The document discusses the challenges of manually reviewing log files in information security and presents mind mapping automation as a solution to enhance this process. Mind mapping provides a visual representation of data, making it easier to analyze events by various criteria, such as device and user. The summary highlights that mind mapping automation simplifies log analysis, reduces time, and is adaptable to different log types.

1. Mind Mapping automation
in information security log
analysis
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml
Image courtesy of Stuart Miles
/ FreeDigitalPhotos.net

2. Manually reviewing log files has the following problems:
•
•
•
•
Time consuming
Monotonous
Difficult to prioritize events
Difficult to visualize important events
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml

3. Advantages of Mind Maps
• Visual display of information
• Information grouped by device, date-time, type
of event and type of file
• Flexible
• Easy to add comments and callouts to the basic
Mind Map
• Easy to share
• Exportable to PDF, Word and HTML
• Tree structure
• Searchable
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml

4. Example of application of Mind Mapping automation
Endpoint Protector
Data Loss Prevention solution
“Make sure sensitive data does not leave your network whether
copied on devices, clipboard or through applications, online
services and even as screen captures.”
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml

5. Endpoint Protector
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml

6. Log generated by Endpoint Protector
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml

7. Example of a log file generated by Endpoint Protector
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml

8. Mind Maps generated
•
•
•
•
•
Events by device
Events by date-time
Events by type of event
Events by type of file
Events by user
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml

9. EVENTS BY DEVICE
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml

10. Log file processed with Mind Mapping automation
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml

11. Overview
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml

12. USB – 1
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml

13. USB – 2 (Events)
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml

14. USB - 2
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml

15. Webcam
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml

16. Network Adapter
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml

17. WiFi Adapter
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml

18. CD-ROM
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml

19. EVENTS BY DATE-TIME
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml

20. Level 1
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml

21. Overview
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml

22. Events in a day
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml

23. Events in a day
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml

24. Events in a day
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml

25. EVENTS BY TYPE OF EVENT
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml

26. Overview
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml

27. Level 1
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml

28. File read
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml

29. File rename
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml

30. File delete
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml

31. Enabled
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml

32. Disconnected
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml

33. EVENTS BY TYPE OF FILE
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml

34. Overview
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml

35. Level 1
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml

36. url file
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml

37. AVI
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml

38. Application
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml

39. EVENTS BY USER LOGGED
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml

40. Overview
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml

41. Level 1
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml

42. User: Alice Johnson
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml

43. User: John Smith
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml

44. REVIEW PROCESS
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml

45. Review detail of a File delete
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml

46. Mind Map of the events to review by user logged
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml

47. Summary
• Mind Mapping automation is a very useful
tool to analyze security logs
• It can be adapted to any type of log
• It reduces the analysis time
• It is very scalable
• It simplifies the analysis of log files
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml

48. (C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml
Image courtesy of Stuart Miles
/ FreeDigitalPhotos.net

49. Contact Information
• José M. Guerrero
• jm@infoseg.com
• Slideshare Presentations
(C) Infoseg 2014
http://www.infoseg.com/mi_01_en.shtml