Category: Howto Article

FireEye Dashboards Replicated In Splunk

After installing the FireEye app for Spunk and having some issues with it, the app was uninstalled, which left a gap that needed to be filled. So off I went into Splunk land to see if I could scrounge together some decent “dashboard” worthy search queries that could help display important information. Below are a…

Read More »

FireEye Role Based Access Control (RBAC)

Regarding Active Directory integration with FireEye back in FEOS versions 7.0.x (webmps), 6.3.2 (emailmps) and 6.4.1 (CMS), we only had the ability to map a dingle Active Directory group to a single FireEye “role”. And most enterprises would probably have mapped that single group to the Admin role. Well….. Fast >> Forward >> to FEOS…

Read More »

BlueCoat Proxy – Web URL Category Review / Best Practices

This page will attempt to assist you in building a Web URL Category review process, as well as provide best practice recommendations from BlueCoat and my own personal experience with BlueCoat. BlueCoat does not update their Web URL Categories very often, but it does happen about once every 12-18 months. In earlier times, they were…

Read More »

BlueCoat Proxy – Log Injection For Rule Tracking

Unfortunately BlueCoat doesn’t have a nice and fancy log tracker type utility like CheckPoint has in Smart Tracker. Rules do not have numbers perse – but you can work around this by using some log injection smoke and mirror tricks. There are a few unused (or not very often used) log variables that can be…

Read More »

FireEye Integration With BlueCoat Proxy

This tutorial will assist you with integrating FireEye and BlueCoat a bit, by using a URL list populated by FireEye to use in the BlueCoat as another web filter. This filter can then be used in BlueCoat policy just like the BCWF, McAfee Smartfilter, etc…

Read More »

Blue Coat ProxySG – Splash Page Updates

In my previous blathering’s about BlueCoat splash pages, I always had used the variable $(cs-categories) to identify which BlueCoat WebFilter (BCWF) the requested URL was a child of. But this displays ALL the categories that a specific URL/site is a member of, not just the one that is the criteria for the block. In your…

Read More »

Blue Coat ProxySG – Issues Upgrading SGOS From 5.5.x.x to 6.2.x.x

Following an upgrade on an SG600-10, from 5.5.3.31 to 6.2.9.1, I encountered the errors below, and was unable to pass traffic thru the proxy using the BlueCoat WebFilter categories for “Allow”/”Deny”. As this specific ProxySG is a non-production device, there are very minimal users working with it, and the first I noticed of the issue,…

Read More »

Check Point Quick Reference – Tcpdump

NOTE: fw monitor operates above layer 2 and does not include mac address information – cant see ARP messages. tcpdump can see layer 2 ARP messages This is one of the most common tcpdump commands: (looks for packets from a src to dst, need to specify interface) tcpdump nn-i eth2 host 11.11.11.11 and host 22.22.22.22…

Read More »

CheckPoint SmartDashboard – Missing Menu

Was just bouncing around updating rules in some firewalls, and noticed that the menu bar at the top of the window was missing… After some searching, I found that a registry setting needed to be modified, to restore the menu bar. Here is the registry path: HKEY_CURRENT_USER\Software\CheckPoint\Management Clients\6.2.01\R75.10\Check Point SmartDashboard\Check Point SmartDashboard\Toolbar States\ToolBar-Bar0 You will…

Read More »