Top Banner
16

Log | Event | Information Management

Dec 05, 2014

Download

Education

Ayman Saeed

An introduction to Security Event and Information Management Technology.
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Log | Event | Information Management
Page 2: Log | Event | Information Management

Log|Event|Information ManagementAyman SaeedSr.Network Security Engineer, PS DEPRaya IT

Page 3: Log | Event | Information Management

Log Management

• Collection• Retention

Ex. Kiwi Syslog Server

Page 4: Log | Event | Information Management

Information|Event Management

• Collection• Normalization• Retention• Correlation• Alerting• Reporting

Page 5: Log | Event | Information Management

Log Types and Log Sources

• Audit Logs• Transaction Logs• Intrusion Logs• Connection Logs• Performance Records• User Activity Logs

• Firewall• IPS• Router/Switch• Servers• Databases• Business Applications• Antivirus

Page 6: Log | Event | Information Management

Log Chaos : Login|Logon|Log in

Page 7: Log | Event | Information Management

Log Chaos : Accept|Permit|Allow

Page 8: Log | Event | Information Management

Log Chaos: Syslog|WinEV|DB|File

Firewalls/VPN

IntrusionDetectionSystems

VulnerabilityAssessment

NetworkEquipment

Server and Desktop OS Anti-Virus Applications Databases

User Activity Monitoring

Critical file modifications

Policy

Changes

Malicious IP

Traffic

WebTraffic

Page 9: Log | Event | Information Management

Log Chaos, in brief.

• There is no standard format for writing logs

• There is no standard Transport method for moving logs

Page 10: Log | Event | Information Management

.SIEM, the product

• SIEM , Security Information and Event Management• Again:– Collection– Normalization– Retention– Correlation– Alerting – Reporting

Page 11: Log | Event | Information Management

Event Collection

– SIEM vendors create a group of documents for collecting logs from supported products.

Page 12: Log | Event | Information Management

Normalization

– UserID > Username– LoginName > Username– ID > Username– Username > Username

Page 13: Log | Event | Information Management

Retention

Example:• IDS+DMZ+Online = 90 days• Firewall+DMZ+online = 30 days• Servers+internal+online = 90 days• All+DMZ+archive = 3 years• Critical+internal+archive = 5 years• Other+internal+archive = 1 year

Page 14: Log | Event | Information Management

Correlation

25 events based on cross-referencing intrusion alerts against firewall entries and host/asset databases much more efficiently than when he must scan 10,000 mostly normal log entries.

Page 15: Log | Event | Information Management

Alerting

Alerting on incidents can take various forms :• Email• SMS• SNMP Trap

Page 16: Log | Event | Information Management

Reporting

– Compliance Reports (PCI, ISO..)– Security Reports (Critical Attacks,

Failed Logins..)– Audit Reports (Configuration

Changes, VPN Access..)– Operational Reports (Link

Utilization, Top Destination IP..)


Related Documents
GCS Event Log Distributor Service

GCS Event Log Distributor Service

Category: Documents
LogRhythmLogRhythm– ––– Log & Event Management, File ... · PDF fileLogRhythmLogRhythm– ––– Log & Event Management, File integrity Monitoring, Endpoint Monitoring &

LogRhythmLogRhythm– ––– Log & Event Management, File...

Category: Documents
Multifunction Measurement RG810 Recording / event log ...

Multifunction Measurement RG810 Recording / event log ...

Category: Documents
XenApp 6.5 - Event Log Messages

XenApp 6.5 - Event Log Messages

Category: Technology
Beginner's guide: Security information and event ...€¦ · 3 • LMS “Log Management System” – A system that collects and stores log files (from operating systems, applications,

Beginner's guide: Security information and event...

Category: Documents
SonicOS Log Event Reference Guide

SonicOS Log Event Reference Guide

Category: Documents
Event Log Messages - Cisco...Cisco Emergency Responder Administration Guide for Release 10.5(1) 10 Event Log Messages CER_ONSITEALERT

Event Log Messages - Cisco...Cisco Emergency Responder...

Category: Documents
Event Log Monitoring & the PCI DSS · 2018-01-31 · Event Log Monitoring and the PCI DSS Visit for more information and trial software page 2 Striking a Balance Between Compliance

Event Log Monitoring & the PCI DSS · 2018-01-31 · Event....

Category: Documents
Log Analysis and Event Correlation Using Variable Temporal Event ...

Log Analysis and Event Correlation Using Variable Temporal.....

Category: Documents
Understanding the Event Log

Understanding the Event Log

Category: Technology
Version 2 Log Event Extended Format (LEEF) · 2020-01-24 · Chapter 1. Log Event Extended Format (LEEF) The Log Event Extended Format (LEEF) is a customized event format for IBM

Version 2 Log Event Extended Format (LEEF) ·...

Category: Documents
XenApp 6.5 Event Log Messages - Citrix Supportsupport.citrix.com/content/dam/supportWS/kA460000000Cc8mCAC/Xe… · This article provides information on XenApp 6.5 Event ... Optimization

XenApp 6.5 Event Log Messages - Citrix...

Category: Documents