This topic contains 3 replies, has 3 voices, and was last updated by salil 8 years, 9 months ago.
You must be logged in to reply to this topic.
This topic contains 3 replies, has 3 voices, and was last updated by salil 8 years, 9 months ago.
In almost every network monitoring or SIEM model there is an initial phase of “planning”. This would be where you want to scope out what you want to collect from where. The Securosis guys stated in their NSO Quant report “Collect alerts and log records”.
I have a basic list of things that fall into this category, logins, reboots, av process crashes… and some more simple things to gather. I feel like I am missing a chunk of things to grab. What do you guys correlate or collect?
I’m planning a SIEM project for later this year so i’m interested in y’all’s opinions too (is y’all’s a word?) 🙂
There has to be best practices out there.
Maybe I am looking at it from too big of a perspective and should try to break it down into domains (workstations, network infra, servers).
The issue I have is that I am aware that I should be monitoring SQL logs for “something”. I just don’t know what that something is quite yet because I am no SQL guru. The same can be said for other technologies and pieces of equipment.
Hi,
Check the blog from Anton. http://chuvakin.blogspot.com/
He has many posts on log management and seim.
I have found that if you start logging things that you know and understand you are able to build up on it. If you start with log everything and start getting rid of the noise you end up with a mess.
Cheers,
Salil
You must be logged in to reply to this topic.
– EH-Net Live! December: “Burp-less Hacking – Learning Web Application Pentesting on a Budget“ w/ Phillip Wylie on Thursday Dec 19 at 1:00 US Eastern Reg Open NOW!
– EH-Net Live! November – Video & Deck Available Soon! for “All Things CTF!” w/ Ray Doyle of EverSecCTF from Nov 21.
– EH-Net Live! Oct – Video & Deck Now Available! for “Hacking Humans” w/ Hadnagy, Paul & Baron from Oct 29.
– EH-Net Live! August – Video & Deck Now Available! for “Wireshark for Hackers” w/ Laura Chappell from Aug 29.
– EH-Net Live! July – Video & Deck Now Available! for “DEF CON Goons, Badges and Talks – Inside the Largest Hacker Con in the World” w/ Pyr0, CmdC0de & Investigatorchic from July 25.
See all EH-Net Live! Videos
More on the EH-Net YouTube Channel
Copyright ©2019 Caendra, Inc.