Best Practices

Home

Splunk application for ActiveTrust Cloud
I have just published a Splunk application for ActiveTrust Cloud. This application allows you to: - get ActiveTrust Cloud logs into Splunk using the REST API introduced with ATC 2.0 - filter it efficiently with full drill down support based on the time, threat property, threat class, source IP, domain name, query type and…
Syslog Based RPZ reports
The canned RPZ reports all use the “Top RPZ hits” summary. The problem with this data set is if you have a custom white or black list that generates a significant number of RPZ hits, (such as white listing internal domains or SPAM checking servers that have their own built in RPZ like features) the “Top” summary is filled…
CSV export of address information for entire network hierarchy
If you are in the IPAM view of the web interface (Data Management > IPAM) and look at a network you can get a display of all the addresses in that network and information related to those addresses, such as DNS names, MAC addresses, etc. I was working with someone who wanted to see a similar display, but for an entire set…
DNS RPZ Hits by Clients (Drilldown)
RPZ Hits by Client Report for Drilldown. HTH. <form> <label>DNS RPZ Hits by Clients (Drilldown)</label> <description></description> <fieldset submitButton="true" autoRun="true"> <input type="time" token="time"> <label>Time</label> <default> <earliest>-1w</earliest> <latest>now</latest> </default> </input> <input…
Dashboard: DHCPv4 Range Utilization - Empty Ranges
Hey guys, A customer of ours needed a dashboard that gives you the option to show all DHCP Networks that are not being utilized. It's a bit surprising to us that this is not a feature available in any of the default dashboards/reports. In the default settings you will get all DHCP networks that have no utilization in the…
DNS Reply Code by Client
Here is a dashboard that will give you the opportunity to review the DNS reply code when a client sends a DNS request (NoError, NxDomain, ServFail, Refused). This dashboard can alert you when DNS requests don't have the expected answer, and then, help you understand why and fix the problem (create the zone, the record, a…
Sending SYSLOG to the correct NetMRI Collector
How do I send SYSLOG messages in an OC Setup? How do I know which collector to send SYSLOG messages to? Solution: This will help you send SYSLOG messages to correct NetMRI Collector. We have a "well known" variable call "$netmri_ipaddress" that is the Collector that discovered the device. Use this CCS Script:…