Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Blocked connections since version 0.7.x #2

Open
SteveUnderScoreN opened this issue Apr 12, 2018 · 3 comments
Open

Blocked connections since version 0.7.x #2

SteveUnderScoreN opened this issue Apr 12, 2018 · 3 comments
Assignees
@SteveUnderScoreN
Labels
enhancement New feature or request

Comments

@SteveUnderScoreN
Copy link
Owner

Blocks with version 0.7.0 policies applied - Tier X firewall baseline
#######
Application Information:
Process ID: 2624
Application Name: \device\harddiskvolume4\windows\system32\speech_onecore\common\speechruntime.exe

Network Information:
Direction: Outbound
Source Address: 1.2.3.160
Source Port: 60736
Destination Address: 52.138.216.83
Destination Port: 443
Protocol: 6

Application Information:
Process ID: 4900
Application Name: \device\harddiskvolume4\windows\system32\mmc.exe

Network Information:
Direction: Outbound
Source Address: 1.2.3.160
Source Port: 57336
Destination Address: 1.2.3.1
Destination Port: 53
Protocol: 17

Application Name: \device\harddiskvolume4\windows\system32\dmclient.exe

Network Information:
Direction: Outbound
Source Address: 1.2.3.160
Source Port: 62830
Destination Address: 52.138.216.83
Destination Port: 443
Protocol: 6

Application Information:
Process ID: 8380
Application Name: \device\harddiskvolume4\windows\system32\apphostregistrationverifier.exe

Network Information:
Direction: Outbound
Source Address: fdfd:fdfd:fdfd:0:49a5:ded6:b713:2f66
Source Port: 51423
Destination Address: fdfd:fdfd:fdfd::4
Destination Port: 8080
Protocol: 6

########

Blocks with version 0.7.0 policies applied - Domain firewall baseline
########
Application Information:
Process ID: 3968 Push notification
Application Name: \device\harddiskvolume4\windows\system32\svchost.exe

Network Information:
Direction: Outbound
Source Address: 1.2.3.160
Source Port: 60605
Destination Address: 52.170.194.77 and 52.179.13.204
Destination Port: 443
Protocol: 6
@SteveUnderScoreN SteveUnderScoreN self-assigned this Apr 12, 2018
@SteveUnderScoreN
Copy link
Owner Author

I've created a new branch 'post 1803' and I'm merging all the rules into that.

@SteveUnderScoreN SteveUnderScoreN added the enhancement New feature or request label May 3, 2018
@SteveUnderScoreN
Copy link
Owner Author

To help with this I'm putting together a script to collect security events from a domain joined system, analyse them, filter out duplicates and generate rules which can then be applied to an existing group policy object.
The rule generation will make recommendations and provide security advice around the type of rule being created.
I'm planning to use a GUI so that rules can be modified with a drop-down so the script will not be supported over remoting.

@SteveUnderScoreN
Copy link
Owner Author

These haven't made it into build 1807 due to the work on new features. These will be addressed in the next release.

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@SteveUnderScoreN SteveUnderScoreN

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@SteveUnderScoreN