How to activate logging for Citrix Exploit 1 and 2

Daniel Weppeler postet a link on how to activate Citrix Logging for Exploit 1 and 2:

Create MessageAction: add audit messageaction MsgAct_CVE WARNING "\"CVE Attack from IP \"+CLIENT.IP.SRC+\" - URL: \"+HTTP.REQ.URL.PATH.HTTP_URL_SAFE+\" (headers: \"+HTTP.REQ.FULL_HEADER.HTTP_HEADER_SAFE+\")\"" -logtoNewnslog YES

Enable userDefinedAuditlog: set audit syslogParams -logLevel ALL -userDefinedAuditlog YES set audit nslogParams -logLevel ALL -userDefinedAuditlog YES

Bind Message Action to CVE Responder Policy: set responder policy ResPol_Fix_CVE-2019-19781 -logAction MsgAct_CVE


Popular posts from this blog

Export a list of all XenApp 7.x published applications via Powershell

Implementing Single Sign On with NetScaler and Kerberos Constrained Delegation (KCD)

How to: Create a Client Certificate for LDAPS with OpenSSL