Just a quick note to my readers: see you at RSA 2012 next week. I am around Monday-Thursday and even though most of my time is booked, you can probably find me near the press room at odd hours.
Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts based on last month’s visitor data (excluding other monthly or annual round-ups): “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010 – much ancient!) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; also see this SIEM use case in depth and this for a more current list of popular SIEM use cases. Finally, see our research on developing security monitoring use cases here – and that we updated for 2018 . A lot more SIEM use case discussion is coming, here is a new post for 2018 SIEM use cases. “ Simple Log Review Checklist Released! ” is often at the top of this list – this rapidly aging checklist is still a useful tool for many people. “ On Free Log Management Tools ” (also aged quite a bit by now) is a companion to the checklist ( updated version ) “ Why No Open Source SIEM, EVER? ” contains some...
Love those easy unscientific quizzes you see all over the Internet? Here is one such quiz on LOGGING and LOG MANAGEMENT that I created specially for LogManagementCentral . Go check what you really know about logs and figure out whether you are a mere bunny logger or a log management ninja. Result scales: Bunny logger (score of 10%) Eager log beaver (score of 20 – 40%) I know my way around logs (score of 50 – 70%) I changed my name to “Log Logger” (score of 80 – 90%) Log management ninja (score of 100.00% and nothing less!) Don’t be afraid … I did put a couple of tricky questions in there .
SANS is almost ready with their 7th Annual Log Management Survey , which would be unveiled at two SANS webcasts on April 25 and April 26 (both at 1PM EST / 10AM PST). The SANS log management survey is a useful measure of what organizations do with logs and how it changes year over year. SANS states that “organizations still want better access to their log data and better integration with third party security software and their SIEM systems and their Windows logs.” I am allowed to share a few (very few!) bits from a report, but expect full analysis from me when it officially comes out. So: Collection has dropped way down among the most challenging tasks related to logs – now categorization, reporting, analysis and other higher level tasks show up as top challenges (good news!) Alerting / detection again trumps search / investigations as far as basic log use cases are concerned (it is definitely very interesting since post-incident search requires much less tuning than alert...
Comments
Post a Comment