Collaborate Disseminate
I’ve installed OSSIM (no USM) on a VM and am trying to figure out how much disk space I need to give this VM. Basically does anyone know:
How can I estimate how much disk the logs are using each day? I just have nowhere to see the rate at… Continue reading OSSIM logs and disk space?
Are there good ways to put guardrails on not logging sensitive information? For example, passwords
If there isn’t a guardrails approach, is there a way to help make the easy thing the right thing like create a logging library wrapper that … Continue reading Guardrails Around Logs For Devs
I am a working student as an information security analyst .
my company provides a bunch of software in our daily work like for example gitlab and jira . Every interaction between the user and the software is logged inside elastic stack .
L… Continue reading How to efficiently analyse logs from elastic search to look for vulnerabilities? [closed]
Wonder, how to configure auditd to capture redirect of the command, e.g.:
mycommand arg1 arg2 > myfile
… will result in only the following information within auditd logs:
"process":
"title": "mycommand a… Continue reading Capture redirection by auditd [migrated]
I have a Linksys WRT1200AC with DD-WRT v3.0-r48865 std. It’s connected to the Internet through the ISP’s modem in bridge mode.
My syslog reports continuously, many times per second stuff like this:
kern.warn kernel: [18453.515784] DROP IN=… Continue reading A Continuous Flood of Kernel Warnings. Am I under attack?
How can I get the SOF-ELK VM to inject the IIS logs like the httpd logs. Here are my filebeats yml configs:
/etc/filebeat/filebeat.yml
filebeat.config.inputs:
enabled: true
path: /usr/local/sof-elk/lib/filebeat_inputs/*.yml
filebeat.c… Continue reading Need help configuring SOF-ELK Sans to parse IIS W3C logs
When a crash occurs or when a user reports a bug, I’d like to send my application’s logs to a cloud service (Firebase).
But I’ve just realised that there are tons of kindergarten level exploits. For example:
they can make these logs treme… Continue reading Sending logs with bug reports: how to defend against easy exploits like malicious file enlargement?
Cybersecurity involves a balancing act between risk aversion and risk tolerance. Going too far to either extreme may increase cost and complexity, or worse: cause the inevitable business and compliance consequences of a successful cyberattack. The deci… Continue reading How to avoid security blind spots when logging and monitoring
I installed ufw on my VPS. xx:xx:xx:xx:xx:xx is the MAC address of my VPS.
grep ‘BLOCK’ /var/log/ufw.log | awk ‘{print $1,$2,$3,$12,$13}’
Apr 28 20:28:04 MAC=xx:xx:xx:xx:xx:xx:fe:00:03:ee:8f:33:08:00 SRC=89.248.165.118
Apr 28 20:28:04 … Continue reading someone always attack my server [closed]
I have a hosted a simple react website(testing) with nginx webserver and cloudflare as ssl provider.My website is down from few days with cloudflare error 525 "SSL handshake failed".I was pretty sure my SSL keys are not expired,s… Continue reading Can anyone help finding what’s shady things are logged on my nginx webserver? [duplicate]