1.1. Scenario:
KATA/EDR CN is deployed on site, and there are some remote users that cannot connect to the internal network, and you want to receive the EDR telemetry from those endpoints and laptops when they are outside the network (considering that you don't have any VPN functionality).
You don't want to expose the CN on the internet, so you'd like to use the sensor to relay the telemetry to the CN and have visibility on the endpoints.
1.2. Pre-requisites and configuration step
The article is applicable to KEA 3.x (any cf) as part of [KATA+]EDR solution.
1.1. Problem
Some hosts (usually server, eg. Windows Server 2012 R2) will not appear in CN dashboard after being configured using correct settings, including a valid TLS certificate. In the known case, such Endpoint Agents were configured locally using the command line, not via policy; however, we were able to verify that the same configuration led to successful connection on most hosts.
During trou
Проблема
При попытке подключиться к песочнице через SFTP, соединение закрывается сразу после ввода пароля
Решение
В Technical Support Mode отредактировать файл /etc/ssh/sshd_config
Строку
ForceCommand /usr/bin/apt-restricted-ssh
заменить на
#ForceCommand /usr/bin/apt-restricted-ssh
Строку
Subsystem sftp /usr/libexec/openssh/sftp-server
заменить на
Subsystem sftp /usr/lib/openssh/sftp-server
Сохранить файл (Ctrl+S, Ctrl+X) и перезапустить сервис ss
