Archive for the ‘The Art of Log Analysis’ Category
Wednesday, May 21st, 2008
I'll be presenting a SANS Tool Talk Webcast entitled "Log Management: No Longer Optional" on Tuesday, June 2nd at 1pm EST.
About the session:
Both network and security professionals agree - a log management solution is no longer optional. It's now a required tool in their arsenal.
Unfortunately, many of their log management ...
Posted in The Art of Log Analysis |
Thursday, May 15th, 2008
This is really cool news! The First USENIX Workshop on the Analysis of System Logs (WASL '08) is happening on December 7th, 2008 in San Diego, CA. About the event:
System logs contain a wide variety of information about system status and health, including events from various applications, daemons, and drivers, ...
Posted in The Art of Log Analysis |
Tuesday, April 8th, 2008
You're probably looking at the title of this blog post and thinking...what? What's he talking about? Well, as an incident analyst (which includes performing forensic examinations), I many times have to attempt to determine user login times, user activity on the system (applications run, files opened or modified), ...
Posted in The Art of Log Analysis |
Friday, March 7th, 2008
Under the umbrella of the common event expression (CEE) effort, we just posted a proposal for a common field list for log files.
At this point, we are really interested in getting feedback from the community! Have a look at the post on the CEE list and the list itself. Let ...
Posted in The Art of Log Analysis |
Wednesday, March 5th, 2008
The Academy (http://www.theacademy.ca) officially launches its web site today providing instructional videos for the information security community. For the first time ever, the average user to the most seasoned industry expert will be able to watch instructional videos on how to install popular products, address common configuration issues, and troubleshoot ...
Posted in The Art of Log Analysis |
Monday, February 18th, 2008
Although not a new concept, I thought I'd remind people of the benefits of sending your security, system, and application logs across a segregated network to maintain availability. Consider the following scenario:
Your network is experiencing a horrible worm outbreak that is eating up critical bandwidth as it attempts to spread ...
Posted in The Art of Log Analysis |
Sunday, February 17th, 2008
Somebody asked me a few days ago: EXACTLY what logging we absolutely MUST do for PCI DSS compliance? This is actually not as simple!
The honest answer to the above question is that there is no list of what EXACTLY you MUST be logging due to PCI or, pretty much, any ...
Posted in The Art of Log Analysis |
Sunday, February 3rd, 2008
Many who know me, know that I am a huge fan of free security resources. Papers from the SANS Information Security Reading Room are just such a resource. Two new papers were recently posted to the reading room that are certainly worth checking out. I'm sure the authors would greatly ...
Posted in The Art of Log Analysis |