The last post was very long and a bit crazy all over the place, but here we are continuing with it. To illustrate how to crate a destination NAT, we will be opening FTP to one of our DMZ server, so lets get started
Create Object Under Objects -> Services we will create our new FTP Object
Destination NAT Policy We are pretty much following the same flow we initially followed when we were playing with the Source NAT Policies, with few minor changes that will make sense
So I continue my journey to get this cert, I think I have procrastinated for too long and I need to get back to learning all the ins and outs for the technology. Again this certification is very heavy on configuration, HA concepts and maybe scattered between all their main Objectives. We are going to get working with Initial Configuration
Admin Roles Like any other appliance out there, you have the ability to create different Admin roles and different permissions based on their job function
This quick lab is going to be about creating Zones, assigning them to interfaces, Management Interface configuration
Creating a Zone We will create the Outside Zone and we are going to add a name + selecting the type, nothing fancy, but later in the lab we will use it and go through configuring more features Create an Interface Management Profile We are going to quickly create a Management profile and assign to an interface
Create Tags One thing that I really appreciate from PANOS is the introduction of TAGs, they are very handy when you are looking for policies, objects and many different things in your firewall. I know many of you out there appreciate the feature.
Tags are color-coded labels and enable you to group, sort, and filter objects using keywords or phrases. Tags can be applied to Address objects, Address Groups (static and dynamic), services, Service Groups, and policy rules. Tags can be assigned a color that makes the results of a search easier to find in the web interface.
Lack of quality information in Cyber Security and incident response is real, you have too many sources for too many things, and most of the information at reach is not centralized. A couple of years back when I was working on learning more and more ins and outs on the InfoSec community I found VERIS, which I think is a nice initiative.
Here is a quick breakdown of what it is
Introduction to Transactions A transaction is a group of related events that span time. Events can come from multiple applications or hots. For example, One email message can create multiple events as it travels through various queues, also visiting a single website normally generates multiple HTTP requests
Transaction field-list can be one list field or a list of field names. Events are grouped into transactions based on the values of these fields. If multiple fields are specified and a relationship exists between those fields, events with a related field value are grouped into a single transaction.
Introduction to Eval Commands The eval commands are great to perform calculations, convert values, road values, format values and even use conditional statements. It is recommended to use search and were commands to filter calculated results.
Eval commands allow you to calculate and manipulate field values in your report Supports a variety of functions Results of Eval written to either new or existing fields you specify
If the destination field exists, the values of the field are replaced by the results of eval
SO we got to this point, looking at the Fundamentals 2 section of my training. This training builds on the Fundamentals 1 course. Which is pretty much all tools you can use for searching and understanding data in Splunk
What is part fo Fundamentals 2: Transforming commands and Visualizations Filter/Format results of a Search Correlate Events into Transactions Knowledge Objects Extracted Fields, Fields Aliases and Calculated Fields Tags and Event Types Macros and WorkFlow Objects Manage Data Models Splunk Common Information Model
Introduction to Knowledge objects These are tools you use to discover and analyze various aspects of your data
Data Interpretation - Fields and field extractions Data Classification - Event types Data Enrichment - Lookups and Workflow Actions Normalization - Tasks and Field Aliases Datasets - Data models Knowledge objects can be shared between users, they are reusable, are made of persistent objects that can be used by multiple people or apps, such as macros and reports. They are also searchable since the objects are persistent, they can be used in a search
Visualizations When a search returns statistical values, the results can be viewed with different visualization types, some of the Visualization types: Statistical Values Charts: Line, column, pie Single Value Visualizations Maps
Charts - Line Chart (Time Series) Chart - Bubble Cluster Map Choropleth Map What is next? Filtering/Formatting Data
About the Author: Andres Sarmiento, CCIE # 53520 (Collaboration) With more than 15 years of experience, Andres is specialized in Unified Communications and Collaboration technologies. Consulted for several companies in South Florida, also Financial Institutions on behalf of Cisco Systems. Andres has been involved in high-profile implementations including Cisco technologies; such as Data Center, UC & Collaboration, Contact Center Express, Routing & Switching, Security and Hosted IPT Service provider infrastructures.
