About stevenbo

stevenbo · ‎05-06-2024

Currently this is a manual process for me, I swap our connections between our primary and secondary HFs for every patch window. Is this what everyone is doing or is there a way to automate a cutover? Thanks for any insight!

stevenbo · ‎04-11-2024

Going the route I am inquiring about is not my preference. I have kind of a convoluted internal network. I have requests in with my network team to get ssl passed through to where I need it and in the meantime am just trying to consider other options in case they can't make it work.

stevenbo · ‎04-10-2024

Thank you for the response. After a lot of digging and looking through py files and scripts, I did manage to find those 2 conf files. I was able to successfully disable SSL and access via http, the weird thing is on some machines, I am unable to login, I receive a 403 error (SOAR outputs as "Login Prevented. Please close your browser and try again"), on others, I can log in with no issue. I cannot find anything in the nginx confs that would cause this issue. It is assumably a local issue to those machines, but I would like to track it down so I can ensure it won't be a problem in the environment we intend to use. I know Django and UWSGI are also playing roles in this configuration, but I am not sure what those roles are.

stevenbo · ‎04-09-2024

Where is the web server actually installed to and ran from for SOAR in a RHEL environment? Unlike Splunk Web UI where I can modify the web.conf file, for SOAR I only see a massive amount of py files everywhere. I need to figure out where it actually starts and sets it's paths. Specifically where SSL is chosen. Assume I have installed SOAR to /data Thanks for any assistance!

stevenbo · ‎03-19-2024

I have SOAR installed and am trying to figure out how to make configuration changes, specifically for accessing the web interface. We are currently accessing via: https://ipaddress:8000 Overall, I am trying to find out how to make it accessible via http, if possible. Along with that, I would like to know where to make general configuration changes similar to web.conf for Splunk. I had to dig around quite a bit to discover the login.html in a templates folder just to add my server names for clarity. Any help would be greatly appreciated!

stevenbo · ‎03-06-2024

@burwell wrote: How about something like this | makeresults | eval start= strptime("02-01-2024", "%m-%d-%Y") | eval today=now() | eval time_difference=floor((today-start)/(60*60*24)) | eval mod_val=time_difference % 28 | eval days_to_patch=28-mod_val Thank you, I think this does exactly what I need! Greatly appreciated!

stevenbo · ‎03-05-2024

@burwell wrote: Hi so what's the patching schedule? Every 28 days starting in Feb 1? Sorry, yes. Every 28 days starting Feb 1.

stevenbo · ‎03-05-2024

Hello everyone, I am trying to use Splunk to create an ongoing patching countdown that will be Single Value (Days Until Patch) on my Dashboard. How can I go about accomplishing this? I was able to calculate 1 patch cycle, but I am not sure how to get it to recalculate for every month. Right now for example, it is telling me the next patch date is 2/29/2024. Hoping someone already has a solution built out. Thank you for any assistance! This is what I have so far: | makeresults | eval start= strptime("02-01-2024", "%m-%d-%Y") | eval startStr=strftime(start, "%D") | eval PatchDate = relative_time(start ,"+28d") | eval PatchDateString= strftime(PatchDate, "%D") | eval PriorPatchDate = relative_time(start ,"-28d") | eval PriorPatchDateString = strftime(PriorPatchDate, "%D") | eval daysCountD= strftime(PatchDate - now(), "%d") | table daysCountD PriorPatchDateString PatchDateString

Posts	8
Solutions	0
Karma Given	1
Karma Received	0
Member Since	‎03-05-2024

Online Status	Offline
Date Last Visited	‎05-06-2024 06:56 PM

What do you all do for patching timeframes with DB...

Web Server location

Reconfigure SOAR Web UI/URL/Ports

Ongoing Patching Countdown