Collaborate Disseminate
I have some web server logs from a breach. Is there a tool in SecurityOnion where I can upload the log files in csv format and have some sort of behavior-driven, static IDS/IPS identify when a breach occurred?
I’ve recently implemented a SIEM solution, and am now able to see a large amount of failed login attempts from legitimate users. In fact, it’s such high volume that my SIEM is correlating them to be Brute Force attacks. Howev… Continue reading Tracking Down Failed Logins
This falls under the category of eliminating what might be normal activity from my attention.
I’m looking at Windows 7 security event logs. I don’t have context to know if the following event is a normal occurrence. It hap… Continue reading What causes Windows security logs saying an attempt was made to reset an account’s password?
In my apache error log I am getting these errors (there are 100s of these lines), most of these IPs are from China.
I guess some bots are trying to find vulnerable files. Is there any way to protect the server against such … Continue reading Some bots are trying to locate files on server, how to protect?
As per latest OWASP Guidelines (2019) – a security assessor has to test against application platform configuration dubbed as OTG-CONFIG-002 in OWASP Testing Guide v4.
Since OWASP is a Security Principle Guide rather than bei… Continue reading Application Security – Security Testing Log files?
I was discussing with my friend the topic of the importance of log analytics/correlation and real-time response for an organization. Then, he mentioned that some people consider sending logs (collected from a network: IDS, fi… Continue reading Is a good idea to have security logs stored in the cloud?
I have tried viewing cookies in my Chrome settings, but I don’t see any human-readable data about my browsing. Most of what I have read stops at telling me how to view and delete cookies without explaining how to get meaningf… Continue reading How to log cookie data and make a human-readable report on them? [on hold]
Sumo Logic, a cloud data analytics and log analysis company, announced a $110 million Series G investment today. The company indicated that its valuation was “north of a billion dollars,” but wouldn’t give an exact figure. Today’s round was led by Battery Ventures with participation from new investors Tiger Global Management and Franklin Templeton. Other […] Continue reading Sumo Logic announces $110M Series G investment on valuation over $1B
Being new to the security and logging and after reading a lot about the terms used, I am pretty sure I neither need an IDS/IPS nor a WAF.
I am mostly interested in automating the “monitoring” of my application logs and enfo… Continue reading OWASP: Insufficient Logging & Monitoring – open source tools
This question already has an answer here:
How are attacks and APTs attributed?
5 answers
I’ve noticed sometimes that I’d … Continue reading How to determine where an attack came from? [duplicate]