I had a client with a huge list of hostnames that they needed to convert to IP addresses so they could scan them. That’s common. I used to have a Windows batch file to convert a list of hostnames to a list of IP addresses, so I dug it out of my archives. This uses ping but isn’t like a ping sweep; they knew the machine names but their tool needed IPs.
I used the file to resolve lists of machines so I could load them into a centralized logging or vulnerability management system. This client had the same need and nobody there had a similar tool. So I shared mine with them. And I present it here so I won’t lose it again, and if you need it, you can use it too.
If you need a centralized logging solution for your business, you’ll need to consider Splunk vs Loglogic. I have experience with both in corporate environments.
I guess you can say I spent a lot of time configuring and waiting on Loglogic. I spent a little time configuring Splunk and a lot of time turning the data inside it into knowledge.
I heard an interesting question the other day: What’s the difference between a vulnerability scanner and a SIEM? Qualys and Nessus are examples of vulnerability scanners. Arcsight and Splunk are examples of SIEMs.
To a security practitioner, the tools couldn’t be much more different, but not everyone is a security practitioner.
On a basic, fundamental level, a vulnerability scanner deals in what’s missing in the environment and what could happen as a result of those things that are missing. A SIEM deals in what actually has happened and is happening.
So, CNN/Money ran a story on the best 100 jobs in the United States, based on pay, projected job growth over the next 10 years, and quality of life ratings. And there was my job title, at #9. I think you should want to become one, so here’s how to become an Info Assurance Analyst.
The field desperately needs more of us, so I’m happy to share with you how to become someone like me. Read more
My tips for using Sysinternals’ Du.exe were well received last week, and my former coworker Charlie mentioned a GUI tool called Windirstat that I had completely forgotten about. For the command-line averse, it’s an incredibly useful tool.
But there’s one thing that Du.exe does that makes the CLI worthwhile. It will output to CSV files for further analysis. Here’s the trick.
DU -L 1 -Q -C \\SERVERNAME\C$\ >> servers.csv
Sub in the name of your server for servername. You have to have admin rights on the server to run this, of course.
For even more power, run this in a batch file containing multiple commands to query multiple servers, say, in your runup to Patch Tuesday. Open the file in your favorite spreadsheet, sort on Directory Size, and you can find candidates for cleanup.
I had a bunch of CSV files I needed to merge. I don’t spend half an hour loading all of them into Excel and doing a bunch of copying and pasting. Here’s how I merge CSV files from a command prompt.