Security – Judsonian.com

Cribl – A Long Ass Beginners Introduction

July 10, 2023 Judson McKratz Cloud, Monitoring, Security

Welcome to the first of what’s likely to be a series of blog articles about Cribl. Don’t know what Cribl is? That’s okay, neither did I a few weeks ago. It’s something I found very interesting and valuable, and those of you who know me personally recognize my need write things down as part of a self education exercise. Gotta do something to make roots in the mind an engineer pulled six ways from Sunday. So what is Cribl? Well I’m going to cheat and ask what ChatGPT thinks first… Me > Tell me about Cribl ChatGPT > Cribl is[…]

NetApp ONTAP – Setting up Multi-Admin Verification via CLI and System Manager

October 29, 2022 Judson McKratz Security, Storage

Okay, so maybe hiring that guy who looks like Snidely Whiplash was a poor choice. Starting with ONTAP 9.11.1 you can enable further secure ONTAP by setting up multi-admin verification, or MAV for short. MAV can prevent system administrators from taking certain data disruptive actions without getting approval from at least one other administrator. How it Works MAV works by creating a rule set of commands or GUI operations that require multiple users to approve before it can be executed. Alongside are administrator groups which can provide authentication for those actions. When an action is triggered that’s a part of[…]

NetApp ONTAP – Whitelist and Blacklist Extensions with FPolicy via CLI, API, and System Manager

October 24, 2022 Judson McKratz Security, Storage

Within NetApp’s ONTAP software there’s the ability to monitor NAS actions via functionality called FPolicy. It’s essentially a notification framework that’s built around the logging and notification of actions against SMB/CIFS and NFS shares. The real power of FPolicy comes to light when you partner it with an off-system engine like Varonis or Cloud Secure, opening the door to all kinds of smart security controls. Native on-system FPolicy functionality is comparatively limited. While the framework is active and feeds info back into the other areas like logging, it lacks the majority of feature rich components an off-system partner provides. One[…]