Log Management – Page 3 – WindowsTechs.com

[SANS ISC] Are Your Hunting Rules Still Working?

Posted on June 21, 2018 by Xavier

I published the following diary on isc.sans.org: “Are Your Hunting Rules Still Working?“: You are working in an organization which implemented good security practices: log events are collected then indexed by a nice powerful tool. The next step is usually to enrich this (huge) amount of data with external sources. You

[The post [SANS ISC] Are Your Hunting Rules Still Working? has been first published on /dev/random]

Continue reading [SANS ISC] Are Your Hunting Rules Still Working?→

An Eagle Eye Over Network Security: Configuring Log Sources to Maximize SIEM Visibility

Posted on April 20, 2018 by Warren Perez Araya

To get the most out of an SIEM solution, analysts must properly configure their log sources to generate alerts when they stop reporting for certain periods of time, depending on their priority level.

The post An Eagle Eye Over Network Security: Configuring Log Sources to Maximize SIEM Visibility appeared first on Security Intelligence.

Continue reading An Eagle Eye Over Network Security: Configuring Log Sources to Maximize SIEM Visibility→

20 Critical Security Controls: Control 6 – Maintenance, Monitoring, and Analysis of Audit Logs

Posted on April 18, 2018 by Travis Smith

Today, I will be going over Control 6 from version 7 of the CIS top 20 Critical Security Controls – Maintenance, Monitoring, and Analysis of Audit Logs. I will go through the eight requirements and offer my thoughts on what I’ve found. Key … Continue reading 20 Critical Security Controls: Control 6 – Maintenance, Monitoring, and Analysis of Audit Logs→

Reducing Dwell Time With Automated Incident Response

Posted on April 2, 2018 by Koen Van Impe

As the threat landscape evolves, it is increasingly important for organizations large and small to invest in automated incident response solutions to reduce dwell time and eliminate alert fatigue.

The post Reducing Dwell Time With Automated Incident Response appeared first on Security Intelligence.

Continue reading Reducing Dwell Time With Automated Incident Response→

Why Knock Innovation? SIEM Didn’t Die — It Evolved

Posted on November 21, 2017 by Lauren Horaist

SIEM has evolved from its comparatively humble beginnings to integrate user behavior analysis and log management capabilities that are critical to any SOC.

The post Why Knock Innovation? SIEM Didn’t Die — It Evolved appeared first on Security Intelligence.

Continue reading Why Knock Innovation? SIEM Didn’t Die — It Evolved→

Basic Security Tools You Cannot Afford to Miss in Your Risk Management Program

Posted on October 3, 2017 by Koen Van Impe

Security professionals can leverage freely available, open source security tools to protect their environments from threats.

The post Basic Security Tools You Cannot Afford to Miss in Your Risk Management Program appeared first on Security Intelligence.

Continue reading Basic Security Tools You Cannot Afford to Miss in Your Risk Management Program→

Address Registry and File Activity Monitoring Requirements With the Snare Log Analysis App

Posted on April 28, 2017 by Sandeep Mukherjee

The Snare Log Analysis App offers security analysts an extra pair of eyes to help them analyze SIEM logs and meet file activity monitoring requirements.

The post Address Registry and File Activity Monitoring Requirements With the Snare Log Analysis App appeared first on Security Intelligence.

Continue reading Address Registry and File Activity Monitoring Requirements With the Snare Log Analysis App→

[SANS ISC] DNS Query Length… Because Size Does Matter

Posted on April 20, 2017 by Xavier

I published the following diary on isc.sans.org: “DNS Query Length… Because Size Does Matter“. In many cases, DNS remains a goldmine to detect potentially malicious activity. DNS can be used in multiple ways to bypass security controls. DNS tunnelling is a common way to establish connections with remote systems. It is

[The post [SANS ISC] DNS Query Length… Because Size Does Matter has been first published on /dev/random]

Continue reading [SANS ISC] DNS Query Length… Because Size Does Matter→

Detect Endpoint Threats by Analyzing Process Logs in QRadar

Posted on December 2, 2016 by Mutaz Alsallal

Using an SIEM solution such as QRadar, security professionals can analyze process logs to detect, hunt and trace the source of threats.

The post Detect Endpoint Threats by Analyzing Process Logs in QRadar appeared first on Security Intelligence.

Continue reading Detect Endpoint Threats by Analyzing Process Logs in QRadar→

Getting Useful Info From the Log Hell with Awk

Posted on August 29, 2016 by Xavier

Getting useful info from log file should be piece of cake …if the file is properly formatted! Usually, one event is written on a single line with useful info delimited by a separator or extractable using regular expressions. But it’s not always the case, welcome to the log hell… Sometimes,

[The post Getting Useful Info From the Log Hell with Awk has been first published on /dev/random]

Continue reading Getting Useful Info From the Log Hell with Awk→