Blog Posts Tagged with "Log Management"

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 18 FINAL

March 22, 2011 Added by:Anton Chuvakin

For log exceptions copied from log aggregation tool or from the original log file, make sure that the entire log is copied, especially its time stamp, which is likely to be different from the time of this record, and the system from which it came from - what/when/where, etc...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 17

March 11, 2011 Added by:Anton Chuvakin

Periodic Operational Task Summary: The following contains a summary of operational tasks related to logging and log review. Some of the tasks are described in detail in the document above; others are auxiliary tasks needed for successful implementation of PCI DSS log review program...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

On Cloud Logging Standards and Unique IDs

March 07, 2011 Added by:Anton Chuvakin

Cloud computing, as defined by NIST, has inherent multi-tenancy, elasticity, immediate provisioning and other fun properties, not found in traditional applications and platforms – whether distributed or not. All of these happen to affect accountability, auditability and transparency...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 16

February 28, 2011 Added by:Anton Chuvakin

Validation activities can be used to report the success of a log management program, processes and procedures to senior management. The data accumulated is proof of organization-wide PCI DSS compliance and can be used for management reporting. Specifically, the following are useful reports...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 15

February 22, 2011 Added by:Anton Chuvakin

Finally, it is useful to create a “PCI Compliance Evidence Package” based on the established and implemented procedures to show it to the QSA. It will help establish your compliance with three key of PCI DSS logging requirements...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 14

February 18, 2011 Added by:Anton Chuvakin

The logbook establishes the follow-up required in item 10.6.a of PCI DSS validation procedures, which states “Obtain and examine security policies and procedures to verify that they include procedures to review security logs at least daily and that follow-up to exceptions is required"...

Comments  (1)

Ebb72d4bfba370aecb29bc7519c9dac2

Bottom Eleven Log Management Worst Practices

February 08, 2011 Added by:Anton Chuvakin

Many organizations talk about “best practices”. The definition is often fuzzy but can be loosely related to the practices that generally lead to great results. Following the same model, here are the “worst practices” in the area of SIEM and log management that I have observed over the years:..

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 13

February 04, 2011 Added by:Anton Chuvakin

How do you create a logbook that proves that you are reviewing logs and following up with exception analysis, as prescribed by PCI DSS Requirement 10? The logbook is used to document everything related to analyzing and investigating the exceptions flagged during daily review...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Eleven Log Management Resolutions for 2011

February 01, 2011 Added by:Anton Chuvakin

One of the simplest ways to commit to logging in 2011 is to commit to monitoring when logging stops. Apart from being a violation of a few regulatory compliance mandates, termination of logging – whether due to an attacker or by mistake – is something you need to know right when it happens...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 12

January 28, 2011 Added by:Anton Chuvakin

We have several major pieces that we need to prove for PCI DSS compliance validation. Here is the master-list of all compliance proof we will assemble. Unlike other sections, here we will cover proof of logging and not just proof of log review since the latter is so dependent on the former...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 11

January 23, 2011 Added by:Anton Chuvakin

The main idea of this procedure it to identify and then interview the correct people who might have knowledge about the events taking place on the application then to identify its impact and the required actions, if any...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Ten Things Log Management Vendors Won't Tell You

January 20, 2011 Added by:Anton Chuvakin

While many people have seen 10 things that your chef, real-estate agent, wedding planner or pilot won’t tell you, the world has not yet seen Top 10 things your log management vendor won't tell you. Finally, this gap is now closed...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 10

January 17, 2011 Added by:Anton Chuvakin

A message not fitting the profile is flagged “an exception.” It is important to note that an exception is not the same as a security incident, but it might be an early indication that one is taking place. At this stage we have a log message that is outside of routine/normal operation...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 9

January 14, 2011 Added by:Anton Chuvakin

The first method considers log types not observed before and can be done manually as well as with tools. Despite its simplicity, it is extremely effective with many types of logs: simply noticing that a new log message type is produced is typically very insightful for security, compliance and operations...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 8

January 09, 2011 Added by:Anton Chuvakin

To build a baseline without using a log management tool has to be done when logs are not compatible with an available tool or the available tool has poor understanding of log data (text indexing tool). To do it, perform the following...

Comments  (0)

44fa7dab2a22dc03b6a1de4a35b7834a

Inspector General's Audit Finds GSA Security Lapses

January 07, 2011 Added by:Bill Gerneglia

The federal Office of the Inspector General found significant failings in the General Services Administration’s IT security systems and procedures in a December review of the agency, including configuration management, audit logging, monitoring, and encryption of data on agency laptops...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »