Blog Posts Tagged with "Event Logging"

D03c28fd5a80c394905c980ee1ecdc88

Ten Things I’ve Learned About Cloud Security

July 17, 2012 Added by:Bill Mathews

Cloud security is tough for a lot of reasons, not least of which is because you probably only understand the basics of what you interface with - the controls the provider allows you to see. This lack of depth of management introduces many security related challenges. Having said that, let’s explore...

Comments  (0)

D8853ae281be8cfdfa18ab73608e8c3f

Evidence of Compromise: Metasploit's PSEXEC

July 15, 2012 Added by:Rob Fuller

I was messing with the Windows service binaries in Metasploit and I noticed something. For the PSEXEC module, the service name (actually just the display name, 'service name' is random) always started with an uppercase 'M'. Curious to why that was I looked and found Line 246 of the PSEXEC module to be the culprit...

Comments  (0)

3e35900ae6facc6c146a85c435c71d82

Network Forensics: Tracking Hackers through Cyberspace

July 11, 2012 Added by:Ben Rothke

With a title like Network Forensics: Tracking Hackers through Cyberspace, the book at first sounds like a cheesy novel. But by page twenty-five, you will quickly see this is the real thing. By the time you hit the last page, you will have read the collective wisdom of two of the smartest minds in the business...

Comments  (0)

39728eff8ac87a48cfb050f0df29ceaa

IBM Got it Wrong: It’s Not about Adding Another Data Source

March 13, 2012 Added by:John Linkous

For the majority of organizations, information security is more post mortem than critical care. Regardless of how many billions you spend on security tools, until you fix this inherent problem in traditional SIEM tools, large organizations will continue to be breached...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Redefining Security Intelligence with NOC and SOC

March 09, 2012 Added by:Rafal Los

Security dashboards are archaic, and often security teams have a half-dozen or more for visual confirmation on happenings. In well-run SOC organizations, a SEIM or new-school SIRM can provide context and close the real-time analysis gap, but this still isn't enough...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Top Ten Criteria for an SIEM

August 15, 2011 Added by:Anton Chuvakin

I spent years whining about how use cases and your requirements should be driving your SIEM purchase. And suddenly Anton shows up with a simple Top 10 list. This list was built with some underlying assumptions which I am not at liberty to disclose. Think large, maybe think SOC, think complex environment...

Comments  (0)

4085079c6fe0be2fd371ddbac0c3e7db

What is a Kernel Level Audit Trail?

July 11, 2011 Added by:Jamie Adams

Few people understand how audit records are generated or the difference between a kernel level audit trail and an application event log. It is critical to configure auditing and logging mechanisms to capture the right data to safeguard the data to prevent it from being modified...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

What Can We Learn From The Epsilon Breach?

May 02, 2011 Added by:PCI Guru

Epsilon appears to have caught this breach quickly because they were monitoring their network systems. What this incident points out is that even when you are monitoring your environment, it still takes a while to recognize that a breach is in progress...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Learning USB Lessons the Hard Way

April 20, 2011 Added by:Brent Huston

Our inspection revealed a job in the scheduler set to kick off on Saturdays at 5am and launch this particular malware component which appeared to be designed to grab the cookies from the browser and some credentials from the system and users then throw them out to the host in China...

Comments  (1)

Ebb72d4bfba370aecb29bc7519c9dac2

Open Source Log Management Tools List

April 08, 2011 Added by:Anton Chuvakin

This page lists a few popular free open-source log management and log analysis tools. The log cheat sheet presents a checklist for reviewing critical system, network and security logs when responding to a security incident. It can also be used for routine periodic log review...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Log Forensics and “Original” Events

April 03, 2011 Added by:Anton Chuvakin

Since the early days of my involvement in SIEM and log management, this question generated a lot of delusions and just sheer idiocy. A lot of people spout stuff like “you need original logs in court” without having any knowledge about forensics in general. So, what is an “original” event?

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 17

March 11, 2011 Added by:Anton Chuvakin

Periodic Operational Task Summary: The following contains a summary of operational tasks related to logging and log review. Some of the tasks are described in detail in the document above; others are auxiliary tasks needed for successful implementation of PCI DSS log review program...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 16

February 28, 2011 Added by:Anton Chuvakin

Validation activities can be used to report the success of a log management program, processes and procedures to senior management. The data accumulated is proof of organization-wide PCI DSS compliance and can be used for management reporting. Specifically, the following are useful reports...

Comments  (0)

3e35900ae6facc6c146a85c435c71d82

Security Information and Event Management (SIEM) Implementation

February 24, 2011 Added by:Ben Rothke

Security Information and Event Management (SIEM) attempts to fix that by aggregating, correlating and normalizing the log and audit data. The end result is a single screen that presents all of the disparate data into a common element. While great in theory, the devil is in the details...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 15

February 22, 2011 Added by:Anton Chuvakin

Finally, it is useful to create a “PCI Compliance Evidence Package” based on the established and implemented procedures to show it to the QSA. It will help establish your compliance with three key of PCI DSS logging requirements...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Eleven Log Management Resolutions for 2011

February 01, 2011 Added by:Anton Chuvakin

One of the simplest ways to commit to logging in 2011 is to commit to monitoring when logging stops. Apart from being a violation of a few regulatory compliance mandates, termination of logging – whether due to an attacker or by mistake – is something you need to know right when it happens...

Comments  (0)

Page « < 1 - 2 > »