Time
6 hours 28 minutes
Difficulty
Intermediate
CEU/CPE
7

Video Transcription

00:00
Welcome back to the summary course in building. You're in for a sec lap. I'm your host and instructor Kevin Hernandez.
00:06
Blast lesson. Well integrated pf sense locks into curator and created it as a universal GSM luck source
00:15
in today's lesson actually gonna start creating custom properties for RPF since locks we thin curator.
00:22
Now let's get started.
00:25
Last realists off. We basically integrated pf since logs through. Curator We had the status
00:34
system logs
00:39
settings
00:40
right here.
00:44
Even though we incur incorporated these logs
00:47
into curator,
00:49
you have to do it manually through the universal log D s. Um,
00:54
that's a scene on the screen
00:57
now, even though we integrated these one of the issues is that it is not properly formatted. The reason we have to create either a universal
01:07
the ascend four p of sense I know scramble of words, right? Or we have to create custom variables. Now, let's go ahead and posit We're right here.
01:19
So we pause to capture from curator hitting the pause button on the top right corner.
01:25
And now we're gonna open a P of sense event such as this one.
01:30
There we go.
01:30
Yes, you can see
01:33
you have information here,
01:34
but not much to do. Now,
01:38
that's a mention. In the last videos, we can create
01:42
a new GSM right, or we can actually extract barrels from here.
01:47
Let's go ahead and show you the extract properties or create custom Bibles for this option. 1st 2 status.
01:55
So
01:56
let's go down here to locks again.
01:59
Right?
02:00
And here are the system looks now, obviously, you deaf system. And we also have the far wall. She's the ones we're looking at, right? So one good thing we're gonna do here is we're actually gonna take a swan screen shot of this
02:13
and then compare it to what we have here.
02:15
No,
02:16
I also do a side by side. If you like
02:21
that, you come here,
02:23
shrink this a little, and then come here.
02:30
Put them side by side.
02:32
I can also work.
02:36
It's up to preference.
02:38
So here, Right, you have the date or time, right?
02:44
Have the rule. Are pretty sure that's what it iss. And then you can see
02:47
her. Cyril values right.
02:51
Such as
02:52
filter long. Five.
02:55
Several values, right. Interfaces match block. Right.
03:00
So in here,
03:06
if I expended a little
03:07
all right, you can actually see some of this information.
03:12
However, it's not in the second order. So you gotta be aware of that
03:15
when trying to match one toe, One the information. Okay,
03:24
so
03:25
let's go back
03:27
and see the other one.
03:30
That one thing you can do,
03:31
you can right click here
03:34
and you say
03:36
filter on lockers is P f sense unless and the last 15 minutes.
03:42
And there we go. We have a lot more data to play with.
03:49
Okay, here we are.
03:52
Right.
03:53
1 20 So let's try to find
03:55
thes event in there,
04:00
Okay?
04:02
Once I went to Dynamic be a mentor. A normal view was able to find 1 2050 to 1 52 15
04:12
Right here. The port for 4193
04:15
Great.
04:16
Whoops. Sorry. I'm sure I did there.
04:20
I'm gonna go ahead and search for it in 44193 Right.
04:26
And you have the porter here.
04:28
You can see the 32 80. Here. You see the 30 to 60 m sign right here, and you can could get a general idea. Now, why this one? And this is what we really wanted to do.
04:39
So let's go ahead and copy
04:43
this over here
04:44
and Alice to extract property.
04:47
That's why for it to load
04:49
I want to do is create custom barrels for these, it's to show you how we can do a couple of, um regarding curator. Right. So we're going to extraction maze, right? Test feel it's where are pale is gonna be. In this case, you can see actually pasted it in here, so I don't have to do too much. Now here comes the exact new property. This case, we could
05:10
create one cold.
05:11
Um,
05:13
here. Right source. I p just 1 20
05:17
right?
05:18
So you can call it
05:21
source I p
05:24
maybe actually at a p f sense. And the reason I like to do p of scent source I p
05:30
Because that way, if you're trying to use your safety for something else, you don't. All right? You're certainly be for everything else. Okay. And for me to say, this is the source i p
05:41
for he have sends.
05:44
Let's scroll down a little. I'm gonna actually
05:46
creases sign of this. A little
05:48
fits. You guess It's a universal descend lobsters. You can actually attach it to be a sense itself. Even need. We can actually jump into that later on. But right now I'm gonna show you how to you simple rat Jax to read this data. Now, if you taking my course and Reddick, you already should be a little bit familiarized with this.
06:09
Otherwise, I'm gonna do
06:11
a little quick and true about it. Not too complex right now. You can see you do have to bracket. Now, if you want to get the date,
06:19
we can actually start from left to right, or we can actually start with the i p. I got ready stated. So
06:29
the problem is, we start here Is that when you have to create this portion under Rogic's for all of these,
06:34
right and it's a lot of information, to be honest with you.
06:40
So what you can do is we can start instead around
06:46
here,
06:48
great.
06:48
And the reason I say it's we can start around here is because it's not that hard or we can actually use this colon.
06:57
The reason I mentioned a Collins because it is the last colon there is, and therefore it shouldn't be that hard to play around with. So let's start with that colon right and it's been detected, followed by
07:09
let's say a little bit bigger now. I can see So the colon, Right. And you can see there's one,
07:15
two,
07:16
three different Collins. Now, the difference is you see carefully here.
07:20
This one has a space afterwards. So we're gonna use that
07:24
to Reg IX scenario. We're starting right now. There could be a dot or not, um, you know, digit or not. So in this case, what I'm gonna do is we're gonna create a
07:35
while card.
07:38
All right?
07:39
You're gonna say cute for cannot be there. Right? And they were gonna do a coma.
07:46
What a wild card I can or cannot be. They're actually going to repeat this several times
07:53
until we get
07:56
to everyone. And then here, for example,
07:59
You have digits, right? So it's a slash d plus. So you cover all those numbers, then you do another coma. In this case, it's a word,
08:09
right? Causes the interface so you could do slash
08:11
doubly pull us right. You're actually going to repeat this? Same one several times now,
08:20
Mom.
08:20
Um um
08:24
um you see,
08:26
it's gonna be a little bit long,
08:28
but it's gonna be okay.
08:31
Isn't something.
08:35
They're right.
08:37
No,
08:39
period.
08:54
Uh, slash Totally
08:58
plus
09:00
flush
09:01
Kuma.
09:03
Right?
09:03
And then you can say
09:07
Molly or no valley slash Did it? Plus
09:16
because
09:20
coma
09:22
Flint, did you plus
09:26
coma
09:28
teach it? Plus, they're gonna keep repeating these again
09:31
until we get to the point where we want to reach right slash
09:35
w
09:37
it was
09:39
You can see once we go to the d S m. It might be a little bit or a lot cleaner,
09:45
so
09:48
you'll be happy then
09:50
coma. I slashed w plus for a TCP
09:56
Kuma
09:58
flash D plus
10:01
together coma, and he usually actually gonna have to source i p.
10:05
So
10:07
here's where we do the capture. Now, before you do the capture group, one of the things I'm gonna recommend, it's for a ride, the whole
10:16
being up to maybe hear the destination port. Okay.
10:20
And the reason I say that is
10:24
you can then use the same rad jacks for everything you're gonna do instead of having to rewrite everything again and miss up because you forgot where to capture proper capture groups is okay Now, these seems like a good place to take a short break. See you soon

Up Next

Building an InfoSec Lab

This course will guide you through the basics of incorporating several Information Security Engineering Tools in your home and/or lab. By building this lab you will be able to obtain corporate-level security within your home network, as well as a higher understanding of the capabilities and advantages these tools bring to your network.

Instructed By

Instructor Profile Image
Kevin Hernandez
Instructor