Mind Mapping automation
in information security log
analysis

(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml

Imag...
Manually reviewing log files has the following problems:

•
•
•
•

Time consuming
Monotonous
Difficult to prioritize event...
Advantages of Mind Maps
• Visual display of information
• Information grouped by device, date-time, type
of event and type...
Example of application of Mind Mapping automation

Endpoint Protector
Data Loss Prevention solution
“Make sure sensitive d...
Endpoint Protector

(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml
Log generated by Endpoint Protector

(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml
Example of a log file generated by Endpoint Protector

(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml
Mind Maps generated
•
•
•
•
•

Events by device
Events by date-time
Events by type of event
Events by type of file
Events ...
EVENTS BY DEVICE

(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml
Log file processed with Mind Mapping automation

(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml
Overview

(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml
USB – 1

(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml
USB – 2 (Events)

(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml
USB - 2

(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml
Webcam

(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml
Network Adapter

(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml
WiFi Adapter

(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml
CD-ROM

(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml
EVENTS BY DATE-TIME

(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml
Level 1

(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml
Overview

(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml
Events in a day

(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml
Events in a day

(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml
Events in a day

(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml
EVENTS BY TYPE OF EVENT

(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml
Overview

(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml
Level 1

(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml
File read

(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml
File rename

(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml
File delete

(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml
Enabled

(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml
Disconnected

(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml
EVENTS BY TYPE OF FILE

(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml
Overview

(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml
Level 1

(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml
url file

(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml
AVI

(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml
Application

(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml
EVENTS BY USER LOGGED

(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml
Overview

(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml
Level 1

(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml
User: Alice Johnson

(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml
User: John Smith

(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml
REVIEW PROCESS

(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml
Review detail of a File delete

(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml
Mind Map of the events to review by user logged

(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml
Summary
• Mind Mapping automation is a very useful
tool to analyze security logs
• It can be adapted to any type of log
• ...
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml

Image courtesy of Stuart Miles
/ FreeDigitalPhotos.net
Contact Information
• José M. Guerrero
• jm@infoseg.com
• Slideshare Presentations

(C) Infoseg 2014
http://www.infoseg.co...
Upcoming SlideShare
Loading in …5
×

Applications of Mind Mapping automation in the analysis of information security log files

2,535 views

Published on

Applications of Mind Mapping automation in the analysis of information security logs files. Example using Endpoint Protector log files.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,535
On SlideShare
0
From Embeds
0
Number of Embeds
780
Actions
Shares
0
Downloads
20
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Applications of Mind Mapping automation in the analysis of information security log files

  1. 1. Mind Mapping automation in information security log analysis (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml Image courtesy of Stuart Miles / FreeDigitalPhotos.net
  2. 2. Manually reviewing log files has the following problems: • • • • Time consuming Monotonous Difficult to prioritize events Difficult to visualize important events (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
  3. 3. Advantages of Mind Maps • Visual display of information • Information grouped by device, date-time, type of event and type of file • Flexible • Easy to add comments and callouts to the basic Mind Map • Easy to share • Exportable to PDF, Word and HTML • Tree structure • Searchable (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
  4. 4. Example of application of Mind Mapping automation Endpoint Protector Data Loss Prevention solution “Make sure sensitive data does not leave your network whether copied on devices, clipboard or through applications, online services and even as screen captures.” (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
  5. 5. Endpoint Protector (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
  6. 6. Log generated by Endpoint Protector (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
  7. 7. Example of a log file generated by Endpoint Protector (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
  8. 8. Mind Maps generated • • • • • Events by device Events by date-time Events by type of event Events by type of file Events by user (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
  9. 9. EVENTS BY DEVICE (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
  10. 10. Log file processed with Mind Mapping automation (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
  11. 11. Overview (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
  12. 12. USB – 1 (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
  13. 13. USB – 2 (Events) (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
  14. 14. USB - 2 (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
  15. 15. Webcam (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
  16. 16. Network Adapter (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
  17. 17. WiFi Adapter (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
  18. 18. CD-ROM (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
  19. 19. EVENTS BY DATE-TIME (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
  20. 20. Level 1 (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
  21. 21. Overview (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
  22. 22. Events in a day (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
  23. 23. Events in a day (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
  24. 24. Events in a day (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
  25. 25. EVENTS BY TYPE OF EVENT (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
  26. 26. Overview (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
  27. 27. Level 1 (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
  28. 28. File read (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
  29. 29. File rename (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
  30. 30. File delete (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
  31. 31. Enabled (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
  32. 32. Disconnected (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
  33. 33. EVENTS BY TYPE OF FILE (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
  34. 34. Overview (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
  35. 35. Level 1 (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
  36. 36. url file (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
  37. 37. AVI (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
  38. 38. Application (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
  39. 39. EVENTS BY USER LOGGED (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
  40. 40. Overview (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
  41. 41. Level 1 (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
  42. 42. User: Alice Johnson (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
  43. 43. User: John Smith (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
  44. 44. REVIEW PROCESS (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
  45. 45. Review detail of a File delete (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
  46. 46. Mind Map of the events to review by user logged (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
  47. 47. Summary • Mind Mapping automation is a very useful tool to analyze security logs • It can be adapted to any type of log • It reduces the analysis time • It is very scalable • It simplifies the analysis of log files (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml
  48. 48. (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml Image courtesy of Stuart Miles / FreeDigitalPhotos.net
  49. 49. Contact Information • José M. Guerrero • jm@infoseg.com • Slideshare Presentations (C) Infoseg 2014 http://www.infoseg.com/mi_01_en.shtml

×