Using Logs for Breach Investigations and Incident Response by Dr Anton Chuvakin

Anton Chuvakin
Anton ChuvakinSecurity Strategy
Using Logs for Breach Investigations and Incident Response,[object Object],Dr. Anton Chuvakin,[object Object],@anton_chuvakin,[object Object],SecurityWarrior LLC,[object Object],www.securitywarriorconsulting.com,[object Object],BrightTalk Forensics Summit 2011,[object Object]
Logs for Breach Investigations,[object Object],A few thoughts to start us off …,[object Object], All attackers leave traces. Period! ,[object Object], It is just that you don’t always knowwhat and where,[object Object], And almost never knowwhy…,[object Object], Logs are the place to look, first,[object Object]
Outline,[object Object],Log and logging overview,[object Object],A brief on Incident response and forensics,[object Object],Logs in incident investigations,[object Object],Just what is log forensics?,[object Object],Conclusions and call to action!,[object Object]
Log Data Overview,[object Object],From Where?,[object Object],What logs?,[object Object],[object Object]
Routers/switches
Intrusion detection
Servers, desktops, mainframes
Business applications
Databases
Anti-virus
VPNs
Audit logs
Transaction logs
Intrusion logs
Connection logs
System performance records
User activity logs
Various alerts and other messages,[object Object]
Logs at Various Stage of Incident Response,[object Object],Preparation: verify controls, collect normal usage data, baseline, etc,[object Object],Identification: detect an incident, confirm incident, etc <- really?,[object Object],Containment: scope the damage, learn what else is “lost”, what else the attacker visited/tried, etc,[object Object],Eradication: preserving logs for the future, etc,[object Object],Recovery: confirming the restoration, etc,[object Object],Follow-Up: logs for “peaceful” purposes (training, etc) as well as preventing the recurrence,[object Object]
Various Logs for Incident Response,[object Object]
Firewall Logs in Incident Response,[object Object],Proof of Connectivity,[object Object],Proof of NO Connectivity ,[object Object],Scans,[object Object],Malware: Worms, Spyware,[object Object],Compromised Systems,[object Object],Misconfigured Systems,[object Object],Unauthorized Access and Access Attempts,[object Object]
Example: Firewall Logs in Place of Netflow,[object Object],Why Look at Firewall Logs During Incident Investigation?,[object Object],1990-2001 – to see what external threats got blocked (in, failure) ,[object Object],2002-2011+ – to see what internal system got connected (out, success),[object Object],Thus, firewall logs is “poor man’s” netflow…,[object Object]
Recommendations,[object Object],Log denied connections,[object Object],Log allowed connection,[object Object],If cannot log all allowed connections, then log outbound allowed connections,[object Object],Watch for firewall rule changes,[object Object]
NIDS Logs in Incident Response,[object Object],Attack, Intrusion and Compromise Detection,[object Object],Malware Detection: Worms, Viruses, Spyware, etc,[object Object],Network Abuses and Policy Violations,[object Object],Unauthorized Access and Access Attempts,[object Object],Recon Activity,[object Object]
Just A Thought…,[object Object],Q: How many serious incidents were discovered by an IDS/IPS?,[object Object],A: Answers I’ve heard..,[object Object],0, 0, 0, 0 with an average of 0 ,[object Object]
Server Logs in Incident Response,[object Object],Confirmed Access by an Intruder,[object Object],Service Crashes and Restarts,[object Object],Reboots,[object Object],Password, Trust and Other Account Changes,[object Object],System Configuration Changes,[object Object],A World of Other Things ,[object Object]
Example: “Irrelevant, You Say”,[object Object],Using disk failures for IDS ,[object Object],What is really there? ,[object Object],Is this OUR server? Well …,[object Object],“Detection by catastrophe”,[object Object],Is CNN you IDS?,[object Object]
Recommendations,[object Object],On a typical Unix system log:,[object Object],Syslog = usually defaults are sensible,[object Object],Select file access = via kernel logging,[object Object],Select process execution = via kernel logging,[object Object],On a typical Windows server:,[object Object],Authentication = failure/success,[object Object],Account changes = failure/success,[object Object],Privilege use = failure/success,[object Object],Others as needed (see MS Recommended Audit Policy),[object Object]
Database Logs in Incident Response,[object Object],Database and Schema Modifications,[object Object],Data and Object Modifications,[object Object],User and Privileged User Access,[object Object],Database Backups (!),[object Object],Failures, Crashes and Restarts,[object Object],LOOK AT LOGS! ,[object Object]
Proxy Logs in Incident Response,[object Object],Internet access patterns,[object Object],Policy violations,[object Object],Accidental/malicious information disclosure,[object Object],Malware: spyware, trojans, etc,[object Object],Outbound web-hacking,[object Object]
Example: Proxy Logs vs Uploads,[object Object],How?,[object Object],Search for POST requests AND specific document content-types (e.g. msword, powerpoint, etc.),[object Object],What?,[object Object],Look for a uploads to unusual sites (especially with unresolved IPs), web mail, or for sensitive document names,[object Object],Especially, look for uploads to unusual ports,[object Object]
Antivirus Logs in Incident Response,[object Object],Virus Detection and Clean-up (or lack thereof!),[object Object],Failed and Successful Antivirus Signature Updates,[object Object],Other Protection Failures and Issues,[object Object],Antivirus Software Crashes and Terminations,[object Object]
1 of 32

Using Logs for Breach Investigations and Incident Response by Dr Anton Chuvakin

Technology

Log and logging overview A brief on Incident response and forensics Logs in incident investigations Just what is log forensics? Conclusions and call to action!

Anton Chuvakin
Anton ChuvakinSecurity Strategy

Recommended

Log management and compliance: What's the real story? by Dr. Anton Chuvakin by
Log management and compliance: What's the real story? by Dr. Anton ChuvakinLog management and compliance: What's the real story? by Dr. Anton Chuvakin
Log management and compliance: What's the real story? by Dr. Anton ChuvakinAnton Chuvakin
1.5K views22 slides
"You Got That SIEM. Now What Do You Do?"  by Dr. Anton Chuvakin by
"You Got That SIEM. Now What Do You Do?"  by Dr. Anton Chuvakin"You Got That SIEM. Now What Do You Do?"  by Dr. Anton Chuvakin
"You Got That SIEM. Now What Do You Do?"  by Dr. Anton ChuvakinAnton Chuvakin
4.3K views40 slides
How to Gain Visibility and Control: Compliance Mandates, Security Threats and... by
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...How to Gain Visibility and Control: Compliance Mandates, Security Threats and...
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...Anton Chuvakin
934 views22 slides
Something Fun About Using SIEM by Dr. Anton Chuvakin by
Something Fun About Using SIEM by Dr. Anton ChuvakinSomething Fun About Using SIEM by Dr. Anton Chuvakin
Something Fun About Using SIEM by Dr. Anton ChuvakinAnton Chuvakin
7.5K views45 slides
PCI 2.0 What's Next for PCI DSS by Dr. Anton Chuvakin by
PCI 2.0 What's Next for PCI DSS by Dr. Anton ChuvakinPCI 2.0 What's Next for PCI DSS by Dr. Anton Chuvakin
PCI 2.0 What's Next for PCI DSS by Dr. Anton ChuvakinAnton Chuvakin
1.2K views22 slides
On Content-Aware SIEM by Dr. Anton Chuvakin by
On Content-Aware SIEM by Dr. Anton ChuvakinOn Content-Aware SIEM by Dr. Anton Chuvakin
On Content-Aware SIEM by Dr. Anton ChuvakinAnton Chuvakin
1.7K views16 slides

More Related Content

What's hot

Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin by
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinFive Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinAnton Chuvakin
14K views29 slides
Making Log Data Useful: SIEM and Log Management Together by
Making Log Data Useful: SIEM and Log Management TogetherMaking Log Data Useful: SIEM and Log Management Together
Making Log Data Useful: SIEM and Log Management TogetherAnton Chuvakin
33.9K views21 slides
What PCI DSS Taught Us About Security by Dr. Anton Chuvakin by
What PCI DSS Taught Us About Security by Dr. Anton ChuvakinWhat PCI DSS Taught Us About Security by Dr. Anton Chuvakin
What PCI DSS Taught Us About Security by Dr. Anton ChuvakinAnton Chuvakin
1.8K views32 slides
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin by
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton ChuvakinSo You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton ChuvakinAnton Chuvakin
6K views52 slides
Got SIEM? Now what? Getting SIEM Work For You by
Got SIEM? Now what? Getting SIEM Work For YouGot SIEM? Now what? Getting SIEM Work For You
Got SIEM? Now what? Getting SIEM Work For YouAnton Chuvakin
4.1K views45 slides
Leveraging Compliance for Security with SIEM and Log Management by
Leveraging Compliance for Security with SIEM and Log ManagementLeveraging Compliance for Security with SIEM and Log Management
Leveraging Compliance for Security with SIEM and Log ManagementTripwire
1.4K views27 slides

What's hot(20)

Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin by Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinFive Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Anton Chuvakin14K views
Making Log Data Useful: SIEM and Log Management Together by Anton Chuvakin
Making Log Data Useful: SIEM and Log Management TogetherMaking Log Data Useful: SIEM and Log Management Together
Making Log Data Useful: SIEM and Log Management Together
Anton Chuvakin33.9K views
What PCI DSS Taught Us About Security by Dr. Anton Chuvakin by Anton Chuvakin
What PCI DSS Taught Us About Security by Dr. Anton ChuvakinWhat PCI DSS Taught Us About Security by Dr. Anton Chuvakin
What PCI DSS Taught Us About Security by Dr. Anton Chuvakin
Anton Chuvakin1.8K views
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin by Anton Chuvakin
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton ChuvakinSo You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
Anton Chuvakin6K views
Got SIEM? Now what? Getting SIEM Work For You by Anton Chuvakin
Got SIEM? Now what? Getting SIEM Work For YouGot SIEM? Now what? Getting SIEM Work For You
Got SIEM? Now what? Getting SIEM Work For You
Anton Chuvakin4.1K views
Leveraging Compliance for Security with SIEM and Log Management by Tripwire
Leveraging Compliance for Security with SIEM and Log ManagementLeveraging Compliance for Security with SIEM and Log Management
Leveraging Compliance for Security with SIEM and Log Management
Tripwire1.4K views
Tips on SIEM Ops 2015 by Anton Chuvakin
Tips on SIEM Ops 2015Tips on SIEM Ops 2015
Tips on SIEM Ops 2015
Anton Chuvakin365 views
10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin by Anton Chuvakin
10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin
10X SOC - SANS Blue Summit Keynote 2021 - Anton Chuvakin
Anton Chuvakin391 views
Enterprise Logging and Log Management: Hot Topics by Dr. Anton Chuvakin by Anton Chuvakin
Enterprise Logging and Log Management: Hot Topics by Dr. Anton ChuvakinEnterprise Logging and Log Management: Hot Topics by Dr. Anton Chuvakin
Enterprise Logging and Log Management: Hot Topics by Dr. Anton Chuvakin
Anton Chuvakin3.7K views
Generic siem how_2017 by Anton Chuvakin
Generic siem how_2017Generic siem how_2017
Generic siem how_2017
Anton Chuvakin1K views
Anton Chuvakin - So You Got That SIEM, NOW What Do You Do? by Source Conference
Anton Chuvakin - So You Got That SIEM, NOW What Do You Do?Anton Chuvakin - So You Got That SIEM, NOW What Do You Do?
Anton Chuvakin - So You Got That SIEM, NOW What Do You Do?
Source Conference1.8K views
Top 10 SIEM Best Practices, SANS Ask the Expert by AccelOps
Top 10 SIEM Best Practices, SANS Ask the ExpertTop 10 SIEM Best Practices, SANS Ask the Expert
Top 10 SIEM Best Practices, SANS Ask the Expert
AccelOps4.6K views
Practical Strategies to Compliance and Security with SIEM by Dr. Anton Chuvakin by Anton Chuvakin
Practical Strategies to Compliance and Security with SIEM by Dr. Anton ChuvakinPractical Strategies to Compliance and Security with SIEM by Dr. Anton Chuvakin
Practical Strategies to Compliance and Security with SIEM by Dr. Anton Chuvakin
Anton Chuvakin3.4K views
SIEM for Beginners: Everything You Wanted to Know About Log Management but We... by AlienVault
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
AlienVault5.2K views
SIEM vs Log Management - Data Security Solutions 2011 by Andris Soroka
SIEM vs Log Management - Data Security Solutions 2011 SIEM vs Log Management - Data Security Solutions 2011
SIEM vs Log Management - Data Security Solutions 2011
Andris Soroka12.2K views
Top Cybersecurity Threats and How SIEM Protects Against Them by SBWebinars
Top Cybersecurity Threats and How SIEM Protects Against ThemTop Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against Them
SBWebinars218 views
SOC Architecture Workshop - Part 1 by Priyanka Aash
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
Priyanka Aash5.1K views
Best practises for log management by Brian Honan
Best practises for log managementBest practises for log management
Best practises for log management
Brian Honan6.7K views
SIEM by Napier University
SIEMSIEM
SIEM
Napier University2.3K views
Security Information Event Management - nullhyd by n|u - The Open Security Community
Security Information Event Management - nullhydSecurity Information Event Management - nullhyd
Security Information Event Management - nullhyd
n|u - The Open Security Community2.1K views

Viewers also liked

Db forensics for sql rally by
Db forensics for sql rallyDb forensics for sql rally
Db forensics for sql rallyParesh Motiwala, PMP®
551 views18 slides
Incident response before:after breach by
Incident response before:after breachIncident response before:after breach
Incident response before:after breachSumedt Jitpukdebodin
1.4K views44 slides
Anton Chuvakin FTP Server Intrusion Investigation by
Anton Chuvakin FTP Server Intrusion InvestigationAnton Chuvakin FTP Server Intrusion Investigation
Anton Chuvakin FTP Server Intrusion InvestigationAnton Chuvakin
2.7K views31 slides
How to Audit Firewall, what are the standard Practices for Firewall Audit by
How to Audit Firewall, what are the standard Practices for Firewall AuditHow to Audit Firewall, what are the standard Practices for Firewall Audit
How to Audit Firewall, what are the standard Practices for Firewall Auditkeyuradmin
5K views19 slides
Firewall Penetration Testing by
Firewall Penetration TestingFirewall Penetration Testing
Firewall Penetration TestingChirag Jain
8K views23 slides
Save water by
Save waterSave water
Save waterSadia Zareen
129.8K views24 slides

Viewers also liked(10)

Db forensics for sql rally by Paresh Motiwala, PMP®
Db forensics for sql rallyDb forensics for sql rally
Db forensics for sql rally
Paresh Motiwala, PMP®551 views
Incident response before:after breach by Sumedt Jitpukdebodin
Incident response before:after breachIncident response before:after breach
Incident response before:after breach
Sumedt Jitpukdebodin1.4K views
Anton Chuvakin FTP Server Intrusion Investigation by Anton Chuvakin
Anton Chuvakin FTP Server Intrusion InvestigationAnton Chuvakin FTP Server Intrusion Investigation
Anton Chuvakin FTP Server Intrusion Investigation
Anton Chuvakin2.7K views
How to Audit Firewall, what are the standard Practices for Firewall Audit by keyuradmin
How to Audit Firewall, what are the standard Practices for Firewall AuditHow to Audit Firewall, what are the standard Practices for Firewall Audit
How to Audit Firewall, what are the standard Practices for Firewall Audit
keyuradmin5K views
Firewall Penetration Testing by Chirag Jain
Firewall Penetration TestingFirewall Penetration Testing
Firewall Penetration Testing
Chirag Jain8K views
Save water by Sadia Zareen
Save waterSave water
Save water
Sadia Zareen129.8K views
Save water Save Life! by Srishtii Sharma
Save water Save Life!Save water Save Life!
Save water Save Life!
Srishtii Sharma36K views
Fortigate Training by NCS Computech Ltd.
Fortigate TrainingFortigate Training
Fortigate Training
NCS Computech Ltd.33.7K views
Security Operation Center - Design & Build by Sameer Paradia
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & Build
Sameer Paradia 95.1K views
Water conservation ppt by binnyaji
Water conservation pptWater conservation ppt
Water conservation ppt
binnyaji327.1K views

Similar to Using Logs for Breach Investigations and Incident Response by Dr Anton Chuvakin

Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008 by
Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008
Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008guestc0c304
269 views41 slides
Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008 by
Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008
Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008Anton Chuvakin
2.9K views41 slides
Log Forensics from CEIC 2007 by
Log Forensics from CEIC 2007Log Forensics from CEIC 2007
Log Forensics from CEIC 2007Anton Chuvakin
1.2K views16 slides
CONFidence 2007 Log Forensics TEASER Preso by
CONFidence 2007 Log Forensics TEASER PresoCONFidence 2007 Log Forensics TEASER Preso
CONFidence 2007 Log Forensics TEASER PresoAnton Chuvakin
1.4K views13 slides
Logs vs Insiders by
Logs vs InsidersLogs vs Insiders
Logs vs InsidersAnton Chuvakin
1.3K views30 slides
Logs for Information Assurance and Forensics @ USMA by
Logs for Information Assurance and Forensics @ USMALogs for Information Assurance and Forensics @ USMA
Logs for Information Assurance and Forensics @ USMAAnton Chuvakin
1.1K views31 slides

Similar to Using Logs for Breach Investigations and Incident Response by Dr Anton Chuvakin(20)

Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008 by guestc0c304
Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008
Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008
guestc0c304269 views
Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008 by Anton Chuvakin
Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008
Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008
Anton Chuvakin2.9K views
Log Forensics from CEIC 2007 by Anton Chuvakin
Log Forensics from CEIC 2007Log Forensics from CEIC 2007
Log Forensics from CEIC 2007
Anton Chuvakin1.2K views
CONFidence 2007 Log Forensics TEASER Preso by Anton Chuvakin
CONFidence 2007 Log Forensics TEASER PresoCONFidence 2007 Log Forensics TEASER Preso
CONFidence 2007 Log Forensics TEASER Preso
Anton Chuvakin1.4K views
Logs vs Insiders by Anton Chuvakin
Logs vs InsidersLogs vs Insiders
Logs vs Insiders
Anton Chuvakin1.3K views
Logs for Information Assurance and Forensics @ USMA by Anton Chuvakin
Logs for Information Assurance and Forensics @ USMALogs for Information Assurance and Forensics @ USMA
Logs for Information Assurance and Forensics @ USMA
Anton Chuvakin1.1K views
Power of logs: practices for network security by Information Technology Society Nepal
Power of logs: practices for network securityPower of logs: practices for network security
Power of logs: practices for network security
Information Technology Society Nepal393 views
Enabling effective hunt teaming and incident response by jeffmcjunkin
Enabling effective hunt teaming and incident responseEnabling effective hunt teaming and incident response
Enabling effective hunt teaming and incident response
jeffmcjunkin793 views
Cyber Security Workshop GDSC-BITW by ChanchalHiwanj1
Cyber Security Workshop GDSC-BITWCyber Security Workshop GDSC-BITW
Cyber Security Workshop GDSC-BITW
ChanchalHiwanj19 views
Log Standards & Future Trends by Dr. Anton Chuvakin by Anton Chuvakin
Log Standards & Future Trends by Dr. Anton ChuvakinLog Standards & Future Trends by Dr. Anton Chuvakin
Log Standards & Future Trends by Dr. Anton Chuvakin
Anton Chuvakin2.2K views
Incident Response Fails by Michael Gough
Incident Response FailsIncident Response Fails
Incident Response Fails
Michael Gough18 views
Six Mistakes of Log Management 2008 by Anton Chuvakin
Six Mistakes of Log Management 2008Six Mistakes of Log Management 2008
Six Mistakes of Log Management 2008
Anton Chuvakin2.1K views
Audit logs for Security and Compliance by Anton Chuvakin
Audit logs for Security and ComplianceAudit logs for Security and Compliance
Audit logs for Security and Compliance
Anton Chuvakin4.5K views
NetWitness by TechBiz Forense Digital
NetWitnessNetWitness
NetWitness
TechBiz Forense Digital2.9K views
N.sai kiran IIITA AP by sai Nagaragiri
N.sai kiran IIITA APN.sai kiran IIITA AP
N.sai kiran IIITA AP
sai Nagaragiri409 views
Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h... by NoNameCon
Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...
Nazar Tymoshyk et al - Night in Defense Workshop: Hunting for a needle in a h...
NoNameCon154 views
How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its Tracks by AlienVault
How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its TracksHow to Use Crowd-Sourced Threat Intelligence to Stop Malware in its Tracks
How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its Tracks
AlienVault1.7K views
Msra 2011 windows7 forensics-troyla by CTIN
Msra 2011 windows7 forensics-troylaMsra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troyla
CTIN1.5K views
Old Linux Security Talk by Tanner Lovelace
Old Linux Security TalkOld Linux Security Talk
Old Linux Security Talk
Tanner Lovelace828 views
Cyber warfare introduction by jagadeesh katla
Cyber warfare introductionCyber warfare introduction
Cyber warfare introduction
jagadeesh katla657 views

More from Anton Chuvakin

SANS Webinar: The Future of Log Centralization for SIEMs and DFIR – Is the En... by
SANS Webinar: The Future of Log Centralization for SIEMs and DFIR – Is the En...SANS Webinar: The Future of Log Centralization for SIEMs and DFIR – Is the En...
SANS Webinar: The Future of Log Centralization for SIEMs and DFIR – Is the En...Anton Chuvakin
33 views22 slides
SOC Lessons from DevOps and SRE by Anton Chuvakin by
SOC Lessons from DevOps and SRE by Anton ChuvakinSOC Lessons from DevOps and SRE by Anton Chuvakin
SOC Lessons from DevOps and SRE by Anton ChuvakinAnton Chuvakin
265 views18 slides
Hey SOC, Look LEFT! by Anton Chuvakin RSA 2023 Booth by
Hey SOC, Look LEFT! by Anton Chuvakin RSA 2023 BoothHey SOC, Look LEFT! by Anton Chuvakin RSA 2023 Booth
Hey SOC, Look LEFT! by Anton Chuvakin RSA 2023 BoothAnton Chuvakin
139 views10 slides
20 Years of SIEM - SANS Webinar 2022 by
20 Years of SIEM - SANS Webinar 202220 Years of SIEM - SANS Webinar 2022
20 Years of SIEM - SANS Webinar 2022Anton Chuvakin
283 views21 slides
SOCstock 2020 Groovy SOC Tunes aka Modern SOC Trends by
SOCstock 2020 Groovy SOC Tunes aka Modern SOC TrendsSOCstock 2020 Groovy SOC Tunes aka Modern SOC Trends
SOCstock 2020 Groovy SOC Tunes aka Modern SOC TrendsAnton Chuvakin
286 views14 slides
SOCstock 2021 The Cloud-native SOC by
SOCstock 2021 The Cloud-native SOC SOCstock 2021 The Cloud-native SOC
SOCstock 2021 The Cloud-native SOC Anton Chuvakin
429 views26 slides

More from Anton Chuvakin(14)

SANS Webinar: The Future of Log Centralization for SIEMs and DFIR – Is the En... by Anton Chuvakin
SANS Webinar: The Future of Log Centralization for SIEMs and DFIR – Is the En...SANS Webinar: The Future of Log Centralization for SIEMs and DFIR – Is the En...
SANS Webinar: The Future of Log Centralization for SIEMs and DFIR – Is the En...
Anton Chuvakin33 views
SOC Lessons from DevOps and SRE by Anton Chuvakin by Anton Chuvakin
SOC Lessons from DevOps and SRE by Anton ChuvakinSOC Lessons from DevOps and SRE by Anton Chuvakin
SOC Lessons from DevOps and SRE by Anton Chuvakin
Anton Chuvakin265 views
Hey SOC, Look LEFT! by Anton Chuvakin RSA 2023 Booth by Anton Chuvakin
Hey SOC, Look LEFT! by Anton Chuvakin RSA 2023 BoothHey SOC, Look LEFT! by Anton Chuvakin RSA 2023 Booth
Hey SOC, Look LEFT! by Anton Chuvakin RSA 2023 Booth
Anton Chuvakin139 views
20 Years of SIEM - SANS Webinar 2022 by Anton Chuvakin
20 Years of SIEM - SANS Webinar 202220 Years of SIEM - SANS Webinar 2022
20 Years of SIEM - SANS Webinar 2022
Anton Chuvakin283 views
SOCstock 2020 Groovy SOC Tunes aka Modern SOC Trends by Anton Chuvakin
SOCstock 2020 Groovy SOC Tunes aka Modern SOC TrendsSOCstock 2020 Groovy SOC Tunes aka Modern SOC Trends
SOCstock 2020 Groovy SOC Tunes aka Modern SOC Trends
Anton Chuvakin286 views
SOCstock 2021 The Cloud-native SOC by Anton Chuvakin
SOCstock 2021 The Cloud-native SOC SOCstock 2021 The Cloud-native SOC
SOCstock 2021 The Cloud-native SOC
Anton Chuvakin429 views
Modern SOC Trends 2020 by Anton Chuvakin
Modern SOC Trends 2020Modern SOC Trends 2020
Modern SOC Trends 2020
Anton Chuvakin756 views
Anton's 2020 SIEM Best and Worst Practices - in Brief by Anton Chuvakin
Anton's 2020 SIEM Best and Worst Practices - in BriefAnton's 2020 SIEM Best and Worst Practices - in Brief
Anton's 2020 SIEM Best and Worst Practices - in Brief
Anton Chuvakin340 views
Five SIEM Futures (2012) by Anton Chuvakin
Five SIEM Futures (2012)Five SIEM Futures (2012)
Five SIEM Futures (2012)
Anton Chuvakin609 views
RSA 2016 Security Analytics Presentation by Anton Chuvakin
RSA 2016 Security Analytics PresentationRSA 2016 Security Analytics Presentation
RSA 2016 Security Analytics Presentation
Anton Chuvakin497 views
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin by Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinFive Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Anton Chuvakin10K views
SIEM Primer: by Anton Chuvakin
SIEM Primer:SIEM Primer:
SIEM Primer:
Anton Chuvakin4.7K views
Making Log Data Useful: SIEM and Log Management Together by Dr. Anton Chuvakin by Anton Chuvakin
Making Log Data Useful: SIEM and Log Management Together by Dr. Anton ChuvakinMaking Log Data Useful: SIEM and Log Management Together by Dr. Anton Chuvakin
Making Log Data Useful: SIEM and Log Management Together by Dr. Anton Chuvakin
Anton Chuvakin2.6K views
PCI DSS and Logging: What You Need To Know by Dr. Anton Chuvakin by Anton Chuvakin
PCI DSS and Logging: What You Need To Know by Dr. Anton ChuvakinPCI DSS and Logging: What You Need To Know by Dr. Anton Chuvakin
PCI DSS and Logging: What You Need To Know by Dr. Anton Chuvakin
Anton Chuvakin20.2K views

Recently uploaded

Vertical User Stories by
Vertical User StoriesVertical User Stories
Vertical User StoriesMoisés Armani Ramírez
11 views16 slides
SAP Automation Using Bar Code and FIORI.pdf by
SAP Automation Using Bar Code and FIORI.pdfSAP Automation Using Bar Code and FIORI.pdf
SAP Automation Using Bar Code and FIORI.pdfVirendra Rai, PMP
19 views38 slides
Lilypad @ Labweek, Istanbul, 2023.pdf by
Lilypad @ Labweek, Istanbul, 2023.pdfLilypad @ Labweek, Istanbul, 2023.pdf
Lilypad @ Labweek, Istanbul, 2023.pdfAlly339821
9 views45 slides
Melek BEN MAHMOUD.pdf by
Melek BEN MAHMOUD.pdfMelek BEN MAHMOUD.pdf
Melek BEN MAHMOUD.pdfMelekBenMahmoud
14 views1 slide
Piloting & Scaling Successfully With Microsoft Viva by
Piloting & Scaling Successfully With Microsoft VivaPiloting & Scaling Successfully With Microsoft Viva
Piloting & Scaling Successfully With Microsoft VivaRichard Harbridge
10 views160 slides
Data-centric AI and the convergence of data and model engineering: opportunit... by
Data-centric AI and the convergence of data and model engineering: opportunit...Data-centric AI and the convergence of data and model engineering: opportunit...
Data-centric AI and the convergence of data and model engineering: opportunit...Paolo Missier
34 views40 slides

Recently uploaded(20)

Vertical User Stories by Moisés Armani Ramírez
Vertical User StoriesVertical User Stories
Vertical User Stories
Moisés Armani Ramírez11 views
SAP Automation Using Bar Code and FIORI.pdf by Virendra Rai, PMP
SAP Automation Using Bar Code and FIORI.pdfSAP Automation Using Bar Code and FIORI.pdf
SAP Automation Using Bar Code and FIORI.pdf
Virendra Rai, PMP19 views
Lilypad @ Labweek, Istanbul, 2023.pdf by Ally339821
Lilypad @ Labweek, Istanbul, 2023.pdfLilypad @ Labweek, Istanbul, 2023.pdf
Lilypad @ Labweek, Istanbul, 2023.pdf
Ally3398219 views
Melek BEN MAHMOUD.pdf by MelekBenMahmoud
Melek BEN MAHMOUD.pdfMelek BEN MAHMOUD.pdf
Melek BEN MAHMOUD.pdf
MelekBenMahmoud14 views
Piloting & Scaling Successfully With Microsoft Viva by Richard Harbridge
Piloting & Scaling Successfully With Microsoft VivaPiloting & Scaling Successfully With Microsoft Viva
Piloting & Scaling Successfully With Microsoft Viva
Richard Harbridge10 views
Data-centric AI and the convergence of data and model engineering: opportunit... by Paolo Missier
Data-centric AI and the convergence of data and model engineering: opportunit...Data-centric AI and the convergence of data and model engineering: opportunit...
Data-centric AI and the convergence of data and model engineering: opportunit...
Paolo Missier34 views
Business Analyst Series 2023 - Week 3 Session 5 by DianaGray10
Business Analyst Series 2023 - Week 3 Session 5Business Analyst Series 2023 - Week 3 Session 5
Business Analyst Series 2023 - Week 3 Session 5
DianaGray10209 views
The Research Portal of Catalonia: Growing more (information) & more (services) by CSUC - Consorci de Serveis Universitaris de Catalunya
The Research Portal of Catalonia: Growing more (information) & more (services)The Research Portal of Catalonia: Growing more (information) & more (services)
The Research Portal of Catalonia: Growing more (information) & more (services)
CSUC - Consorci de Serveis Universitaris de Catalunya73 views
STPI OctaNE CoE Brochure.pdf by madhurjyapb
STPI OctaNE CoE Brochure.pdfSTPI OctaNE CoE Brochure.pdf
STPI OctaNE CoE Brochure.pdf
madhurjyapb12 views
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N... by James Anderson
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...
James Anderson33 views
Attacking IoT Devices from a Web Perspective - Linux Day by Simone Onofri
Attacking IoT Devices from a Web Perspective - Linux Day Attacking IoT Devices from a Web Perspective - Linux Day
Attacking IoT Devices from a Web Perspective - Linux Day
Simone Onofri15 views
Uni Systems for Power Platform.pptx by Uni Systems S.M.S.A.
Uni Systems for Power Platform.pptxUni Systems for Power Platform.pptx
Uni Systems for Power Platform.pptx
Uni Systems S.M.S.A.50 views
Info Session November 2023.pdf by AleksandraKoprivica4
Info Session November 2023.pdfInfo Session November 2023.pdf
Info Session November 2023.pdf
AleksandraKoprivica410 views
AMAZON PRODUCT RESEARCH.pdf by JerikkLaureta
AMAZON PRODUCT RESEARCH.pdfAMAZON PRODUCT RESEARCH.pdf
AMAZON PRODUCT RESEARCH.pdf
JerikkLaureta15 views
DALI Basics Course 2023 by Ivory Egg
DALI Basics Course 2023DALI Basics Course 2023
DALI Basics Course 2023
Ivory Egg14 views
PharoJS - Zürich Smalltalk Group Meetup November 2023 by Noury Bouraqadi
PharoJS - Zürich Smalltalk Group Meetup November 2023PharoJS - Zürich Smalltalk Group Meetup November 2023
PharoJS - Zürich Smalltalk Group Meetup November 2023
Noury Bouraqadi120 views
handbook for web 3 adoption.pdf by Liveplex
handbook for web 3 adoption.pdfhandbook for web 3 adoption.pdf
handbook for web 3 adoption.pdf
Liveplex19 views
Transcript: The Details of Description Techniques tips and tangents on altern... by BookNet Canada
Transcript: The Details of Description Techniques tips and tangents on altern...Transcript: The Details of Description Techniques tips and tangents on altern...
Transcript: The Details of Description Techniques tips and tangents on altern...
BookNet Canada130 views
From chaos to control: Managing migrations and Microsoft 365 with ShareGate! by sammart93
From chaos to control: Managing migrations and Microsoft 365 with ShareGate!From chaos to control: Managing migrations and Microsoft 365 with ShareGate!
From chaos to control: Managing migrations and Microsoft 365 with ShareGate!
sammart939 views
Report 2030 Digital Decade by Massimo Talia
Report 2030 Digital DecadeReport 2030 Digital Decade
Report 2030 Digital Decade
Massimo Talia14 views

Using Logs for Breach Investigations and Incident Response by Dr Anton Chuvakin