Completed
Collecting security logs Endpoint "protection", App Whitelisting, Vulnerability scanners, Honeypots
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
SIEMple Technology
Automatically move to the next video in the Classroom when playback concludes
- 1 SIEMple technology A guide on setting up an SIEM in your environment
- 2 1. Researching options and setting goals 2. Implementing in your environment
- 3 What is a SIEM? Security Information Event Management, but what does that mean? • Log Collection • Log Correlation • Alerting • Log Retention
- 4 What value are you trying to create? Faster incident response?
- 5 Collecting network logs Firewalls, IDS/IPS, Netflow, WAFs, Web Proxies
- 6 Collecting end user logs EMET, Sysmon, Local Firewall, Installed Apps, Event Logs, Command line history
- 7 Collecting security logs Endpoint "protection", App Whitelisting, Vulnerability scanners, Honeypots
- 8 Correlating logs 2 successful logins from same person in the same day from two different countries
- 9 What resources will you need? How many events per second/hour? • How many of those events do you need to store/process/correlate in a given time period? • How long do you need to store everything?
- 10 Phased Approach Options • Most critical systems • Compliance requirements • Least amount of visibility • Annoying ones that need professional service hours to resolve.
- 11 Tweak, alter, test, & more tweaking Dont let your SIEM • Cry wolf • Nag you repeatedly • Do nothing
- 12 Have department liaisons and have them communicate: • Downtime • Upgrades • Major config changes • System replacements and additions
- 13 Periodic reviews True for internal or external SIEMS Are your alerts still relevant? Are you still getting logs from required sources? • Did you miss a system, device, or application? • Are you getti…
- 14 Wrap up Find the solution that meets your needs (Supported devices, time and people resources)
- 15 Russell Butturini @tcstoolhaxor My wife: Andrea BSides LV You guys!
