Saturday, September 18, 2021

Blue Medora BindPlane MIaaS & GCP Logging


The service seems promising and may be easy to be use. I spent just <5 minutes for registration & saw the following GUI:


Bindplane is like a deployment & centralized configuration tool for managing collectors.

https://bluemedora.com/products/bindplane/ 

The first result may be:


But there are lots of things to be done for security monitoring purposes, e.g. correlations, alerts, I guess. So we may have a look at its supported destination, GCP Logging later.


Updated at 11:46 PM:

GCP Logging https://cloud.google.com/logging & Logs Explorer are not so good as expected.

https://console.cloud.google.com/logs/query

Query:

logName="projects/quickstart-1602463953025/logs/windows.event"
-jsonPayload.message="The system failed to register host (A or AAAA) resource records (RRs) for network adapter\r\nwith settings:"
-jsonPayload.message="7021 - Connection telemetry fields and analysis usage"



So we may turn back to the first solution (Spl).


Được đăng bởi No comments:
Tag:

Sunday, September 12, 2021

GlobalProtect (Mac): The server certificate is invalid. Please contact your IT administrator

 

Last time I tried to sign in my private PAN VPN on my Mac. The sign in process via Chrome browser was ok but I couldn't sign in when using GlobalProtect software. I got the following error message:

   GlobalProtect: The server certificate is invalid. Please contact your IT administrator



Trying to gg for resolution, especially on *.paloaltonetworks.com [1] and I couldn't fix this error. Later, I decided to sign in again via Safari and accepted the self-signed certificate again. Suddenly I did it successfully.  I figured it out that: the GlobalProtect only works well with valid and/or trusted certificated stored in Keychain Access. Chrome browser may maintain private cert store itself and GlobalProtect can not find any accepted certs in Chrome cert store Chrome browser may not be allowed to maintain or update private certs stored in KeyChain Access (even though Chrome have GUI for trust self signed certs. Chrome has only a link to go to KeyChain Access aka. OS Cert Store).

So I decided to write this post and hope it helps for others having this issue (on Mac).


[1]: Links I tried and did not work:

  • https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLhxCAG 
  • https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PNWDCA4 
  • https://kb.wisc.edu/wcer/page.php?id=100007  & https://www.eduhk.hk/ocio/content/faq-vpn-connection-failed-globalprotect-client-prompt-server-certificate-invalid 

Được đăng bởi No comments:
Subscribe to: Posts (Atom)