Blog Posts Tagged with "Event Logging"


Ten Things I’ve Learned About Cloud Security

July 17, 2012 Added by:Bill Mathews

Cloud security is tough for a lot of reasons, not least of which is because you probably only understand the basics of what you interface with - the controls the provider allows you to see. This lack of depth of management introduces many security related challenges. Having said that, let’s explore...

Comments  (0)


Evidence of Compromise: Metasploit's PSEXEC

July 15, 2012 Added by:Rob Fuller

I was messing with the Windows service binaries in Metasploit and I noticed something. For the PSEXEC module, the service name (actually just the display name, 'service name' is random) always started with an uppercase 'M'. Curious to why that was I looked and found Line 246 of the PSEXEC module to be the culprit...

Comments  (0)


Network Forensics: Tracking Hackers through Cyberspace

July 11, 2012 Added by:Ben Rothke

With a title like Network Forensics: Tracking Hackers through Cyberspace, the book at first sounds like a cheesy novel. But by page twenty-five, you will quickly see this is the real thing. By the time you hit the last page, you will have read the collective wisdom of two of the smartest minds in the business...

Comments  (0)


IBM Got it Wrong: It’s Not about Adding Another Data Source

March 13, 2012 Added by:John Linkous

For the majority of organizations, information security is more post mortem than critical care. Regardless of how many billions you spend on security tools, until you fix this inherent problem in traditional SIEM tools, large organizations will continue to be breached...

Comments  (0)


Redefining Security Intelligence with NOC and SOC

March 09, 2012 Added by:Rafal Los

Security dashboards are archaic, and often security teams have a half-dozen or more for visual confirmation on happenings. In well-run SOC organizations, a SEIM or new-school SIRM can provide context and close the real-time analysis gap, but this still isn't enough...

Comments  (0)


Top Ten Criteria for an SIEM

August 15, 2011 Added by:Anton Chuvakin

I spent years whining about how use cases and your requirements should be driving your SIEM purchase. And suddenly Anton shows up with a simple Top 10 list. This list was built with some underlying assumptions which I am not at liberty to disclose. Think large, maybe think SOC, think complex environment...

Comments  (0)


What is a Kernel Level Audit Trail?

July 11, 2011 Added by:Jamie Adams

Few people understand how audit records are generated or the difference between a kernel level audit trail and an application event log. It is critical to configure auditing and logging mechanisms to capture the right data to safeguard the data to prevent it from being modified...

Comments  (0)


What Can We Learn From The Epsilon Breach?

May 02, 2011 Added by:PCI Guru

Epsilon appears to have caught this breach quickly because they were monitoring their network systems. What this incident points out is that even when you are monitoring your environment, it still takes a while to recognize that a breach is in progress...

Comments  (0)


Learning USB Lessons the Hard Way

April 20, 2011 Added by:Brent Huston

Our inspection revealed a job in the scheduler set to kick off on Saturdays at 5am and launch this particular malware component which appeared to be designed to grab the cookies from the browser and some credentials from the system and users then throw them out to the host in China...

Comments  (1)


Open Source Log Management Tools List

April 08, 2011 Added by:Anton Chuvakin

This page lists a few popular free open-source log management and log analysis tools. The log cheat sheet presents a checklist for reviewing critical system, network and security logs when responding to a security incident. It can also be used for routine periodic log review...

Comments  (0)


Log Forensics and “Original” Events

April 03, 2011 Added by:Anton Chuvakin

Since the early days of my involvement in SIEM and log management, this question generated a lot of delusions and just sheer idiocy. A lot of people spout stuff like “you need original logs in court” without having any knowledge about forensics in general. So, what is an “original” event?

Comments  (0)


Complete PCI DSS Log Review Procedures Part 17

March 11, 2011 Added by:Anton Chuvakin

Periodic Operational Task Summary: The following contains a summary of operational tasks related to logging and log review. Some of the tasks are described in detail in the document above; others are auxiliary tasks needed for successful implementation of PCI DSS log review program...

Comments  (0)


Complete PCI DSS Log Review Procedures Part 16

February 28, 2011 Added by:Anton Chuvakin

Validation activities can be used to report the success of a log management program, processes and procedures to senior management. The data accumulated is proof of organization-wide PCI DSS compliance and can be used for management reporting. Specifically, the following are useful reports...

Comments  (0)


Security Information and Event Management (SIEM) Implementation

February 24, 2011 Added by:Ben Rothke

Security Information and Event Management (SIEM) attempts to fix that by aggregating, correlating and normalizing the log and audit data. The end result is a single screen that presents all of the disparate data into a common element. While great in theory, the devil is in the details...

Comments  (0)


Complete PCI DSS Log Review Procedures Part 15

February 22, 2011 Added by:Anton Chuvakin

Finally, it is useful to create a “PCI Compliance Evidence Package” based on the established and implemented procedures to show it to the QSA. It will help establish your compliance with three key of PCI DSS logging requirements...

Comments  (0)


Eleven Log Management Resolutions for 2011

February 01, 2011 Added by:Anton Chuvakin

One of the simplest ways to commit to logging in 2011 is to commit to monitoring when logging stops. Apart from being a violation of a few regulatory compliance mandates, termination of logging – whether due to an attacker or by mistake – is something you need to know right when it happens...

Comments  (0)

Page « < 1 - 2 > »