Ask a Question

Didn’t see what you’re looking for? Start a new topic. Help is on the way!

  • 75 Topics
  • 114 Replies

75 Topics

A
Antonio Pezuela
asked in Ask a Question

Paloalto XDR Cymulate Exceptions

Hi,We are trying to configure correctly cymulate exceptions on Paloalto Cortex xDR. ¿is there any recomendations about it? ¿someone with the same enviroment?Thank you

3
A
1 year ago
R
rakhadiasry
asked in Ask a Question

Update Agent

how to update agent alreday installed before ?my agent setting is check for auto update, still have old versioni do force update from connected agent in cymulate dashboard, but nothing happen from version agentany guide for this update ?

2
R
1 year ago
U
user6781345
asked in Ask a Question

Why won't the dashboard open on agent's computer?

I’m trying to open the Cymulate dashboard on an agent of ours to adjust settings. Any time I attempt to open the program I’m given a “Cymulate agent is already running” message. What can I do to access our settings dashboard? 

1
A
Employee
1 year ago
Chris Yoo
Chris Yoo
asked in Ask a Question

Endpoint security - behavioral assessments

Hey, Is there any way to make the behavioral assessments on the endpoint security harder to detect by the endpoint security tool?It seems like some of the scenarios were blacklisted by their hash on my endpoint security solution.  Thank You! 

1
C
1 year ago
N
nico_lembrechts
asked in Ask a Question

Cymulate agent install on Mac OS with new M1 processor.

Has anyone tried to use the Cymulate agent on Mac hardware that runs with their new M1 processor ?According to the Cymulate docs only X86 is supported for Mac OS installs.Would be sad if we need to buy old hardware to have a working agent :-) Thanks for sharing your experience. Nico

1
David_Kellerman_CISSP
Employee
1 year ago
N
nico_lembrechts
asked in Ask a Question

Do all agent installs (windows, linux, mac) support all executions ?

From what i can see executions use scripts and tools which depends on the underlying platform (OS), powershell VS bash for example. I am wondering if we can have a scenario using a mix of these executions to run on an agent on a certain platform ? I expect we can not launch powershell executions from a linux agent ? How is this handled in the product ? Thanks in advance.Nico

1
A
Employee
1 year ago
P
pedr
asked in Ask a Question

On-premise deployment

Hello, Is there currently an on-prem deployment option? Can you please point me to a documentation / comparison where this is described. Thank youBest Regards

3
C
1 year ago
S
Scott_Johnson
asked in Ask a Question

Purple Team Exercise management

What do you recommend for managing Purple Team exercises. I’m looking at Vectr.io.

1
Miri Adjiashvili
Employee
1 year ago
S
Scott_Johnson
asked in Ask a Question

Drift Analysis

How can I use Cymulate to monitor changes or drift of security controls from a known good state. I know I could run scenarios on a schedule, is there a way to get an alert or view a report if my endpoint control misses say a ransomware test?

1
Cymulate_CharlesRoberts
Employee
1 year ago
J
jeremy_ross
asked in Ask a Question

WAF Module - gives a 200 - not showing the WAF as configured

Web Application Firewall Module Ideally we want it so that every 200 response does not indicate a fail. Since we return 200 for every request good or bad....what are our options?...returning a 200 error, doesn’t provide the value we want from the Cymulate tool

1
chris_worley
Employee
1 year ago
U
uiliam_mello
asked in Ask a Question

Watchdog service | agent running only if user is logged

Hi all!We observe in our agents the Cymulate Watchdog process (configured on install to run every 5 minutes) showing a lot of execution errors, and it may be impacting mainly on Windows Servers, where agent only runs if some user is logged into. The event viewer error says that a config file, "CymulateWatchDog.deps.json" is missing, and we couldn't find any memption about it on forum or help center. Despite Windows Server was mentioned in this example, this behavior (Watchdog unsucessfull) appears to occur with unix (Linux/macOS) systems too.About this case:- How we could repair this watchdog behavior? Is there some example of "CymulateWatchDog.deps.json" settings?- Repairing watchdog, it will be effective with agent up without a user stay logged onto server ?RegardsUiliam Mello

4
J
1 year ago
U
uiliam_mello
asked in Ask a Question

Splunk Integration - custom queries

Hi all!About advanced custom queries into Splunk integrations section…. the "free search” field accepts SPL searches or it is intended to other "query languages" ? Someone have an use-case of using of Cymulate with Splunk, to  "inspire" ? rsBest regardsUiliam Mello 

2
U
1 year ago
nirl
Employee
nirlEmployee
asked in Ask a Question

How do you benchmark your organization's security posture vs. other organizations?

Hi Hatters!I believe that setting benchmarks to assess your organization’s security posture vs. other organizations is important to understand issues that are crossing regions, industries and more, and prioritize focuses to align your security posture with industry standards.Having said that, there’s lack of data visibility to security posture trends and it’s hard to find a single source of truth which is normalized and clarified for instant use.So, I wanted to ask:What kind of security benchmarks are you setting and tracking today? What are these benchmarks’ parameters? (by region, by industry, by organization’s size etc) Which data sources are you using to create the benchmark? Are you using any regulatory/standardized frameworks for benchmarks?Thank you!

0
nirl
Employee
1 year ago
L
luis.huallpa
asked in Ask a Question

Requirements for Multitenant instance

Hi,for multitenant instance, the requirements apply for each domain right??Regards.

2
L
1 year ago
R
randyjcress
asked in Ask a Question

Integration with Splunk (Splunk Cloud)

Splunk Cloud requires opening a support ticket to define the IP range to be allowed to query the REST API over port 8089.   Can you provide that IP range of the Cymulate servers that will be performing these queries? ref:  

1
Y
Employee
1 year ago
F
faisal_mohammed
asked in Ask a Question

Meaning of Offline/Removed in Status & Previous Status columns of Immediate Threats report

What is the Meaning of Offline/Removed in Status & Previous Status columns of the Immediate Threats report .

2
F
1 year ago
C
carl_behnke
asked in Ask a Question

Agent disconnect

The agent installed on the machines have been installed as local administrator. When logging off they will stay connected to the cloud system for about 5 minutes then it will disconnect. The agent then has to be restarted once logged back in to the system. The application has been whitelisted. I am looking for any additional troubleshooting techniques to look for.

2
mike_talon
Employee
1 year ago
Chris Yoo
Chris Yoo
asked in Ask a Question

Cloud misconfiguration

We are heavily invested in AWS EC2, and we would like to maximize our usage with Cymulate. We are looking for specific assessments and scenarios we can run to reduce risks that arise from misconfiguration in the cloud, such as inadequate access restrictions, unencrypted private data (ex credentials), AWS AMI patching, secured lambda coding, etc.  Can you please assist? 

1
A
Employee
1 year ago
A
Adrian_Richings
asked in Ask a Question

Lateral Movement Requirement & eSET

Morning We have a customer who needs to place the lateral movement requirement in the their eSET end point solution HOWEVER eSet requires both an application AND APPLICATION PATH to set an exemption (you cant exempt base solely on the application name) How can this be achieved?  File Name: CymulateLM.exe MD5: 7e1c9df044bcafe8e5a4372793985368 SHA-256: db5f25b745f701d905d5d6f3979f9d4aec2ae22ad8f5bb66c428324b5e25b0a4 SHA-1: 18076280e739af9c4c8c93ef99e6a20777c80ff5 Thanks.

1
mike_talon
Employee
1 year ago
J
Jason_Sumner
asked in Ask a Question

How to Integrate to Rapid7 InsightVM?

I am trying to setup the AVM inside Cymulate.  Below you will see what I have done thus far...I have gone into Cymulate’s Integration and Selected Edit on the InsightVM Integration Module and my email & password auto-filled.  Https://###.###.###.###:3780/  is the IP address format that I inputted  from my On-Prem InsightVM’s Console.I have one agent depolyed.  I logged into My VPN on this device for it to find this system on the Domain. I still was not successful in connecting the VM back to Cymulate’s AVM.What can I do to get this API connection resolved? 

3
Cymulate_CharlesRoberts
Employee
1 year ago
V
Victor_Hernandez_Martin
asked in Ask a Question

Vector Endpoint - Connections to other computers

Hello, We are launching in my company the endpoint vector, and we are detecting many connections to other computers with the user that is doing the launch. Is this normal?The endpoint vector is not a local test?thanksRegards

2
mike_talon
Employee
1 year ago
R
Robert_PIcard
asked in Ask a Question

Automation? Reporting? Branding?

I have what might be a quick question, but I want to be able to run the entire backlog of known attacks how can i queue those up? Also when a new threat assessment is run, how can I get the system to send an automatic email with the report?  Lastly, I had a system that went offline for a extended period, I saw no notices that the automatic testing had no agent to run against. 

2
mike_talon
Employee
1 year ago
P
philippe_diennet
asked in Ask a Question

CYMULATE RECON running since 8 days without report

Hi,We use the CYMULATE RECON module for some months but for the previous month i had no report at all and the process is running since 8 days. Could you help please ?Regards,Philippe Diennet

1
C
Employee
1 year ago
Michael_YNWA
Michael_YNWA
asked in Ask a Question

Lateral Movement

Dear community members, I’m interested to learn about useful dashboards that you have developed in your environment (in Splunk for instance) that provide significant insights as to the effectiveness of the various controls that are assessed in the Hopper module. I’m interested in seeing useful examples of insights based on consolidated Hopper reports (of multiple assessments). Eagerly waiting to learn from you! Michael  

3
David_Kellerman_CISSP
Employee
1 year ago
nirl
Employee
nirlEmployee
asked in Ask a Question

Assurance process for mitigation steps

Having a mitigation assurance process is important for focusing engineering efforts and efficiently keeping up with the organizational security posture program.How do you currently assure findings from various assessments are properly mitigated by your engineering teams?

0
nirl
Employee
1 year ago

Badge winners

Show all badges
Terms & ConditionsCookie settings