Hey Folks,
Back again. Today we’re covering one of my processes for creating custom application IDs using Zed Attack Proxy and PANW appliances. The purpose of this is to allow us to identify Proxmox Web GUI traffic, as PANW doesn’t currently have a prebuilt App-ID for this.
This will allow us to narrow down the traffic that’s seen as “web-browsing”, “ssl”, or “unknown-tcp/unknown-udp”. More than just properly identifying the apps on our network, we can also enable things like virus and data pattern scanning to ensure that data downloaded or uploaded doesn’t contain viruses or sensitive data.
ZAP is just one of the tools we can use when creating custom App-IDs, but is my tool of choice for inspecting HTTP/HTTPS traffic. A good example of using an offensive/research tool for blue team operations. Obviously other tools like tcpdump and wireshark can be used for non-web based traffic.
I hope you liked this episode, I’m hoping to get alot more technical with my content and focus on specific scenarios or problems I’m facing in lab, life, or at work that might be beneficial to even a small audience out there.
[ad_2]
source
