Le 14/02/2012 21:37, Mike Disley a écrit :
Anyone have a custom rule that would detect Outbound internet access on a Windows system? I'm hoping to detect if/when someone uses a browser to access the web on a server with Internet connectivity.Please and Thanks Mike
Maybe force use of a proxy and monitor its logs. Search for any GET/POST with src.ip beeing one of your Windows. 0.02$ -- Cheers, Florian Crouzat
