Logs… We will never get rid of them! It’s a pain to manage them from a technical point of view but collecting events and using them can also introduce more issues in companies… from a legal point of view! Tonight, an ISACA Belgium Chapter meeting was organised within the context of
Category: Logs Management / SIEM
Tracking Processes/Malwares Using OSSEC
For a while, malwares are in front of the security stage and the situation is unlikely to change in the coming months. When I give presentations about malwares, I always like to report two interesting statistics in my slides. They come from the 2012 Verizon DBIR: In 66% of investigated incidents,
KISS… Your Logs Too!
If there is a gold principle in IT, that’s the one called “KISS“: “Keep It Simple and Stupid“. It says that systems will work best if they are kept simple rather than complex. Simplicity must be a key goal during the design phase. This sounds logical: Keep in mind that
Building IP Reputation Lists from Snort Rules
We are already in 2014 for a few days and this is my first blog post for this year! So, let me wish you a wonderful 2014 for you and you family! Let’s start with a quick post about building IP addresses reputation list. This topic was discussed on a
Keep an Eye on Your Amazon Cloud with OSSEC
The Amazon conference “re:Invent” is taking place in Las Vegas at the moment. For a while, I’m using the Amazon cloud services (EC2) mainly to run lab and research systems. Amongst the multiple announcements they already made during the conference, one of them caught my attention: “CloudTrail“. Everything has already
Grepping Live Windows Events
Today, we have powerful tools to take care of our logs. There are plenty of solutions to collect and process them in multiple ways to make them more valuable. Of course, I have one of those tools to process my logs. However, I’m still often using the old good “tail
Review: Instant OSSEC Host-Based Intrusion Detection System
The guys from Packt Publishing asked me to review a new book from their “Instant” collection: “OSSEC Host-Based Intrusion Detection“. This collection proposes books with less than 100 pages about multiple topics. The goal is to go straight forward to the topic. OSSEC being one of my favorite application, I
The Belgian SIEM… wounds my heart with a monotonous languor!
Lot of Belgian newspapers and sites reported today (Example of  article – in French) that a project of law will be discussed soon (deriving from the EU Data Retention Directive) to request providers of telecommunications (Internet – Mobile services) to keep a trace of electronic communications. Wait, the article should say
“Out of the Box” SIEM? Never…
A reflexion about the multiple SIEM (“Security Information and Event Management“) products available on the market… I’m currently working with a customer on a big SIEM implementation in an environment that must be PCI compliant and integrates a multitude of devices coming from non-heterogenous security vendors (big-players). Security visualization being
Logs: For Better or For Worse?
Last week, a vulnerability regarding Apache was disclosed. More precisely, the issue was located on the mod_rewrite module. This module rewrites (now, you understand its name) URLs on the fly. This is very useful during web page migrations, attacks migitations etc. The security flaw does not affect the core feature