Security log management identifying patterns in the chaos
This book teaches IT professionals how to analyze, manage, and automate their security log files to generate useful, repeatable information that can be use to make their networks more efficient and secure using primarily open source tools. The book begins by discussing the "Top 10? security log...
Autor principal: | |
---|---|
Otros Autores: | |
Formato: | Libro electrónico |
Idioma: | Inglés |
Publicado: |
Rockland, Mass. :
Syngress Pub
c2006.
|
Edición: | 1st edition |
Materias: | |
Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009627350606719 |
Tabla de Contenidos:
- Cover; Contents; Foreword; Chapter 1 Log Analysis: Overall Issues; IT Budgets and Results: Leveraging OSS Solutions at Little Cost; Reporting Security Information to Management; Combining Resources for an "Eye-in-the-Sky" View; Blended Threats and Reporting; Conclusion; Code Solutions; Commercial Solutions: ArcSight and Netforensics; Chapter 2 IDS Reporting; Session/Flow Logging with Snort; Session/Flow Logging with Argus; Can You Determine When a DDoS/DoS Attack Is Occurring?; Using Snort for Bandwidth Monitoring; Using Bro to Log and Capture Application-Level Protocols
- Tracking Users' Web Activities with BroUsing Bro to Gather DNS and Web Traffic Data; Using Bro for Blackholing Traffic to Malware-Infested Domains; Using Bro to Identify Top E-Mail Senders/Receivers; Chapter 3 Firewall Reporting; Firewall Reporting: A Reflection of the Effectiveness of Security Policies; The Supporting Infrastructure for Firewall Log Management; Chapter 4 Systems and Network Device Reporting; Web Server Logs; Recon and Attack Information; Correlating Data with the Host System; Chapter 5 Creating a Reporting Infrastructure
- Creating IDS Reports from Snort Logs-Example Report QueriesCreating IDS Reports from Bro Logs-Application Log Information; Chapter 6 Scalable Enterprise Solutions (ESM Deployments); What Is ESM?; When Deploying ESM Makes Sense; Which Security Reporting Tools to Aggregate into ESM; Using ESM Reporting for Maximum Performance; Special Considerations for Using ESM; Lessons Learned Implementing ESM; Chapter 7 Managing Log Files with Microsoft Log Parser; Log File Conversion; Log Rotation and Archival; Separating Logs; Chapter 8 Investigating Intrusions with Microsoft Log Parser
- Locating IntrusionsMonitoring IIS; Chapter 9 Managing Snort Alerts with Microsoft Log Parser; Building Snort IDS Reports