A few preliminary log analysis thoughts
As promised, below are a few of my own favorite resources on log analysis. Probably the top folks in the industry today working on the log analysis problem are Tina Bird, Marcus Ranum, and Anton Chuvakin. I've had the privilege of attending talks/classes by each of them at SANS conferences, I hope they'll be teaching more of them in the near future.
The log analysis web site created by Marcus Ranum and Tina Bird - http://www.loganalysis.org/
SEC (Simple Event Correlator), which I once described to SANS instructor David Hoelzer as "swatch on steroids" - http://kodu.neti.ee/~risto/sec/ and the SEC rules being collected by the Bleeding Snort project at http://www.bleedingsnort.com/sec/ (thanx to Matt Jonkman for reminding me of this).
Marcus Ranum's nbs tool - http://www.ranum.com/security/computer_security/code/nbs.tar
Logwatch - http://www.logwatch.org
As promised, I'll share our reader's suggestions sometime next week.
--------------------------
Jim Clausing, jclausing --at-- isc dot sans dot org
0 comment(s)
Resources
The log analysis mailing list - http://lists.shmoo.com/mailman/listinfo/loganalysisThe log analysis web site created by Marcus Ranum and Tina Bird - http://www.loganalysis.org/
SEC (Simple Event Correlator), which I once described to SANS instructor David Hoelzer as "swatch on steroids" - http://kodu.neti.ee/~risto/sec/ and the SEC rules being collected by the Bleeding Snort project at http://www.bleedingsnort.com/sec/ (thanx to Matt Jonkman for reminding me of this).
Marcus Ranum's nbs tool - http://www.ranum.com/security/computer_security/code/nbs.tar
Logwatch - http://www.logwatch.org
As promised, I'll share our reader's suggestions sometime next week.
--------------------------
Jim Clausing, jclausing --at-- isc dot sans dot org
Log Analysis tips?
Gang, the Storm Center list is relatively slow today (we don't use the q word because bad things happen when someone says that :) ), so I thought I'd ask for thoughts from readers on one of the topics I'm most interested in, and that is log analysis. Log analysis was mentioned in some of our tips of the day last month, most notably Swa's final tip of the day for the month, but I wanted to hear what our readers look for, what tools you use, etc. I'll collect them and post a summary early next week (so that those who don't read this over the weekend have an opportunity to contribute). I'll also give some of own favorites in another story this evening (US-time). Use the contact form to send me your suggestions and thanx in advance.
-------------------------
Jim Clausing, handler on duty
0 comment(s)
-------------------------
Jim Clausing, handler on duty
New feature at isc.sans.org
We've received a few e-mails on how to find all the tip of the day stories we did in August. Obviously, you could just look at all the diaries from August and pick out the ones with "Tip of the Day" in the subject, but we've added a feature to the website to make it even easier than that. Swa linked to it in his wrap up of last month's tips of the day, but we've added a feature that allows us to add tags to diary stories and we've used that on all the tips of the day from August. So, if you're trying to find them try this URL http://isc.sans.org/alldiaries.php?tag=ToD.
--------------------------
Jim Clausing, handler on duty
0 comment(s)
--------------------------
Jim Clausing, handler on duty
×
![modal content]()
Diary Archives
Comments
Anonymous
Dec 3rd 2022
9 months ago
Anonymous
Dec 3rd 2022
9 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
Anonymous
Dec 26th 2022
8 months ago
Anonymous
Dec 26th 2022
8 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
8 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
8 months ago
Anonymous
Dec 26th 2022
8 months ago
https://defineprogramming.com/
Dec 26th 2022
8 months ago
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
https://defineprogramming.com/
Dec 26th 2022
8 months ago
rthrth
Jan 2nd 2023
8 months ago