Category Archives: Logs Management / SIEM

[SANS ISC] DNS Query Length… Because Size Does Matter

Posted on by

I published the following diary on isc.sans.org: “DNS Query Length… Because Size Does Matter“. In many cases, DNS remains a goldmine to detect potentially malicious activity. DNS can be used in multiple ways to bypass security controls. DNS tunnelling is a common way to establish connections with remote systems. It is

[The post [SANS ISC] DNS Query Length… Because Size Does Matter has been first published on /dev/random]

Continue reading [SANS ISC] DNS Query Length… Because Size Does Matter

[SANS ISC Diary] Retro Hunting!

Posted on by

I published the following diary on isc.sans.org: “Retro Hunting!“. For a while, one of the security trends is to integrate information from 3rd-party feeds to improve the detection of suspicious activities. By collecting indicators of compromize, other tools may correlate them with their own data and generate alerts on specific conditions.

[The post [SANS ISC Diary] Retro Hunting! has been first published on /dev/random]

Continue reading [SANS ISC Diary] Retro Hunting!

Getting Useful Info From the Log Hell with Awk

Posted on by

Getting useful info from log file should be piece of cake …if the file is properly formatted! Usually, one event is written on a single line with useful info delimited by a separator or extractable using regular expressions. But it’s not always the case, welcome to the log hell… Sometimes,

[The post Getting Useful Info From the Log Hell with Awk has been first published on /dev/random]

Continue reading Getting Useful Info From the Log Hell with Awk