A Walk Through Logs Hell | SANS@MIC Talk

Channel:
United States SANS Institute
Subscribers:
64,800
Published on ● Video Link: https://www.youtube.com/watch?v=q-KlDRRUY_o


Category:
Vlog
Duration: 1:03:46
603 views
12

Once upon a time, an ogre called SIEM" was invented!

Today, if your organization does not have a SIEM, you look like the "Little Tom Thumb among your peers. During infosec meetups, many people like to brag about the power of the monster they deployed: We can ingest 5K events per second! or we index 3TB a day! That looks indeed nice but does not impress me so much. Are you sure that you can still find the needle from a haystack?

Being involved with such technologies and environments for a while, I had the opportunity to face many situations where the ogre SIEM was not able to return interesting data due to mis-configurations, topology changes, lack (or absence) of logs, wrong normalization and many more... Managing logs and events is not an easy job. This presentation will tell you some nightmare stories that you could also face in your organizations. And, of course, some ideas to prevent them.

Speaker Bio

Xavier Mertens is a freelance cybersecurity consultant based in Belgium. His daily job focuses on the “blue team” side to protect his customer’s assets (incident handling, forensics, log management, SIEM, security visualization, OSINT), but he likes to work on the “red team” side from time to time. Xavier is also a SANS Internet Storm Center Senior Handler (https://isc.sans.edu), security blogger (https://blog.rootshell.be) and co-organizer of the BruCON security conference (http://www.brucon.org).



Other Videos By SANS Institute


2020-06-26SEC510: Multicloud Security Assessment and Defense | SANS@MIC Talk
2020-06-26Threat Hunting via DNS | SANS@MIC Talk
2020-06-26No SQL Injection in MongoDB Applications | SANS@MIC Talk
2020-06-26Untapped Potential - SANS Blue Team Summit 2020
2020-06-23Using the Cloud to Provision Infrastructure with Software | SANS@MIC Talk
2020-06-22Cyber Security Career Development: Personal Branding
2020-06-19The Only Constant is Change: Tracking Adversary Trends | STAR Webcast
2020-06-18Maldocs: A Bit of Blue, A Bit of Red | SANS@MIC Talk
2020-06-18Catch and Release: Phishing Techniques for the Good Guys | SANS@MIC Talk
2020-06-16Arcane Web and Mobile Application Vulnerabilities | SANS@MIC Talk
2020-06-16A Walk Through Logs Hell | SANS@MIC Talk
2020-06-12Shellcode Analysis 101 | SANS@MIC Talk
2020-06-09SANS Live Online Interactive Remote Lab and Range Demo – SEC599: Defeating Advanced Adversaries
2020-06-09SANS Live Online Interactive Local Lab Demo – FOR508: Advanced Incident Response
2020-06-09SANS Live Online Interactive Live Lab Environment Demo: Slack, Local and Remote Lab Demonstrations
2020-06-09CYA by Using CIA -- Correctly For a Change | SANS@MIC Talk
2020-06-09Remote Forensic Investigations in the Context of COVID-19 | SANS@MIC Talk
2020-06-05Waiting for a cyber range exercise is not enough | SANS@MIC Talk
2020-06-03Case Study: Airbus
2020-06-02WinSCP: Yeah you know me! | SANS@MIC Talk
2020-05-28Prioritizing OT Security Efforts: The Five Tactical Things to Accomplish | SANS@MIC Talk


Tags:
sans institute
information security
cyber security
cybersecurity
information security training
cybersecurity training
cyber security training
SIEM
log