hostProps.set() workaround

Professor

4 years ago

I have been aware of the debugger method for some time -- was not familiar with the secret debugger library, but you can access the debugger similarly via the API. So.... sleep well knowing that any set of leaked admin API keys could expose your entire network to remote attack via arbitrary PowerShell scripts executed via the debugger API. I was forced at the time to use that method to set the system.ips list to fix NetFlow ingestion for Palo Alto firewalls at the 5000 series or higher. No alternate method of binding device NetFlow export has yet been provided.

Recognizing how dangerous this was, I asked about having certain API calls like this locked to an allow list, but that went nowhere. I have also tried changing Windows collector service accounts to use the Performance Monitoring group rather that Domain Admins (especially after the SolarWinds hack), but I found too many things broke so had to move back. Even today well after the damage done during the SolarWinds hack due to lateral movement from compromised servers, LM collector installation instructions still include "If this Collector is monitoring other Windows systems in the same domain, run the service as a domain account with local administrator permissions."

Tick, tick tick...

Forum Discussion

Related Content

Workarounds for long ConfigSources?

Include text in custom alert message - workarounds wanted

Re: Bug Report: New UI: Settings: Ability to create users

Re: Public DNS resolution monitoring

Re: VMware vSphere VirtualMachineSnapshots issue

Recent Discussions

Freqency of Alerts

SQL CERTIFICATE MONITORING

CERTIFICATES - GET ALL CERTIFICATES FROM SERVER

Datapoints configuration Discussion

Programmatic Ping Alert