ET POLICY PE EXE or DLL Windows file download

[Jason Canup]

Hi all,

I have a TON of these alerts and they are all generated between employee's PCs and our company's domain controllers, which are Windows Server 2008 R2. I'm not necessarily worried about the traffic, but you know what they say about curiosity.

What exactly is happening here? What's the best way to find out?

[Heine Lysemose]

Hi

The best way to do this is to use the main purpose of Security Onion and that is to pivot from the alert to the full transcript.

You can do this from Sguil, ELSA, Snorby.

Take a look a these videos, https://www.youtube.com/watch?v=dyLbgrdagaA&list=PLMN5wm-C5YjyieO63g8LbaiWTSJRj0DBe.

From all interfaces (Sguil, ELSA, Snorby) it is showed how to pivot to the transcript.

Regards,

Lysemose

--
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at http://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.