats.

1. Endpoint Protection

  • Purpose: Protects devices such as desktops, laptops, and servers from malware, ransomware, and other security threats.
  • Key Features:
    • Real-time threat detection and response.
    • Advanced antivirus and anti-malware capabilities.
    • Cloud-based threat intelligence for up-to-date protection.

2. Threat Detection and Response

  • Purpose: Identifies and mitigates threats that have bypassed traditional security measures.
  • Key Features:
    • Behavioral analytics to detect suspicious activities.
    • Automated investigation and remediation of incidents.
    • Alerts for anomalies, such as lateral movement or privilege escalation.

3. Attack Surface Reduction

  • Purpose: Reduces potential entry points for attackers by hardening endpoints.
  • Key Features:
    • Application control to prevent unauthorized programs from running.
    • Exploit protection to block vulnerability exploitation.
    • Device and application configurations that minimize risk.

4. Endpoint Detection and Response (EDR)

  • Purpose: Provides deep visibility into endpoint activities for proactive threat hunting.
  • Key Features:
    • Centralized dashboard for monitoring and responding to threats.
    • Historical data analysis for understanding attack paths.
    • Integration with SIEM and SOAR tools for advanced workflows.

5. Vulnerability Management

  • Purpose: Identifies and prioritizes vulnerabilities in an organization’s devices and applications.
  • Key Features:
    • Continuous vulnerability assessment.
    • Recommendations for patching and configuration changes.
    • Insights into software weaknesses and exposure risks.

6. Integration with Microsoft Security Ecosystem

  • Purpose: Works seamlessly with other Microsoft 365 and Azure security tools.
  • Key Features:
    • Collaboration with Microsoft 365 Defender suite (email, identity, and apps protection).
    • Integration with Azure Sentinel for unified threat management.
    • Leveraging Microsoft Threat Intelligence for enhanced protection.

7. Incident Response Support

  • Purpose: Streamlines and accelerates responses to detected incidents.
  • Key Features:
    • Automated workflows to contain threats, such as isolating devices.
    • Step-by-step remediation guidance for security teams.
    • Collaboration features for incident investigation and resolution.

8. Compliance and Reporting

  • Purpose: Ensures adherence to security and privacy regulations.
  • Key Features:
    • Audit logs and forensic capabilities.
    • Reporting tools for compliance and security posture.
    • Risk assessment dashboards to track and improve endpoint security.

Who Should Use Microsoft Defender ATP?

  • Enterprises and SMBs: Organizations needing robust endpoint protection and threat detection.
  • IT Security Teams: Professionals seeking advanced tools for threat hunting and incident response.
  • Compliance-Focused Organizations: Businesses needing to meet regulatory and security standards.

Key Benefits

  • Comprehensive Coverage: Defends against a wide range of threats, from malware to sophisticated cyberattacks.
  • Cloud-Powered Intelligence: Leverages global threat data for proactive defense.
  • Seamless Integration: Works well within Microsoft environments and enhances overall security posture.
[mai mult...]

What are Dynamics 365 Apps best suited for?

Who Should Use Dynamics 365 Apps?

  • Businesses looking to streamline operations and improve efficiency.
  • Organizations seeking to enhance customer engagement and satisfaction.
  • Companies that want to make data-driven decisions.
  • Teams looking for unified platforms that integrate with other Microsoft tools.

Each app can be deployed individually or together, allowing businesses to tailor the solution to their specific needs.

Dynamics 365 is a suite of business applications offered by Microsoft, designed to help organizations manage and improve their operations, customer relationships, and business processes. Each app within Dynamics 365 is tailored for a specific purpose or department, making it versatile across industries and company sizes.

1. Dynamics 365 Sales

  • Purpose: Helps sales teams manage leads, opportunities, and customer relationships.
  • Good For:
    • Tracking customer interactions.
    • Managing sales pipelines and forecasts.
    • Gaining insights into customer needs using AI.
    • Closing deals faster with integrated workflows.

2. Dynamics 365 Customer Service

  • Purpose: Enhances customer service experiences through personalized and efficient support.
  • Good For:
    • Managing customer inquiries across multiple channels (email, chat, phone, etc.).
    • Empowering agents with knowledge bases and AI-driven insights.
    • Resolving issues quickly with case management and automated workflows.

3. Dynamics 365 Marketing

  • Purpose: Helps organizations create, execute, and track marketing campaigns.
  • Good For:
    • Designing and automating customer journeys
    • Managing email campaigns, social media, and events
    • Aligning sales and marketing teams with shared data
    • Generating leads and nurturing them effectively

4. Dynamics 365 Field Service

  • Purpose: Optimizes field operations by connecting field technicians, resources, and customers.
  • Good For:
    • Scheduling and dispatching technicians efficiently
    • Managing work orders and service agreements
    • Providing real-time guidance to technicians via mobile apps
    • Enhancing customer satisfaction with proactive service

5. Dynamics 365 Finance

  • Purpose: Helps manage financial operations and streamline global financial management.
  • Good For:
    • Financial reporting and analysis
    • Automating accounts payable and receivable processes
    • Managing budgets, forecasting, and compliance
    • Supporting multi-currency and multi-entity organizations

6. Dynamics 365 Supply Chain Management

  • Purpose: Improves supply chain operations and inventory management.
  • Good For:
    • Streamlining procurement, manufacturing, and distribution
    • Enhancing warehouse and logistics operations
    • Managing inventory levels with real-time visibility
    • Reducing disruptions through predictive analytics

7. Dynamics 365 Human Resources

  • Purpose: Supports HR teams in managing employee experiences and processes.
  • Good For:
    • Tracking employee data, leave, and performance
    • Streamlining recruitment and onboarding processes
    • Offering self-service portals for employees and managers
    • Driving employee engagement and development

8. Dynamics 365 Commerce

  • Purpose: Unifies e-commerce, in-store, and call center experiences.
  • Good For:
    • Managing online and offline retail operations
    • Personalizing shopping experiences for customers
    • Integrating inventory and sales data across channels
    • Analyzing customer behaviors and sales trends

9. Dynamics 365 Project Operations

  • Purpose: Helps businesses manage projects from start to finish.
  • Good For:
    • Planning and allocating resources effectively
    • Tracking project progress and costs
    • Collaborating across teams
    • Ensuring timely project delivery and profitability

10. Dynamics 365 Business Central

  • Purpose: All-in-one ERP solution for small to medium-sized businesses (SMBs).
  • Good For:
    • Financial management, supply chain, and customer service in one platform
    • Supporting SMBs with scalability and affordability
    • Integrating seamlessly with other Microsoft 365 tools

Key Benefits Across All Apps:

  • Integration: All apps integrate seamlessly with Microsoft 365 tools like Excel, Word, Teams, and Power BI
  • Customization: Apps can be customized to fit industry-specific needs
  • Scalability: Designed to grow with your business
  • AI and Insights: Many apps include AI-driven recommendations and analytics.
[mai mult...]

The Identity menu in Office 365

1. User and Group Management

  • Purpose: Manage identities of employees, contractors, and other users in your organization.
  • Features:
    • Add, delete, or modify user accounts.
    • Assign users to groups for streamlined access management.
    • Manage group memberships and roles.
    • Provision and manage guest users for collaboration with external parties.

2. Authentication and Access Control

  • Purpose: Secure how users sign in and access organizational resources.
  • Features:
    • Single Sign-On (SSO): Allow users to access multiple apps and services with a single set of credentials.
    • Multi-Factor Authentication (MFA): Add an extra layer of security by requiring additional verification (e.g., SMS codes, app-based authentication, biometrics).
    • Password Policies: Set rules for password complexity, expiration, and self-service password reset.

3. Conditional Access

  • Purpose: Control access to resources based on user location, device, or risk level.
  • Features:
    • Define policies that restrict access under certain conditions (e.g., block sign-ins from specific countries or unmanaged devices).
    • Enforce session controls for cloud apps to monitor and manage active sessions.
    • Integrate risk-based decisions (e.g., block or challenge high-risk sign-ins).

4. Identity Protection

  • Purpose: Detect and respond to identity-related risks.
  • Features:
    • Monitor suspicious sign-in activities (e.g., impossible travel or sign-ins from unusual IPs).
    • Automate responses to high-risk activities (e.g., enforce password reset or block sign-ins).
    • Track user risk and sign-in risk to identify vulnerabilities.

5. Role-Based Access Control (RBAC)

  • Purpose: Grant users only the permissions they need based on their job role.
  • Features:
    • Assign roles like Global Administrator, User Administrator, or Billing Administrator.
    • Limit over-provisioning of access to sensitive data or management tools.

6. Application Management

  • Purpose: Manage user access to third-party and Microsoft 365 apps.
  • Features:
    • Integrate enterprise applications with Azure AD for SSO.
    • Control which users or groups can access specific applications.
    • Monitor app usage with reports and logs.

7. Privileged Identity Management (PIM)

  • Purpose: Manage and secure privileged accounts with elevated access.
  • Features:
    • Enable just-in-time access to critical roles to minimize exposure.
    • Require approval workflows for accessing privileged roles.
    • Monitor and audit privileged role usage.

8. Self-Service Capabilities

  • Purpose: Empower users to manage their identities while reducing administrative overhead.
  • Features:
    • Self-Service Password Reset (SSPR): Let users reset their passwords without administrator intervention.
    • Self-service group management: Allow users to create and manage their own groups.

9. Identity Governance

  • Purpose: Ensure compliance and manage lifecycle processes for user identities.
  • Features:
    • Automate access reviews to ensure users have appropriate permissions.
    • Manage access lifecycles for external and internal users.
    • De-provision users when they leave the organization or a project.

10. Reporting and Monitoring

  • Purpose: Gain visibility into identity-related activities and security threats.
  • Features:
    • Access audit logs for user and admin activities.
    • View reports on sign-ins, application usage, and risky activities.
    • Leverage advanced monitoring through integration with Microsoft Sentinel or other tools.

Benefits of the Identity Menu:

  • Centralized identity and access management for users and applications.
  • Improved security through MFA, conditional access, and risk-based policies.
  • Enhanced user productivity with seamless SSO and self-service tools.
  • Regulatory compliance with access controls and reporting.
[mai mult...]

The Compliance menu in Microsoft Office 365

1. Data Loss Prevention (DLP)

  • Purpose: Prevent sensitive information (e.g., credit card numbers, Social Security numbers, or other personal data) from being shared accidentally or maliciously.
  • Features:
    • Policies to detect and block sensitive information.
    • Alerts and reports to track potential data breaches.
    • Integration with Microsoft Teams, SharePoint, Exchange, and OneDrive.

2. Information Protection and Governance

  • Purpose: Protect sensitive data and ensure proper retention and deletion of information.
  • Features:
    • Sensitivity Labels: Classify and protect content with labels that control access and permissions.
    • Retention Policies: Set up rules to retain or delete data based on organizational needs or legal obligations.
    • Records Management: Manage document lifecycles, including classifying content as records.

3. Insider Risk Management

  • Purpose: Detect, investigate, and respond to risky user behavior within the organization.
  • Features:
    • Monitor activities like data exfiltration or unusual file sharing.
    • Assess risks based on customizable policies.
    • Provide alerts and automated workflows for investigation.

4. eDiscovery (Electronic Discovery)

  • Purpose: Identify, collect, and export data for legal cases or internal investigations.
  • Features:
    • Content Search: Search for content across mailboxes, Teams, SharePoint, and more.
    • eDiscovery Cases: Manage legal cases and hold specific data for litigation purposes.
    • Audit Logs: Track user activity to verify compliance.

5. Audit and Insights

  • Purpose: Monitor user activity and compliance across the organization.
  • Features:
    • Audit Log Search: Comprehensive logging of activities like file access, email sending, and sharing.
    • Compliance Score: Assess your organization’s compliance posture and receive recommendations for improvement.

6. Communication Compliance

  • Purpose: Monitor and manage communication channels for regulatory compliance and acceptable use.
  • Features:
    • Automatically flag inappropriate or non-compliant communications in Teams, Exchange, etc.
    • Manage workflows for reviewing flagged content.
    • Protect against harassment, sensitive data sharing, or insider trading risks.

7. Advanced Threat Protection (ATP)

  • Purpose: Protect against threats to data security.
  • Features:
    • Safeguard email and collaboration platforms from phishing, malware, or ransomware attacks.
    • Apply adaptive risk-based controls.

8. Data Residency and Sovereignty

  • Purpose: Ensure that data resides within specific geographic boundaries to meet legal and regulatory requirements.
  • Features:
    • Geolocation-based policies.
    • Support for multi-national organizations.

Benefits of the Compliance Menu:

  • Centralized management of compliance tasks.
  • Enhanced security and risk mitigation.
  • Simplified data governance.
  • Assurance of regulatory adherence, such as GDPR, HIPAA, or CCPA compliance.
[mai mult...]