Machine learning (ML) in the context of Google Admin Center (part of Google Workspace/Google Admin Console) operates primarily behind the scenes to enhance productivity, security, and administrative efficiency. While the Admin Center itself is focused on managing users, devices, and policies, many of its intelligent features—such as security alerts, threat detection, and automation—are powered by ML models developed and maintained by Google.

Key Ways Machine Learning Is Used

• Security and Threat Detection

  • ML models analyze activity patterns across user accounts and devices to detect suspicious behavior, such as phishing attempts, unauthorized access, or malware distribution. These models are trained on vast datasets to recognize anomalies and alert administrators in real time, helping to prevent security breaches.

  • The spam detection system in Gmail, accessible and manageable via Google Admin Center, is a prominent example. Initially rule-based, it now uses ML (including TensorFlow) to dynamically identify and filter spam, adapting quickly to new threats.

• Automated Policy Recommendations

  • ML can suggest security or compliance policy changes based on observed usage patterns and emerging risks. For example, if a particular group of users is frequently targeted by phishing, the system may recommend stricter authentication policies.

• Productivity Enhancements

  • Features like “Quick Access” in Google Drive use ML to predict and surface files users are likely to need, based on their activity, time of day, and collaboration patterns. These predictions help users and admins find information faster, reducing overhead.

  • In apps managed through Google Admin Center, ML powers smart features such as Smart Reply in Gmail, Explore in Docs/Sheets/Slides, and automated meeting scheduling, all designed to streamline workflows and reduce repetitive tasks.

• Generative AI Integration

  • Newer generative AI tools (like Gemini) are being integrated into Google Workspace apps. These tools assist with drafting content, summarizing data, and automating complex workflows, with privacy and data protection controls managed through the Admin Center.

How Machine Learning Is Implemented

• Model Training and Deployment

  • Google’s ML models are trained on large, anonymized datasets using cloud-based infrastructure. The process involves data preparation, model training, deployment, and ongoing monitoring to ensure accuracy and adapt to new threats or usage patterns.

  • For custom ML workflows (e.g., for organizations building their own models), Google Cloud offers tools like Vertex AI, which supports the full ML lifecycle: data preparation, training, deployment, and monitoring. While this is more relevant for advanced use cases, it is integrated with Google’s broader administrative and security ecosystem.

• Continuous Learning and Adaptation

  • ML systems in Google Admin Center are continuously updated to learn from new data and improve over time. For example, spam filters and threat detection models are regularly retrained to recognize new attack vectors.

[mai mult...]

Google Workspace (formerly G Suite) provides robust spam filtering tools that can be customized and managed through the Google Admin console.

Accessing Spam Filter Settings

1. Sign in to the Google Admin console using your administrator account.

2. Navigate to:

   • Menu → Apps → Google Workspace → Gmail → Spam, Phishing, and Malware.

3. On the left, select the organizational unit (OU) you want to configure. Settings can be applied at the domain or OU level.

Configuring Spam Filtering Options

• Click Configure or Add another rule in the Spam section.

• In the Add setting box, enter a unique name for your spam filter rule.

• Choose from various spam filtering options, such as:

  • Adjusting the aggressiveness of spam detection.

  • Creating content compliance rules.

  • Setting actions for detected spam (quarantine, delete, modify subject, etc.).

Allowlisting (Whitelisting) and Blocklisting

• Email Allowlist: To ensure emails from specific IPs, domains, or addresses are never marked as spam, use the allowlist option:

  • Click on Email allowlist and enter the IP addresses or domains to always allow.

  • Save your settings.

• Blocked Addresses: Specify addresses or domains you want to block. You can also configure whether to notify senders when their emails are rejected.

Bypassing Spam Filters for Approved Senders

• To bypass spam filters for messages from certain senders or domains:

  • In the Spam section, click Configure or Add another rule.

  • Check the boxes for “Bypass spam filters for messages from senders or domains in selected lists” and “Bypass spam filters and hide warnings for messages from senders or domains in selected lists”.

  • Assign an existing list or create a new address list for these senders or domains.

  • Save the rule and allow up to 24 hours for propagation.

Advanced Spam Filtering Options

• Enhanced Pre-delivery Message Scanning: Enable this to allow Google to perform additional scans on suspicious messages, which may introduce a short delivery delay but improves spam detection.

• Inbound Gateway: If using an external mail gateway, configure the inbound gateway settings to ensure proper spam evaluation and delivery. Add the gateway IPs and adjust header-based spam detection as needed.

• SPF, DKIM, DMARC: Implement these DNS records to improve your domain’s email authentication and reduce spam/phishing risks.

Monitoring and Reporting

• Use the Spam filter report in the Admin console to monitor spam activity, view quarantined messages, and adjust settings as needed.

[mai mult...]

1. Locate Customer ID Access the DFIR-IRIS dashboard using an administrator account, then go to Advanced > Customers and choose the customer you wish to integrate. Record the Customer ID.

2. Retrieve API Key Get the API key for the current DFIR-IRIS user by clicking on the username and choosing My settings. Copy this API key and keep it safe for integrating the Wazuh server.

3. Create and Configure the Integration Script

   • Create a script file named /var/ossec/integrations/custom-wazuh_iris.py and add the script to forward alerts to DFIR-IRIS.

   • Modify the script by setting the alert_source_link to the Wazuh dashboard IP address and the alert_customer_id to the ID of the customer as it appears on the DFIR-IRIS dashboard.

   • Set the ownership and permissions of the /var/ossec/integrations/custom-wazuh_iris.py file:

     bash

     chmod 750 /var/ossec/integrations/custom-wazuh_iris.py
chown root:wazuh /var/ossec/integrations/custom-wazuh_iris.py


4. Configure Wazuh Add the following configuration to the /var/ossec/etc/ossec.conf file to send alerts to DFIR-IRIS:

   xml

   <ossec_config>
<integration>
<name>custom-wazuh_iris.py</name>
<hook_url>https://<IRIS_IP_ADDRESS>/alerts/add</hook_url>
<level>7</level>
<api_key><IRIS_API_KEY></api_key>
<alert_format>json</alert_format>
</integration>
</ossec_config>


   Make sure to replace <IRIS_IP_ADDRESS> with the actual IP address of your IRIS instance and <IRIS_API_KEY> with your IRIS API key. You can adjust the <level> to the desired threshold for alerts.

5. Restart Wazuh Manager Restart the Wazuh manager to apply the changes.

   bash

   service wazuh-manager restart

[mai mult...]

1. Install the Wazuh server The Wazuh server is the central component that collects and analyzes data from Wazuh agents. It consists of the Wazuh manager and Filebeat. The Wazuh manager analyzes data and triggers alerts, while Filebeat forwards alerts and archived events to the Wazuh indexer.

1. • You’ll need root user privileges to run the commands.

   • Add the Wazuh repository:

     • For RPM-based systems (CentOS, Red Hat, etc.):

       bash

       rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH
echo -e '[wazuh]\ngpgcheck=1\ngpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH\nenabled=1\nname=EL-$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1' | tee /etc/yum.repos.d/wazuh.repo


     • For Debian-based systems (Ubuntu, Debian, etc.):

       bash

       apt-get install gnupg apt-transport-https
curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg
echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list
apt-get update


   • Install the Wazuh manager package using your system’s package manager.

   • Alternatively, use the Wazuh installation assistant:

     bash

     curl -sO https://packages.wazuh.com/4.11/wazuh-install.sh
bash wazuh-install.sh --wazuh-server <node_name>


     Replace <node_name> with the name used in config.yml.

   • Disable Wazuh updates to prevent accidental upgrades by executing the following commands:

     • For RPM-based systems:

       bash

       sed -i "s/^enabled=1/enabled=0/" /etc/yum.repos.d/wazuh.repo


     • For Debian-based systems:

       bash

       sed -i "s/^deb /#deb /" /etc/apt/sources.list.d/wazuh.list
apt update


2. Install the Wazuh indexer The Wazuh indexer is a scalable full-text search engine that provides security, alerting, and performance analysis.

   • First, generate SSL certificates:

     bash

     curl -sO https://packages.wazuh.com/4.11/wazuh-certs-tool.sh
curl -sO https://packages.wazuh.com/4.11/config.yml


   • Edit ./config.yml to replace node names and IPs.

   • Run the certificate tool:

     bash

     bash ./wazuh-certs-tool.sh -A


   • Compress the certificate files:

     bash

     tar -cvf ./wazuh-certificates.tar -C ./wazuh-certificates/ .
rm -rf ./wazuh-certificates


   • Copy the wazuh-certificates.tar file to all nodes.

   • Install any missing package dependencies:

     • For RPM-based systems:

       bash

       yum install coreutils


     • For Debian-based systems:

       bash

       apt-get install debconf adduser procps


   • Add the Wazuh repository (see step 1).

   • Install the Wazuh indexer package.

Install the Wazuh dashboard The Wazuh dashboard provides a web interface for visualizing and managing your security data.

1. • Install any missing packages:

     bash

     yum install libcap


   • Install the Wazuh dashboard package:

     bash

     yum -y install wazuh-dashboard


   • Configure the Wazuh dashboard by editing /etc/wazuh-dashboard/opensearch_dashboards.yml5.

   • Deploy the certificates:

     bash

     NODE_NAME=wazuh-demo
mkdir /etc/wazuh-dashboard/certs
tar -xf ./wazuh-certificates.tar -C /etc/wazuh-dashboard/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem
mv -n /etc/wazuh-dashboard/certs/$NODE_NAME.pem /etc/wazuh-dashboard/certs/dashboard.pem
mv -n /etc/wazuh-dashboard/certs/$NODE_NAME-key.pem /etc/wazuh-dashboard/certs/dashboard-key.pem
chmod 500 /etc/wazuh-dashboard/certs
chmod 400 /etc/wazuh-dashboard/certs/*
chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs
ll /etc/wazuh-dashboard/certs/


   • Enable and start the Wazuh dashboard service:

     bash

     systemctl daemon-reload
systemctl enable wazuh-dashboard --now


2. Install and configure Wazuh agents Deploy Wazuh agents to the endpoints you want to monitor. These agents collect data and send it to the Wazuh server for analysis.

3. Access the Wazuh web UI Open Kibana in your web browser and navigate to the Wazuh app to view dashboards and alerts.

After installing the Wazuh server and agents, you can monitor and manage your IT environment’s security, customize rules, analyze logs, and configure compliance policies.

[mai mult...]

PowerShell script to retrieve security-related events from the Windows Event Log, specifically from the Security log.

# Define the log name and security-related event IDs (adjust as needed)
$logName = “Security”
$securityEventIDs = @(4624, 4625, 4672, 4688, 4634, 4648, 4768, 4776) # Common security event IDs

# Get security events from the Windows Event Log
$securityEvents = Get-WinEvent -LogName $logName -MaxEvents 50 | Where-Object { $_.Id -in $securityEventIDs }

# Display the results
if ($securityEvents) {
foreach ($event in $securityEvents) {
Write-Output “———————————-”
Write-Output “Time: $($event.TimeCreated)”
Write-Output “Event ID: $($event.Id)”
Write-Output “Message: $($event.Message)”
}
} else {
Write-Output “No security events found.”
}

Event ID	Description

[mai mult...]

PowerShell script to retrieve VPN events from the Windows Event Log. It focuses on events related to VPN connections (RAS and IKEv2).

# Define the log name and event IDs for VPN connections
$logName = “Application”
$vpnEventIDs = @(20225, 20226, 20227, 20255) # Example VPN event IDs

# Retrieve VPN connection events from the Event Log
$vpnEvents = Get-WinEvent -LogName $logName | Where-Object { $_.Id -in $vpnEventIDs }

# Display the results
if ($vpnEvents) {
foreach ($event in $vpnEvents) {
Write-Output “———————————-”
Write-Output “Time: $($event.TimeCreated)”
Write-Output “ID: $($event.Id)”
Write-Output “Message: $($event.Message)”
}
} else {
Write-Output “No VPN events found.”
}

• Queries the Windows Event Log for VPN-related events
• Filters based on event IDs typically associated with VPN connections
• Displays relevant event details.

[mai mult...]

Bypassing Rspamd for specific emails, domains, or users requires configuring whitelisting rules and scoring adjustments in Rspamd’s configuration files. Here’s a step-by-step guide to configuring a bypass in Rspamd:

Step 1: Access the Rspamd Configuration Directory

1. Connect to your server via SSH:

sh

CopyEdit

ssh user@yourserver

2. Navigate to the Rspamd configuration directory:

sh

CopyEdit

cd /etc/rspamd/

Step 2: Whitelist an Email or Domain

To bypass Rspamd filtering for specific senders or domains:

1. Open the whitelist configuration file (create if it doesn’t exist):

sh

CopyEdit

sudo nano /etc/rspamd/local.d/whitelist_sender.map

2. Add the emails or domains you want to bypass (one per line):

pgsql

CopyEdit

user@example.com

@trusted-domain.com

3. Save and exit (CTRL + X, then Y, then Enter).

4. Now, link this whitelist to Rspamd filtering:

sh

CopyEdit

sudo nano /etc/rspamd/local.d/settings.conf

5. Add the following configuration:

yaml

CopyEdit

whitelist {

priority = “high”;

from = “/etc/rspamd/local.d/whitelist_sender.map”;

apply {

symbols_disabled = [“ALL”];

groups_disabled = [“antivirus”, “antiphishing”, “antispam”];

}

}

 6. Save and exit.

Step 3: Disable Scoring for Whitelisted Senders

If you want to ensure that whitelisted senders have zero spam score:

1. Edit the scores configuration file:

sh

CopyEdit

sudo nano /etc/rspamd/local.d/metrics.conf

 2. Add:

yaml

CopyEdit

whitelist {

id = “whitelist”;

score = -100;

description = “Whitelisted sender, bypass Rspamd checks”;

}

3. Save and exit.

Step 4: Restart Rspamd

After making changes, restart Rspamd to apply them:

sh

CopyEdit

sudo systemctl restart rspamd

Step 5: Verify the Configuration

To check if the bypass is working:

sh

CopyEdit

rspamc symbols test-email@example.com

• If the whitelisted sender is working, the spam score should be low or zero.

[mai mult...]

Microsoft Calendar (Outlook Calendar) in different scenarios:

1. Accessing Microsoft Calendar (Outlook Calendar)

For Web Users (Outlook.com)

1. Go to Outlook.com
2. Sign in with your Microsoft account
3. Click on the Calendar icon on the left panel.

For Windows Outlook (Desktop App)

1. Open Microsoft Outlook
2. Click on File > Account Settings > Account Settings
3. Under the Email tab, ensure your email account is set up
4. Click on Calendar in the navigation bar.

For Microsoft Teams

1. Open Microsoft Teams
2. Click on Calendar in the left menu
3. Ensure it syncs with your Outlook Calendar.

2. Adding and Syncing Calendars

Adding a New Calendar

1. Open Outlook Calendar
2. Click on Add Calendar > Create New Calendar
3. Name the calendar and select a color
4. Click Save.

Syncing with Google Calendar

1. Open Outlook Web
2. Click Add Calendar > Add Personal Calendars
3. Select Google and sign in to your Google account
4. Allow access and sync.

3. Sharing your Calendar

1. Open Outlook Calendar
2. Click Share (top-right corner)
3. Enter the email of the person to share with
4. Select permissions (View, Edit, etc.)
5. Click Send.

4. Configuring Notifications & Reminders

1. Open Settings in Outlook.
2. Go to Calendar Settings.
3. Enable Email or Pop-up notifications for events.

5. Connecting Microsoft Calendar to Mobile Devices

On Android

1. Install the Outlook app from the Play Store
2. Sign in with your Microsoft account
3. Go to Settings > Accounts > Sync Calendar.

On iPhone

1. Open Settings > Calendar > Accounts
2. Tap Add Account > Outlook
3. Sign in and enable Calendar Sync.

[mai mult...]

1. Instalarea Active Backup for Business

Pentru a configura Active Backup for Business pe un Synology NAS, urmați acești pași:

1. Autentificare în DSM
   • Conectați-vă la DSM (DiskStation Manager) al Synology NAS
2. Deschiderea Package Center
   • Accesați Package Center din meniul principal
3. Instalarea Active Backup for Business
   • Căutați Active Backup for Business și instalați aplicația

2. Activarea Serviciului

1. Deschideți Active Backup for Business din meniul DSM
2. Accesați Settings > Enable Active Backup for Business Service
3. Configurați destinația de backup (un folder partajat pe NAS)

3. Adăugarea Dispozitivelor pentru Backup

Active Backup for Business permite backup pentru:

• PC-uri și servere Windows
• Mașini virtuale (VMware/Hyper-V)
• Servere de fișiere (SMB/NFS)

Backup pentru PC-uri și Servere Windows

1. Accesați tab-ul PC sau Physical Server
2. Faceți clic pe Add Device și descărcați Active Backup for Business Agent
3. Instalați agentul pe dispozitivul Windows
4. Introduceți adresa IP a NAS-ului și autentificați-vă
5. Configurați politica de backup (sistem complet, partiție sau fișiere specifice).

Backup pentru Mașini Virtuale (VMware/Hyper-V)

1. Accesați tab-ul Virtual Machine
2. Faceți clic pe Add VMware vSphere/Hyper-V
3. Introduceți creditele de autentificare și configurați backup-ul

Backup pentru Servere de fișiere

1. Accesați tab-ul File Server
2. Adăugați sursa de date SMB/NFS și setați programul de backup

4. Configurarea Programului de Backup și a Politicilor de Retenție

1. Alegeți frecvența backup-ului (manual, programat sau continuu)
2. Stabiliți politicile de retenție (numărul de versiuni de backup păstrate)
3. Activați deduplicarea globală pentru optimizarea spațiului.

5. Monitorizarea și Restaurarea Backup-urilor

• Utilizați Active Backup for Business Portal pentru restaurarea fișierelor, sistemelor sau mașinilor virtuale.
• Creați medii de recuperare bootabile pentru restaurarea rapidă a dispozitivelor avariate.

[mai mult...]

Setting up an iSCSI LUN on your Synology NAS allows you to provide network-based storage to servers and virtual machines efficiently. This guide walks you through the step-by-step process using Synology’s Storage Manager.

1. Open a web browser and access your Synology NAS by entering its IP address
2. Log in using your administrator credentials

1. Once logged in, navigate to Storage Manager
2. In the left sidebar, click on the iSCSI section

1. Click Create and select iSCSI LUN
2. Choose a LUN type:
   • Regular LUN – standard allocation method
   • Advanced LUN – uses copy-on-write technology for better snapshot efficiency
3. Enter a LUN Name
4. Select the RAID Volume where the LUN will be stored
5. Specify the capacity for the LUN
6. Choose the allocation method:
   • Thin Provisioning (saves storage space but allows over-allocation)
   • Thick Provisioning (pre-allocates the full space immediately)
7. Click Next to continue.

1. Choose whether to create a new iSCSI Target or attach the LUN to an existing target
2. Enter a Target Name
3. (Optional) Enable CHAP Authentication for security
4. Configure IQN (iSCSI Qualified Name) if required
5. Click Next.

1. Review all the settings configured in the previous steps
2. Click Apply to create the iSCSI LUN

After creating the LUN, you need to connect it to a server or virtual machine

1. On your server (Windows/Linux/ESXi), open the iSCSI Initiator
2. Enter the Synology NAS IP address to discover available iSCSI targets
3. Connect to the iSCSI LUN
4. If required, format the LUN to prepare it for use.

[mai mult...]