Simple Log Review Checklist Released!

Monday, March 08, 2010

Anton Chuvakin

Ebb72d4bfba370aecb29bc7519c9dac2

Today, many people are looking for very simple solutions to big and complex problems – and the area of logging and log management is no exception. Following that theme, we have created a "Critical Log Review Checklist for Security Incidents" which is released to the world today.

In addition to HTML, PDF or DOC versions are available as well (alternative hosting location is here). Feel free to modify the checklist for your own purposes or for internal distribution in your organization - but please keep the attribution to the authors.

The log cheat sheet presents a checklist for reviewing critical system, network and security logs when responding to a security incident. It can also be used for routine periodic log review. It was authored by Dr. Anton Chuvakin and Lenny Zeltser.

Possibly Related Articles:
9787
Enterprise Security
Log Management
Post Rating I Like this!
3416a75f4cea9109507cacd8e2f2aefc
Mark Thibault One area I look for is data appearing in cleartext that either should be hashed or not even logged. An example in Ruby on Rails log files is shown here: http://www.railstutorial.org/chapters/sign-up#sec:filtering_parameter_logging
1268183010
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.