This dashboard addresses "aPAColypse now", a novel attack approach which chains multiple Windows vulnerabilities together as well as takes advantage of default Web Proxy Auto-discovery (WPAD) behavior. The attack approach is detailed here.
Load the bundle onto your Discover appliance.
Before using, please modify the trigger to whitelist the following (detailed instructions are included within the trigger):
- Approved DNS, HTTP, and DHCP server networks
- Approved WPAD URI FQDNs
Once modified, assign the trigger to the DNS, HTTP, and DHCP clients which you would like to monitor.