Collaborate Disseminate
I’m trying to edit my rsyslog.conf in order to set hex parts of my auditd logs in clear.
Does anyone know if it is possible to configure rsyslog in order to apply a parsing on the log received by a bash script ? (Or any other technique)
It… Continue reading Rsyslog & Auditd – Parsing audit.log / proctitle hexadecimal value to ascii [migrated]
There are a lot of excellent resources to sharpen your pentesting skills (like Hackthebox, Vulnhub, Juiceshop, Burp Suite Academy and so on), but I couldn’t find something similar for forensics, especially log file analysis.
I thought abou… Continue reading How can I practice log file analysis?
Last week I keynoted LogPoint’s customer conference with a talk about how to extract value from security data. Pretty much every company out there has tried to somehow leverage their log data to manage their infrastructure and protect their assets and … Continue reading How To Drive Value with Security Data – The Full Talk
I was wondering if you have collected/crossed any labelled dataset in the following context for cyber-security threats:
Web requests
HTTP requests
(proxy) Web server logs
Any updates will be highly appreciated.
Continue reading Is there any public labelled dataset for Web Servers logs/ HTTP requests?
The log management and security information management (SIEM) space have gone through a number of stages to arrive where they are today. I started mapping the space in the 1980’s when syslog entered the world. To make sense of the really busy diagram, … Continue reading A Logging History Lesson – From syslogd(8) to XDR
We have been collecting data to drive security insights for over two decades. We call these tools log management solutions, SIMs (security information management), and XDRs (extended detection and response) platforms. Some companies have also built the… Continue reading How To Drive Value with Security Data
For the past few weeks, I am observing a lots of visits from a specific user-agent – Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.135 Safari/537.36 to one particular URL.
The user-agent … Continue reading Suspicious visits to one URL from same user-agent but from unique IPs
I am looking for security examples where the order of log records, events, etc. is the key to find an anomaly, incident, etc. I’d like to prove that using sequential pattern matching (e.g. regex) is good for anomaly detection and sequentia… Continue reading Security use cases where the order matters
A company entrusts a Data Scientist with the mission of processing and valuing data for the research or treatment of events related to traces of computer attacks. I was wondering how would he get the train data.
I guess he would need to ex… Continue reading How to source training data in ML for information security? [closed]
Logs are provided below. Questions: "Do these router logs indicate I was hacked or being spied on? If so can I report it to IC3/police as legitimate evidence?"
Hello, I hope I am in the right place. I have been paranoid the past … Continue reading Do these logs indicate someone spying on me? Can I use this as evidence to report to IC3/police? [closed]