A follow up, a couple of posts I have on Linux log sources ( https://medium.com/@hannahsuarez/top-sources-for-better-linux-log-collection-with-nxlog-d465b7d4d361 ) and Windows Event/Group IDs to log ( https://medium.com/@hannahsuarez/what-are-the-top-eventlog-ids-and-id-groups-to-watch-out-for-indicators-of-compromise-or-93d961ff326d )
Anton Chuvakin on logs and #infosec
"Detecting Threats by Matching Threat Intel to Logs — Oh Really?" https://medium.com/anton-on-security/retaining-logs-for-a-year-boring-or-useful-70ea21fa3dda
"Retaining Logs For A Year: Boring or Useful?" https://medium.com/anton-on-security/detecting-threats-by-matching-threat-intel-to-logs-oh-really-10cc8a4c6384
> "So I call the university IT helpline, and they send a kid, no older than me. He sits down at my computer and looks at it and says 'boy you've really screwed this thing up'"
> "Then, right in front of me, he logs onto my website and downloads Malwarebytes."
Hmm, 4GB #owasp #zap persisted sessions saved from some sessions last year.. time to delete https://groups.google.com/forum/#!topic/zaproxy-develop/MiaxN3WDxlA
Financial records of nearly every Bulgarian exposed
Red faces in Moscow this weekend, with the news that hackers have successfully targeted FSB—Russia's Federal Security Service. The hackers managed to steal 7.5 terabytes of data from a major contractor, exposing secret FSB projects to de-anonymize Tor browsing, scrape social media, and help the state split its internet off from the rest of the world. The data was passed to mainstream media outlets for publishing. https://www.forbes.com/sites/zakdoffman/2019/07/20/russian-intelligence-has-been-hacked-with-social-media-and-tor-projects-exposed/#7f32c5db6b11
#SIEM edition of Enterprise Security Magazine
You can add your "details" but no sign in or registration
Our vendor product mentioned in the Enterprise Security magazine #SIEM edition :)
Nice site http://10x.engineer/
Anyone familiar with DataDog products? https://www.datadoghq.com/log-management/
Yes that's right. There is an ELASTIC SIEM
Hands on with Elastic SIEM: Defending your organization with the Elastic Stack
Various techniques to audit #SQL Server databases https://www.sqlshack.com/various-techniques-to-audit-sql-server-databases/
Praying to some #Rapid7 gods - why my Ingress Authentication UEF contract is not being indexed on InsightIDR Log Search even though the JSON fields match, ISO timestamp is what it should be, fields are being dropped.. I suspect it's the fields. Well maybe time to switch to another use case which is to a static log file of various ingress authentication samples rather than watching an event (EventLog ID 4625 audit failure)
A Mastodon instance for info/cyber security-minded people.