Talk to an expert

Tag: Log Management

Why Naming Conventions are Important to Log Monitoring

Why Naming Conventions are Important to Log Monitoring

Log monitoring is difficult for many reasons. For one thing there are not many events that unquestionably indicate an intrusion or malicious activity. If it were that easy the system would just prevent the attack in the first place.
Monitoring File Permission Changes with the Windows Security Log

Monitoring File Permission Changes with the Windows Security Log

Unstructured data access governance is a big compliance concern.  Unstructured data is difficult to secure because there’s so much of it, it’s growing so fast and it is user created so it doesn’t automatically get categorized and controlled like structured data in databases.
Security Logging as a Detective and Deterrent Control Against Rogue Admins

Security Logging as a Detective and Deterrent Control Against Rogue Admins

Intrusion detection and compliance are the focus of log management, SIEM and security logging.  But security logs, when managed correctly are also the only control over rogue admins.  Once root or admin authority has been given to, or acquired by, a user, there is little they cannot do.
How to Use Process Tracking Events in the Windows Security Log

How to Use Process Tracking Events in the Windows Security Log

I think one of the most underutilized features of Windows Auditing and the Security Log are Process Tracking events. In Windows 2003/XP you get these events by simply enabling the Process Tracking audit policy.
How to Detect Low Level Permission Changes in Active Directory

How to Detect Low Level Permission Changes in Active Directory

We hear a lot about tracking privileged access today because privileged users like Domain Admins can do a lot of damage. But more importantly, if their accounts are compromised the attacker gets full control of your environment. In line with this concern, many security standards and compliance documents recommend tracking changes to privileged groups like Administrators, Domain Admins and Enterprise Admins in Windows, and related groups and roles in other applications and platforms.
Logging for HIPAA Part 2; Secure auditing in Linux

Logging for HIPAA Part 2; Secure auditing in Linux

HIPAA Logging HOWTO, Part 2 The Health Insurance Portability and Accountability Act of 1996 (HIPAA) outlines relevant security and privacy standards for health information – both electronic and physical. The main mission of the law is “to improve portability and continuity of health insurance coverage in the group and individual markets, to combat waste, fraud, and abuse in health insurance and health care delivery” (HIPAA Act of 1996 http://www.hhs.gov/ocr/privacy/). A recent enhancement to HIPAA is called Health Information Technology for Economic and Clinical Health Act or HITECH Act.
Sustainable vs. Situational Values

Sustainable vs. Situational Values

I am often asked that if Log Management is so important to the modern IT department, then how come more than 80% of the market that “should” have adopted it has not done so?

Logs vs Bots and Malware Today

Logs vs Bots and Malware Today

Despite the fact that security industry has been fighting malicious software – viruses, worms, spyware, bots and other malware since the late 1980s, malware still represents one of the key threat factors for organizations today. While silly viruses of the 1990s and noisy worms (Blaster, Slammer, etc.) of the early 2000’s have been replaced by commercial bots and so-called “advanced persistent threats,” the malware fight rages on.
Five Takeaways from the 2019 SIEM Study

For of all sad words of tongue or pen, the saddest are these: 'We weren't logging'

It doesn't rhyme and it's not what Whittier said but it's true. If you don't log it when it happens, the evidence is gone forever.
Top 5 Linux log file groups in/var/log

Top 5 Linux log file groups in/var/log

If you manage any Linux machines, it is essential that you know where the log files are located, and what is contained in them. From a security perspective, here are 5 groups of files which are essential. Many other files are generated and will be important for system administration and troubleshooting.
How to control and detect users logging onto unauthorized computers

How to control and detect users logging onto unauthorized computers

Windows gives you several ways to control which computers can be logged onto with a given account.  Leveraging these features is a critical way to defend against persistent attackers.
Top 4 Security Questions You Can Only Answer with Workstation Logon/Logoff Events

Top 4 Security Questions You Can Only Answer with Workstation Logon/Logoff Events

I often encounter a dangerous misconception about the Windows Security Log: the idea that you only need to monitor domain controller logs.  Domain controller security logs are absolutely critical to security but they are only a portion of your overall audit trail.  Member server and workstation logs are really just as important and I’m going to focus this article on the top 4 questions you can only answer with workstation logon/logoff events.

How to analyze login and pre-authentication failures for Windows Server 2003 R2 and below

How to analyze login and pre-authentication failures for Windows Server 2003 R2 and below

Analyzing all the login and pre-authentication failures within your organization can be tedious. There are thousands of login failures generated for several reasons. Here we will discuss the different event IDs and error codes and how you can simplify the login failure review process.
The Art of Detecting Malicious Activity with Logs

The Art of Detecting Malicious Activity with Logs

Randy Franklin Smith compares methods for detecting malicious activity from logs including monitoring for high impact changes, setting up tripwires and anomalous changes in activity levels. Security standards and auditors make much of reviewing logs for malicious activity.
Logs for Insider Abuse Investigations

Logs for Insider Abuse Investigations

In most previous newsletters, we have discussed the use of logging for various regulatory mandates (such as PCI DSS, HIPAA and FISMA) as well as the use of logs for incident response and malicious software tracking. This log data can also be incredibly useful for detecting and investigating insider abuse and internal attacks.

🚨 New Webinar Alert! 🚨

Q2: SOC Quarterly Threat Briefing

🗓️ Date: July 24th, 2024
🕒 Time: 11 AM (PT)

Secure Your Spot!
Privacy PolicyTerms & ConditionsSitemapSafeHotline
magnifiercrossmenuchevron-down linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram