How to activate logging for Citrix Exploit 1 and 2



Daniel Weppeler postet a link on how to activate Citrix Logging for Exploit 1 and 2:
https://twitter.com/_DanielWep/status/1217022904073801728


Create MessageAction: add audit messageaction MsgAct_CVE WARNING "\"CVE Attack from IP \"+CLIENT.IP.SRC+\" - URL: \"+HTTP.REQ.URL.PATH.HTTP_URL_SAFE+\" (headers: \"+HTTP.REQ.FULL_HEADER.HTTP_HEADER_SAFE+\")\"" -logtoNewnslog YES


Enable userDefinedAuditlog: set audit syslogParams -logLevel ALL -userDefinedAuditlog YES set audit nslogParams -logLevel ALL -userDefinedAuditlog YES


Bind Message Action to CVE Responder Policy: set responder policy ResPol_Fix_CVE-2019-19781 -logAction MsgAct_CVE




Comments

Popular posts from this blog

Export a list of all XenApp 7.x published applications via Powershell

Implementing Single Sign On with NetScaler and Kerberos Constrained Delegation (KCD)

Remote use of Microsoft SysInternals: example Procdump