LMPatrickA
EmployeeJoined 2 years ago
User Profile
EmployeeUser Widgets
Contributions
Finding Cisco IOS XE CVE-2023-20198 With ConfigSources
On October 16, 2023, Cisco published a vulnerability that affects IOS XE machines running the built-in web server:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z This is tracked ashttps://nvd.nist.gov/vuln/detail/CVE-2023-20198 By adding a simple Config Check to an existing Cisco IOS ConfigSource, LogicMonitor can help people quickly identify which resources have the web server enabled. Here is an example: Name: Cisco-CSCwh87343-Check Check type: "Use Groovy Script" Groovy script: /* The built-in string variable 'config' contains the entire contents of the configuration file. The following example will trigger an alert when the configuration file contains the string "blue". if (config.contains("blue")) { return 1; } else { return 0; } */ if (config.contains("ip http")) { return 1; } else { return 0; } Then trigger this type of alert: Warning Description: "Search for presence of Cisco CSCwh87343 vulnerability" Caveats: -This will apply to all devices where the ConfigSource is used, even though all devices may not be affected by the vulnerability -This assumes usage of ConfigSources and specifically the Cisco_iOS ConfigSource Thanks to Todd Ritter for finding this CVE and Creating the ConfigSource128Views15likes1CommentLM Academy - How to Become a LogicMonitor Wizard
LogicMonitor is an incredibly powerful and extensible monitoring platform that can give you incredible visibility and insights into your digital infrastructure, but with great power comes great responsibility. While we do our best to make LogicMonitor as easy to use and intuitive as possible, there are so many capabilities that you may want to learn more about. Most new LogicMonitor users can get very far with our public documentation and amazing support team, but for those who want to go further, we have a great learning platform, LM Academy, that includes a number of free courses in LogicMonitor topics as well as multiple levels of certifications you can obtain to take yourself to the next level of LogicMonitor mastery. You can access LM Academy right from your LogicMonitor portal. Simply click on the “Training” icon in the top right of your page. From there, you can make an account and get started. As seen in the top right of your LogicMonitor Portal The LM Academy page gives you access to a variety of learning resources and opportunities including Live Training with LogicMonitor Training Engineers. Courses cover topics from Beginner to Advanced and include both brief LearningBytes and extended Videos where LM Engineers will help you master our platform. LM Academy Home Page We also offer certification programs to test and prove your knowledge of LogicMonitor. Our LMCA (LogicMonitor Certified Associate) program is a great introduction to the LogicMonitor platform and designed for anyone who might want to use LogicMonitor and understand how it works. If you want to go even further, we also offer the LMCP (LogicMonitor Certified Professional) program which is designed for all LogicMonitor Administrators and covers how to manage their LM Portal and goes into more detail on how the platform works. If you want a more interactive learning experience, our Training Team has Live Training sessions regularly and at times that work for users all around the world with dedicated Americas, EMEA, and APAC training teams. You can access the Live Training calendar from LM Academy and sign up for the courses you find interesting. Additionally, recordings of these are made available after for your review. This is a great opportunity to gain new skills and have time with LogicMonitor experts who can answer your questions live. If you’ve never accessed LM Academy, you should try it today and see just how many resources there are to help you master LogicMonitor.101Views12likes0Comments