Blog Posts Tagged with "Log Management"

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 7

January 04, 2011 Added by:Anton Chuvakin

An additional step should be performed while creating a baseline: even though we assume that no compromise of card data has taken place, there is a chance that some of the log messages recorded over the 90 day period triggered some kind of action or remediation...

Comments  (0)

1961d93172f8088a077c52e638e31f41

Gartner Report: Critical Capabilities for SIEM

January 02, 2011 Added by:Heather Howland

This research will help project managers, who are responsible for selecting a security information and event management (SIEM) solution, evaluate products from 12 of the major vendors in the segment...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 6

January 02, 2011 Added by:Anton Chuvakin

In addition to this “event type”, it makes sense to perform a quick assessment of the overlap log entry volume for the past day (past 24 hr period). Significant differences in log volume should also be investigated using the procedures define below...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 5

December 26, 2010 Added by:Anton Chuvakin

This section covers periodic log review procedures for applications in scope for this project. Such review is performed by either application administrator or security administrator. The basic principle of PCI DSS periodic log review is to accomplish the following...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 4

December 16, 2010 Added by:Anton Chuvakin

Event logging and security monitoring in PCI DSS program go much beyond Requirement 10. Only through careful data collection and analysis can companies meet broad requirements of PCI DSS...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 3

December 13, 2010 Added by:Anton Chuvakin

Many pieces of network infrastructure such as routers and switches are designed to log to an external server and only preserve a minimum (or none) of logs on the device itself. Thus, for those systems, centralizing logs is most critical...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 2

December 09, 2010 Added by:Anton Chuvakin

It is important to note that such a list has its roots in IT governance “best practices,” which prescribe monitoring access, authentication, authorization change management, system availability, and suspicious activity...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Complete PCI DSS Log Review Procedures Part 1

December 06, 2010 Added by:Anton Chuvakin

This is a complete and self-contained guidance document that can be provided to people NOT yet skilled in the sublime art of logging and log analysis, in order to enable them to do the job and then grow their skills. This is the first post in the long, long series..

Comments  (3)

C787d4daae33f0e155e00c614f07b0ee

Five Infosec Trends For Which I’m Thankful This Year

December 01, 2010 Added by:Robb Reck

While security is a discipline that might lead people to become introverted and closed-off, there is a thriving community who shares security ideas, engages in productive dialog, and pushes the industry forward...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Project Honeynet Log Mysteries Challenge Lessons

November 23, 2010 Added by:Anton Chuvakin

We just finished grading the results of Project Honeynet Log Mysteries” Challenge, and there are some useful lessons for BOTH future challenge respondents and to log analysts and incident investigators everywhere. If you look at the challenge at high level, things seem straight forward...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

What Should I Want? Or How NOT to Pick an SIEM

November 12, 2010 Added by:Anton Chuvakin

The allure of asking that question is truly irresistible when dealing with somebody who – presumably – knows more than you do about a particular subject. I am not shocked when a SIEM prospect asks that question of a vendor sales guy or – slightly better – a field engineer...

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

Anton Chuvakin and Andrew Hay Talk Logs

October 23, 2010 Added by:Anton Chuvakin

LogChat Podcast is back - and now on iTunes as well. Everybody knows that all this world needs is a podcast devoted to logs, logging and log management - as well as SIEM, incident response and other closely related subjects - and now you have it...

Comments  (0)

7477d0986a135e5e948d70e9995a609c

Log Consolidation, SIEM or Both?

October 17, 2010 Added by:John Verry

In the old days there was a fundamental decision to make when implementing log management technology. It boiled down to whether or not you needed the increased capabilities of SIEM such as real-time correlation and advanced integration with other core systems...

Comments  (5)

Ebb72d4bfba370aecb29bc7519c9dac2

The Top Free Log Management Tools

October 10, 2010 Added by:Anton Chuvakin

The log cheat sheet presents a checklist for reviewing critical system, network and security logs when responding to a security incident. It can also be used for routine periodic log review. It was authored by Dr. Anton Chuvakin and Lenny Zeltser...

Comments  (1)

E313765e3bec84b2852c1c758f7244b6

Splunk 4 Users Review

July 12, 2010 Added by:Brent Huston

Splunk is a log collection engine at heart, but it’s really more than that. Think of it as search engine for your IT infrastructure. It will actually collect and index anything you can throw at it, and this is what made me want to explore it...

Comments  (1)

Ebb72d4bfba370aecb29bc7519c9dac2

SLAML 2010 Log Analysis Workshop

June 24, 2010 Added by:Anton Chuvakin

This year, Workshop on the Analysis of System Logs (WASL) is reborn as SLAML. Please consider submitting a short paper (no need to do a full academic write-up!). The deadline is July 11.

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »