Although the documentation relates data access control rules to web services receiving URI strings, I noticed that some non-web based events were triggered by one of my dac rules. So I thought perhaps the dac rules would work with all applications receiving various data.
I created a rule called "Cmd Shell Directory Listing" as follows -
Taking the following action: Monitor
Applications in any of the following selected classes: Command Shell [V4.5.1 r654]
But not in any of the following selected classes: <none>
Attempt to access these data sets: *Directory of *:\*
My thoughts are, if I open cmd.exe, and type in "dir c:", I will receive data that contains "Directory of C:\" and should trigger this rule.
I tested it and it didn't work. So now I'm going to try changing the data set to just *dir*. In the Help File it notes that if any other application other IIS, Apache, or iPlanet is used, then the rule is ignored. So perhaps I'm doing this in vain.
Does anyone else have any other idea how to detect the use of cmd directory listings?
1. Reboot the server (this resolves any port conflict issues);
2. Stop Norton Anti-Virus (running anti-virus software slows down the installation considerably. This often causes installation hickups.) Note that we advise to double the memory requirements if a virus scanner is needed.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :