HP New Integrated Commands

Summary:

This document serves as a guide for HP Enterprise Security Professional Services, detailing integrated commands and right-click tools available as of October 11, 2013. It covers an overview of host investigations using specific examples from various security tools like MS Windows Security Event ID’s, Symantec, IBM| ISS Proventia, HP Tipping Point, Mcafee ePO, Fortinet |Fortiguard, Checkpoint FW/IPS, CISCO, and Google Maps. Additionally, it provides resources for research such as MX Toolbox, Microsoft Malware Protection Center, Sans Port Lookup, Domain Tools Whois, among others. The document also highlights the Operating System Tools available. The guide includes an overview of various online tools and command syntaxes for different types of queries, primarily focused on cybersecurity and network administration tasks. These include threat information and malware analysis, network and web security scanning, vulnerability databases, and operating system tools. Examples of these tools are Malware Domain List, Threat Expert, MX Toolbox, PathPing, PSTools, and FosWiki. The document is part of HP's Enterprise Security suite and can be accessed via the URL www.hp.com. For inquiries, contact HP Inc. at various numbers for different regions (USA: 1-888-415-ARST, EMEA: +44 870 351 6510, Asia Pac: 852 2166 8302). While the guide does not explicitly state copyright information, it outlines a collection of integrated commands that can be utilized via the full console, requiring Internet access. The primary focus is on host investigations and research-related URLs for various tools.

Details:

This document is a guide for HP Enterprise Security Professional Services, focusing on the integrated commands and right-click tools available as of October 11, 2013. The guide includes an overview of what it covers (Introduction), details about Integrated Commands - Right Click Tools (including Host Investigations with specific examples like MS Windows Security Event ID’s, Symantec, IBM| ISS Proventia, HP Tipping Point, Mcafee ePO, Fortinet |Fortiguard, Checkpoint FW/IPS, CISCO, and Google Maps), resources for research such as MX Toolbox, Microsoft Malware Protection Center, Sans Port Lookup, Domain Tools Whois, among others. It also covers Operating System Tools available (DN). The document is part of HP's Enterprise Security suite and can be accessed via the URL www.hp.com. For inquiries, contact HP Inc. at Corporate Headquarters: 1-888-415-ARST (USA), +44 870 351 6510 (EMEA), or 852 2166 8302 (Asia Pac). It is important to note that while the guide mentions copyright information, it does not explicitly state if there are any restrictions on sharing or reusing parts of this document. This document outlines a collection of integrated commands that can be utilized via the full console, requiring Internet access. The primary focus is on host investigations and research-related URLs for various tools. These include MS Windows Security Event ID's, Symantec (SEP), IBM| ISS Proventia, HP Tipping Point, Mcafee ePO, Fortinet |Fortiguard, Checkpoint FW/IPS, CISCO, Google Maps, MX Toolbox, and Microsoft Malware Protection Center. The commands provide URLs to access specific information such as Event ID numbers, signature IDs, document IDs, filter/signature IDs, virus IDs, IP addresses, and more, allowing users to perform detailed investigations or gather relevant data from these tools. This summary provides an overview of various online tools and command syntaxes for different types of queries, primarily focused on cybersecurity and network administration tasks. The list includes both web-based and script-based commands across several categories including: 1. **Threat Information and Malware Analysis** - These tools help in identifying potential threats by checking against databases of known malicious domains, IP addresses, and malware types. Examples include Malware Domain List, Threat Expert, and ZeusTracker. 2. **Network and Web Security Scanning** - Tools that allow users to scan for vulnerabilities, blacklisting status, and other security issues on websites or specific IP addresses. This includes services like MX Toolbox for internet port scans and SMTP checks, Sucuri SiteCheck for website vulnerability scanning, and UrlVoid for checking the reputation of a URL based on multiple blacklist engines. 3. **Vulnerability Databases** - Access to databases where security vulnerabilities are registered, such as Common Vulnerabilities and Exposures (CVE), Common Weakness Enumeration (CWE), Open Web Application Security Project (OWASP), and the National Vulnerability Database (NVD-CVE). 4. **Operating System Tools** - Diagnostics tools built into operating systems for network troubleshooting, such as Dig (DNS lookup), Nbtstat (NetBIOS over TCP/IP diagnostic tool), and potentially NMAP if included in certain versions of Windows or other operating systems. These commands are designed to be used via command line interfaces or through web-based interfaces that accept IP addresses, domain names, or specific identifiers as inputs. The use of these tools can vary depending on the permissions and configurations of the network environments they are being used in, but generally, they serve to help identify potential threats, confirm system information, and provide detailed insights into security vulnerabilities and exposures. The text provides an overview of various network tools and utilities used in computer networks, specifically for tasks such as scanning a network (Nmap), checking the path between two hosts including latency (PathPing), and managing Windows systems remotely (PSTools). Here's a summary of each tool mentioned: 1. **Nmap** - A utility used to scan a computer network by sending specially crafted packets and analyzing responses to create a "map" of the network. It can be run with specific syntax for different types of scans (-vv, -sU, -p0). 2. **PathPing** - Combines ping and tracert functionalities in Windows NT and beyond. It provides detailed information about the path between two hosts, including latency statistics based on sampling over time. The command syntax is %system32%\pathping.exe $(targetAddress). 3. **PSTools (now part of SysInternals by Microsoft)** - A set of command-line utilities designed to help investigate Windows systems remotely:

• **PSFile**: Lists files on a system that are opened remotely, using the syntax %arcsight%\tools\PSTools\PSFile.bat $selectedItem –u Administrator –p SECRET.

• **PSGetSid**: Translates SIDs to their display name and vice versa, with the command syntax %arcsight%\tools\PSTools\PSGetSid.bat $selectedItem –u Administrator –p SECRET.

• **PSInfo**: Gathers key information about a Windows system, using the command syntax %arcsight%\tools\PSTools\PSInfo.bat $selectedItem –u Administrator –p SECRET.

• **PSList**: Displays running services on the host, with the command syntax %arcsight%\tools\PSTools\PSlist.bat $selectedItem –u Administrator –p SECRET.

• **PSLoggedOn**: Shows who is using remote resources, using the command syntax %arcsight%\tools\PSTools\PSloggedon.bat $selectedItem –u Administrator –p SECRET.

4. **FosWiki** - Utilizes a local WIKI to query for information on specific items of interest (such as incidents or knowledge base entries). The command syntax is an HTTP request URL that queries the wiki with parameters like search, scope, and type filters: http:///foswiki/bin/view/SOC_Business/Websearch?tab=searchadvanced&search=$selectedItem&scope=all&web=all&order=topic&type=keywork&limit=. These tools are part of a larger set used in SOC (Security Operations Center) operations for network and system administration tasks, providing essential functions to analyze, manage, and troubleshoot computer networks remotely.