- CEE (Common Event Expression) is a standard being developed by MITRE to bring order to the chaos of inconsistent logging across different systems and devices.
- It includes standardized log transport mechanisms, log syntax/format, a log taxonomy, and logging recommendations.
- If adopted, CEE could enable better log analysis, correlation, and understanding by establishing a common language and structure for log data.
Logging what is taking place in your application provides important insights into applications at runtime, and can be extremely helpful to support analysts when something goes wrong.
We'll discuss best practices about what, why, and how to log and what to avoid when logging, as well as where write your logs and how to decide what logging framework to use. Time permitting, we'll talk about log analysis tools to help make sense of large log files as well.
Overview of the RPC over DDS specification (in-progress as the OMG). Significance to Industrial Internet applications. Significant to people migrating from a legacy CORBA system
One of the most important challenges that system designers and system integrators face when deploying complex Industrial Internet of Things (IoT) systems is the integration of different connectivity solutions and standards. At RTI, we are constantly working to accelerate the Industrial IoT revolution. Over the past few years, we have developed standard connectivity gateways to ensure that DDS systems can easily integrate with other core connectivity frameworks.
This year, we developed a standard OPC UA/DDS Gateway, a bridge between two of the most well-known Industrial IoT connectivity frameworks. We are excited to announce that the gateway was just adopted by the Object Management Group (OMG).
In this webinar, we will dive deeper into the importance of choosing a baseline core connectivity standard for the Industrial IoT and how to ensure all system components are fully integrated. Attendees will also learn:
How the OPC UA/DDS Gateway specification was developed and how it works
How to leverage the Gateway to enable DDS and OPC UA applications to interoperate transparently
About the first standard connectivity gateway released with RTI Web Integration Service in Connext DDS 5.3
Gateways are a critical component of system interoperability and we will keep working to help companies accelerate Industrial IoT adoption.
Logging what is taking place in your application provides important insights into applications at runtime, and can be extremely helpful to support analysts when something goes wrong.
We'll discuss best practices about what, why, and how to log and what to avoid when logging, as well as where write your logs and how to decide what logging framework to use. Time permitting, we'll talk about log analysis tools to help make sense of large log files as well.
Overview of the RPC over DDS specification (in-progress as the OMG). Significance to Industrial Internet applications. Significant to people migrating from a legacy CORBA system
One of the most important challenges that system designers and system integrators face when deploying complex Industrial Internet of Things (IoT) systems is the integration of different connectivity solutions and standards. At RTI, we are constantly working to accelerate the Industrial IoT revolution. Over the past few years, we have developed standard connectivity gateways to ensure that DDS systems can easily integrate with other core connectivity frameworks.
This year, we developed a standard OPC UA/DDS Gateway, a bridge between two of the most well-known Industrial IoT connectivity frameworks. We are excited to announce that the gateway was just adopted by the Object Management Group (OMG).
In this webinar, we will dive deeper into the importance of choosing a baseline core connectivity standard for the Industrial IoT and how to ensure all system components are fully integrated. Attendees will also learn:
How the OPC UA/DDS Gateway specification was developed and how it works
How to leverage the Gateway to enable DDS and OPC UA applications to interoperate transparently
About the first standard connectivity gateway released with RTI Web Integration Service in Connext DDS 5.3
Gateways are a critical component of system interoperability and we will keep working to help companies accelerate Industrial IoT adoption.
LogChaos: Challenges and Opportunities of Security Log StandardizationAnton Chuvakin
LogChaos: Challenges and Opportunities of Security Log Standardization
Abstract: The presentation will discuss how to bring order (in the form of standards!) to the chaotic world of logging. It will give a brief introduction to logs and logging and explain how and why logs grew so chaotic and disorganized. Next it will cover why log standards are sorely needed. It will offer a walkthrough that highlights the critical areas of log standardization. Past failed standards will be looked at and their lessons learned. Finally, current logging standard efforts will be presented briefly.
Log Standards & Future Trends by Dr. Anton ChuvakinAnton Chuvakin
The presentation will discuss how to bring order (in the form of standards!) to the chaotic world of logging.
It will give a brief introduction to logs and logging and explain how and why logs grew so chaotic and disorganized.
Next it will cover why log standards are sorely needed.
It will offer a walk-through that highlights the critical areas of log standardization. Current standard efforts will be discussion.
Finally, the presentation will cover a few of the emerging and yet-to-emerge trends related to logging and log management.
Practical, team-focused operability techniques for distributed systems - DevO...Matthew Skelton
In this talk, we explore five practical, tried-and-tested, real world techniques for improving operability with many kinds of software systems, including cloud, Serverless, Microservices, on-premise, and IoT. Based on our work in many industry sectors, we will share our experience of helping teams to improve the operability of their software systems through these straightforward, team-friendly techniques.
From a talk given at DevOpsCon Munich 2017 https://devopsconference.de/microservices/practical-team-focused-operability-techniques-for-distributed-systems/
OWASP Security Logging API easily extends your current log4j and logback logging with impressive features helpful for security, diagnostics/forensics, and compliance. Slide deck presentation from OWASP AppSecEU 2016 in Rome.
Presenters: Matthew Skelton and Rob Thatcher, Skelton Thatcher Consulting
Webinar: Operability is all about making software work well in Production. In this webinar, we explore practical, tried-and-tested, real world techniques for improving operability with many kinds of software systems, including cloud, Serverless, on-premise, and IoT: logging with Event IDs, Run Book dialogue sheets, endpoint healthchecks, correlation IDs, and lightweight User Personas.
Target audience: Software Developer, Tester, Software Architect, DevOps Engineer, Delivery Manager, Head of Delivery, Head of IT.
Benefits: Attendees will gain insights into operability and why this is important for modern software systems, along with practical experience of techniques to enhance operability in almost any software system they encounter.
SWORD : simple web service offering repository deposit; Open Repositories 2008, Southampton; Julie Allinson
This paper presents an overview of a JISC (Joint Information Systems Committee) activity to scope, define and develop a deposit specification for use across the repositories space, which has come to fruition within the SWORD (Simple Web service Offering Repository Deposit) project 1. It will look both at the background and how this piece of work came to pass, the movement from informal working group to funded project, the lightweight project construction and the resulting protocol and technical outputs. The paper will also consider the future of SWORD and look at some of the activity which has already galvanised around the project outputs.
A few weeks ago Microsoft Chief Technical Officer Ray Ozzie unveiled a concept called Live Clipboard, at the O'Reilly Emerging Technology Conference. The main idea behind the concept is to provide for the web what the clipboard does today for desktop applications.
Future of SOC: More Security, Less OperationsAnton Chuvakin
"Future of SOC: More Security, Less Operations" was originally presented by Dr Anton Chuvakin in March 2024 at a virtual conference in Finland
The future of SOC looks less like its past. AI is part of the future, but engineering-led approach to SOC is more critical
Detection and Response of the future will be more heavily automated
SOC Meets Cloud: What Breaks, What Changes, What to Do?Anton Chuvakin
SOC Meets Cloud: What Breaks, What Changes, What to Do?
originally presented at Mandiant mWise 2023 by Dr Anton Chuvakin of Google Cloud Office of the CISO
Cloud changes everything (does it though?), including how we do threat detection and incident response in the SOC. As we continue to transform our attack surfaces, how do we make sure our detection and response are done "the cloud way"? There were also cases where both business and IT migrated to the cloud, but security was left behind and had to approach cloud challenges with on-premise tools and practices. How should a SOC born before cloud deal with cloud? What to watch for? What changes? What breaks? What stays the same?
More Related Content
Similar to CEE Logging Standard: Today and Tomorrow
LogChaos: Challenges and Opportunities of Security Log StandardizationAnton Chuvakin
LogChaos: Challenges and Opportunities of Security Log Standardization
Abstract: The presentation will discuss how to bring order (in the form of standards!) to the chaotic world of logging. It will give a brief introduction to logs and logging and explain how and why logs grew so chaotic and disorganized. Next it will cover why log standards are sorely needed. It will offer a walkthrough that highlights the critical areas of log standardization. Past failed standards will be looked at and their lessons learned. Finally, current logging standard efforts will be presented briefly.
Log Standards & Future Trends by Dr. Anton ChuvakinAnton Chuvakin
The presentation will discuss how to bring order (in the form of standards!) to the chaotic world of logging.
It will give a brief introduction to logs and logging and explain how and why logs grew so chaotic and disorganized.
Next it will cover why log standards are sorely needed.
It will offer a walk-through that highlights the critical areas of log standardization. Current standard efforts will be discussion.
Finally, the presentation will cover a few of the emerging and yet-to-emerge trends related to logging and log management.
Practical, team-focused operability techniques for distributed systems - DevO...Matthew Skelton
In this talk, we explore five practical, tried-and-tested, real world techniques for improving operability with many kinds of software systems, including cloud, Serverless, Microservices, on-premise, and IoT. Based on our work in many industry sectors, we will share our experience of helping teams to improve the operability of their software systems through these straightforward, team-friendly techniques.
From a talk given at DevOpsCon Munich 2017 https://devopsconference.de/microservices/practical-team-focused-operability-techniques-for-distributed-systems/
OWASP Security Logging API easily extends your current log4j and logback logging with impressive features helpful for security, diagnostics/forensics, and compliance. Slide deck presentation from OWASP AppSecEU 2016 in Rome.
Presenters: Matthew Skelton and Rob Thatcher, Skelton Thatcher Consulting
Webinar: Operability is all about making software work well in Production. In this webinar, we explore practical, tried-and-tested, real world techniques for improving operability with many kinds of software systems, including cloud, Serverless, on-premise, and IoT: logging with Event IDs, Run Book dialogue sheets, endpoint healthchecks, correlation IDs, and lightweight User Personas.
Target audience: Software Developer, Tester, Software Architect, DevOps Engineer, Delivery Manager, Head of Delivery, Head of IT.
Benefits: Attendees will gain insights into operability and why this is important for modern software systems, along with practical experience of techniques to enhance operability in almost any software system they encounter.
SWORD : simple web service offering repository deposit; Open Repositories 2008, Southampton; Julie Allinson
This paper presents an overview of a JISC (Joint Information Systems Committee) activity to scope, define and develop a deposit specification for use across the repositories space, which has come to fruition within the SWORD (Simple Web service Offering Repository Deposit) project 1. It will look both at the background and how this piece of work came to pass, the movement from informal working group to funded project, the lightweight project construction and the resulting protocol and technical outputs. The paper will also consider the future of SWORD and look at some of the activity which has already galvanised around the project outputs.
A few weeks ago Microsoft Chief Technical Officer Ray Ozzie unveiled a concept called Live Clipboard, at the O'Reilly Emerging Technology Conference. The main idea behind the concept is to provide for the web what the clipboard does today for desktop applications.
Similar to CEE Logging Standard: Today and Tomorrow (20)
Future of SOC: More Security, Less OperationsAnton Chuvakin
"Future of SOC: More Security, Less Operations" was originally presented by Dr Anton Chuvakin in March 2024 at a virtual conference in Finland
The future of SOC looks less like its past. AI is part of the future, but engineering-led approach to SOC is more critical
Detection and Response of the future will be more heavily automated
SOC Meets Cloud: What Breaks, What Changes, What to Do?Anton Chuvakin
SOC Meets Cloud: What Breaks, What Changes, What to Do?
originally presented at Mandiant mWise 2023 by Dr Anton Chuvakin of Google Cloud Office of the CISO
Cloud changes everything (does it though?), including how we do threat detection and incident response in the SOC. As we continue to transform our attack surfaces, how do we make sure our detection and response are done "the cloud way"? There were also cases where both business and IT migrated to the cloud, but security was left behind and had to approach cloud challenges with on-premise tools and practices. How should a SOC born before cloud deal with cloud? What to watch for? What changes? What breaks? What stays the same?
Meet the Ghost of SecOps Future by Anton ChuvakinAnton Chuvakin
Meet the Ghost of SecOps Future by Anton Chuvakin
Meet the Ghost of SecOps Future
Today’s SOC has an increasingly difficult job protecting growing and expanding organizations. The landscape is changing and the SOC needs to change with the times or risk falling behind the evolution of business, IT, and threats.
But you have choices! Your future fate is not set in stone and can be changed: some optimize what they have without drastic upheaval, while others choose to truly transform their detection and response.
Join us as we show you a vision of what the SOC will look like in the near future and how to choose the best course of action today.
Originally aired at https://cloudonair.withgoogle.com/events/2023-dec-security-talks
Video https://youtu.be/KbQbuFAPY2c?si=0llv1v_CkVtvsyms
SOC Lessons from DevOps and SRE by Anton ChuvakinAnton Chuvakin
SOC Lessons from DevOps and SRE by Dr Anton Chuvakin - RSA 2023 Google Cloud sideshow presentation focused on using select DevOps and SRE lessons to make your SOC better
20 years of SIEM was prepared for the SANS webinar https://www.sans.org/webcasts/anton-chuvakin-discusses-20-years-of-siem-what-s-next/ and offers Anton's reflection on SIEM past and future
10X SOC - SANS Blue Summit Keynote 2021 - Anton ChuvakinAnton Chuvakin
Can We REALLY 10X the SOC? by Dr Anton Chuvakin
Many organizations promise to transform your security operations center (SOC) with technology, advice or their personnel. However, what does it take to really transform your SOC to be ready for future threats? Is this an impossible problem? Is this something that can be only done by well funded organizations? Let's explore these and other questions in this talk.
https://www.sans.org/cyber-security-training-events/blue-team-summit-2021/#agenda
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinAnton Chuvakin
End-User Case Study: Five Best and Five Worst Practices for SIEM
Implementing SIEM sounds straightforward, but reality sometimes begs to differ. In this session, Dr.
Anton Chuvakin will share the five best and worst practices for implementing SIEM as part of security
monitoring and intelligence. Understanding how to avoid pitfalls and create a successful SIEM
implementation will help maximize security and compliance value, and avoid costly obstacles,
inefficiencies, and risks
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinAnton Chuvakin
End-User Case Study: Five Best and Five Worst Practices for SIEM
Implementing SIEM sounds straightforward, but reality sometimes begs to differ. In this session, Dr.
Anton Chuvakin will share the five best and worst practices for implementing SIEM as part of security
monitoring and intelligence. Understanding how to avoid pitfalls and create a successful SIEM
implementation will help maximize security and compliance value, and avoid costly obstacles,
inefficiencies, and risks
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
CEE Logging Standard: Today and Tomorrow
1. CEE Logging Standard: Today and Tomorrow Dr Anton Chuvakin Chief Logging Evangelist LogLogic, Inc
2.
3. Log Chaos I - Login? <122> Mar 4 09:23:15 localhost sshd[27577]: Accepted password for kyle from ::ffff:192.168.138.35 port 2895 ssh2 <13> Fri Mar 17 14:29:38 2006 680 Security SYSTEM User Failure Audit ENTERPRISE Account Logon Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account : POWERUSER Source Workstation: ENTERPRISE Error Code: 0xC000006A 4574 <57> Dec 25 00:04:32:%SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user:yellowdog] [Source:10.4.2.11] [localport:23] at 20:55:40 UTC Fri Feb 28 2006 <18> Dec 17 15:45:57 10.14.93.7 ns5xp: NetScreen device_id=ns5xp system-warning-00515: Admin User netscreen has logged on via Telnet from 10.14.98.55:39073 (2002-12-17 15:50:53)
4. Log Chaos II - Accept? messages:Dec 16 17:28:49 10.14.93.7 ns5xp: NetScreen device_id=ns5xp system-notification-00257(traffic): start_time="2002-12-16 17:33:36" duration=5 policy_id=0 service=telnet proto=6 src zone=Trust dst zone=Untrust action=Permit sent=1170 rcvd=1500 src=10.14.94.221 dst=10.14.98.107 src_port=1384 dst_port=23 translated ip=10.14.93.7 port=1206 Mar 6 06:06:02 winonasu-pix %PIX-6-302013: Built outbound TCP connection 315210 596 for outside:172.196.9.206/1214 (172.196.9.206/1214) to inside:199.17.151.103/1438 (199.17.151.103/1438) Apr 6 06:06:02 Checkpoint NGX SRC=Any,DEST=ANY,Accept=nosubstitute,Do Not Log,Installspyware,lieonyourtaxes,orbetteryet,dontpaythem
Emerging Log Standards: Challenges and Opportunities The presentation will discuss how to bring order (in the form of standards!) to the chaotic world of logging. It will offer a walkthrough that highlights the critical areas of log standardization. Past failed standards will be looked at and their lessons learned. Finally, CEE logging standard effort will be presented and described. Key takeaways: Why log standards are sorely needed Why none succeeded so far? Why CEE will succeed?