Qrator and Wallarm 2016 State of Network Security report is dedicated to the main events and strong trends in the network security industry. Particular attention is payed to the DDoS, Internet infrastructure, hacks and vulnerabilities in software and hardware, like connected devices.
Lancope’s latest release includes an intuitive Web interface and sophisticated alarming capabilities for enhanced usability, security analytics and early threat detection. The new version further improves incident response and network forensics for fending off today’s advanced attacks. Specific new features include:
• The Operational Network & Security Intelligence (ONSI) dashboard, which keeps track of the attacker’s “kill chain,” providing administrators with awareness of how far attacks are progressing within their networks.
• New “data hoarding” alarms that detect attackers who are moving stolen data around within internal networks or preparing it for exfiltration.
• StealthWatch Labs Security Updates that provide constantly updated, automated security capabilities in the StealthWatch System to detect the latest threats.
• User-defined Threat Criteria, which enable administrators to monitor their networks for targeted attack activity based on specific threat intelligence.
Qrator and Wallarm 2016 State of Network Security report is dedicated to the main events and strong trends in the network security industry. Particular attention is payed to the DDoS, Internet infrastructure, hacks and vulnerabilities in software and hardware, like connected devices.
Lancope’s latest release includes an intuitive Web interface and sophisticated alarming capabilities for enhanced usability, security analytics and early threat detection. The new version further improves incident response and network forensics for fending off today’s advanced attacks. Specific new features include:
• The Operational Network & Security Intelligence (ONSI) dashboard, which keeps track of the attacker’s “kill chain,” providing administrators with awareness of how far attacks are progressing within their networks.
• New “data hoarding” alarms that detect attackers who are moving stolen data around within internal networks or preparing it for exfiltration.
• StealthWatch Labs Security Updates that provide constantly updated, automated security capabilities in the StealthWatch System to detect the latest threats.
• User-defined Threat Criteria, which enable administrators to monitor their networks for targeted attack activity based on specific threat intelligence.
Secure Your Apps with NGINX Plus and the ModSecurity WAFNGINX, Inc.
On-demand recording: https://nginx.webex.com/nginx/lsr.php?RCID=e62ece89fb21133d312f02af7be8e2c0
The NGINX Plus with ModSecurity WAF (web application firewall) protects your applications from a wide variety of threats, including DDoS and Layer 7 attacks. Improve application uptime, block malicious users, and log crucial data about suspicious transactions with this new offering from NGINX.
The NGINX Plus with ModSecurity WAF is built on a new architecture, offered first to NGINX Plus customers. Our new WAF will help you protect your site against top threats and comply with PCI-DSS Requirement 6.6.
Join us in this webinar to learn:
* The top security attacks against websites
* How much attacks are increasing and why
* How a WAF adds to your site's security protection
* How NGINX Plus with ModSecurity WAF works, in a live demo
Slide deck for the Secruity Weekly session on Oct 25th 2018. Code is up on www.github/YossiSassi. Special thanks to Eyal Neemany & Omer Yair who helped prep this talk.
As presented on 1/31/2018 at Cisco NYC Security Open House. These slides describe how a proper Disaster Recovery infrastructure, with a proper an automated network integration can provide instant recovery from Ransomware attacks and can improve security of the production environment.
Savvius Vigil is the first network appliance able to intelligently store months of packet-level information to enhance security investigations. Savvius Vigil integrates with your existing SIEM platform to examine packets related to a breach weeks or months after the incident occurred. This information is often vital to a full understanding of the threat.
Proactive monitoring tools or services - Open Source B.A.
Deel 1: (Open source) Monitoring tools in alle maten en gewichten [18:00 tot 19:30]
In deze sessie probeert Jan Guldentops op basis van zijn 20 jaar ervaring uit te leggen wat een monitoring oplossing in theorie zou moeten kunnen, waar u het kan toepassen en waar u moet op letten bij de selectie van een monitoring oplossing.
We overlopen de verschillende oplossingen op de markt ( open source, close source, hosted services, etc.) Daarna gaan we dieper in op de open source nagios oplossing en hoe wij bij BA deze geintegreerd hebben in ons eigen monitoringsysteem. Daarna geven we een korte demo van dit monitoringsysteem in een aantal verschillende omgevingen en hoe ver u kan gaan in het naar uw hand zetten van de oplossing.
In this talk, we discuss white box cryptography, a technique used to protect cryptographic keys from a local attacker. In keeping with the theme of building and breaking security, we will discuss the challenges involved in building a white-box crypto system.
Action1 is a Cloud-based lightweight endpoint security platform that discovers all of your endpoints in seconds and allows you to retrieve live security information from the entire network using plain English queries, with a Google-like experience, right in your web browser.
Nagios Conference 2011 - Jared Bird - Using Nagios As A Security ToolNagios
Jared Bird's presentation on using Nagios as a security tool. The presentation was given during the Nagios World Conference North America held Sept 27-29th, 2011 in Saint Paul, MN. For more information on the conference (including photos and videos), visit: http://go.nagios.com/nwcna
Jiangping Xu, Microsoft
With a rapid growing of M365 Office customers, the security scanning coverage has been tripled in years and it keeps scaling. Making all Office service machines compliant and security patching up to date within different product environments is challenging and require a growing mindset and scalable engineering solution. In this session, we introduce approaches and security scanning infrastructures we build to support large scale of service machines. We will discuss how to detect unhealthy scanners and hosts across M365 services and how to make monitoring and alerts intelligent and action based.
This talk is about the creation of a new security tool, Red October. Red October can be used to enforce the two-person rule for access to critical data, helping keep company data protected from insider threats.
The security industry tends to be less open about the details of how their software works than other parts of the software industry. This project was created to tackle the practical challenges of traditional security compliance, but inspired by an open source mentality. By taking a vague set of regulatory requirements we devised a user-friendly tool that solves a broader problem that is an issue for many small organizations.
This talk will teach people about cryptography and division of responsibility in key management, a very important consideration when moving a business to the cloud. It will also help show where to draw the line between using existing cryptographic and security mechanisms, and building your own.
Many information security systems rely on cryptographic schemes that need truly random numbers be secure. In recent months there have been several high profile news stories about weaknesses or potential compromises in both software and hardware random number generators. A compromised random number generator is difficult to catch because it can output random looking data that is predictable to an attacker only. In this talk I describe how to go from knowledge of a weakness in a random number generator to a full security compromise.
We will look at examples including how to fully decrypt a TLS stream, how to compromise a bitcoin wallet by looking at the ECDSA signatures on the public block chain, how to factor improperly generated RSA keys, and more. There will be live demos and discussions of interesting ways to pull off these attacks.
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Website: https://samsclass.info/121/121_F16.shtml
Secure Your Apps with NGINX Plus and the ModSecurity WAFNGINX, Inc.
On-demand recording: https://nginx.webex.com/nginx/lsr.php?RCID=e62ece89fb21133d312f02af7be8e2c0
The NGINX Plus with ModSecurity WAF (web application firewall) protects your applications from a wide variety of threats, including DDoS and Layer 7 attacks. Improve application uptime, block malicious users, and log crucial data about suspicious transactions with this new offering from NGINX.
The NGINX Plus with ModSecurity WAF is built on a new architecture, offered first to NGINX Plus customers. Our new WAF will help you protect your site against top threats and comply with PCI-DSS Requirement 6.6.
Join us in this webinar to learn:
* The top security attacks against websites
* How much attacks are increasing and why
* How a WAF adds to your site's security protection
* How NGINX Plus with ModSecurity WAF works, in a live demo
Slide deck for the Secruity Weekly session on Oct 25th 2018. Code is up on www.github/YossiSassi. Special thanks to Eyal Neemany & Omer Yair who helped prep this talk.
As presented on 1/31/2018 at Cisco NYC Security Open House. These slides describe how a proper Disaster Recovery infrastructure, with a proper an automated network integration can provide instant recovery from Ransomware attacks and can improve security of the production environment.
Savvius Vigil is the first network appliance able to intelligently store months of packet-level information to enhance security investigations. Savvius Vigil integrates with your existing SIEM platform to examine packets related to a breach weeks or months after the incident occurred. This information is often vital to a full understanding of the threat.
Proactive monitoring tools or services - Open Source B.A.
Deel 1: (Open source) Monitoring tools in alle maten en gewichten [18:00 tot 19:30]
In deze sessie probeert Jan Guldentops op basis van zijn 20 jaar ervaring uit te leggen wat een monitoring oplossing in theorie zou moeten kunnen, waar u het kan toepassen en waar u moet op letten bij de selectie van een monitoring oplossing.
We overlopen de verschillende oplossingen op de markt ( open source, close source, hosted services, etc.) Daarna gaan we dieper in op de open source nagios oplossing en hoe wij bij BA deze geintegreerd hebben in ons eigen monitoringsysteem. Daarna geven we een korte demo van dit monitoringsysteem in een aantal verschillende omgevingen en hoe ver u kan gaan in het naar uw hand zetten van de oplossing.
In this talk, we discuss white box cryptography, a technique used to protect cryptographic keys from a local attacker. In keeping with the theme of building and breaking security, we will discuss the challenges involved in building a white-box crypto system.
Action1 is a Cloud-based lightweight endpoint security platform that discovers all of your endpoints in seconds and allows you to retrieve live security information from the entire network using plain English queries, with a Google-like experience, right in your web browser.
Nagios Conference 2011 - Jared Bird - Using Nagios As A Security ToolNagios
Jared Bird's presentation on using Nagios as a security tool. The presentation was given during the Nagios World Conference North America held Sept 27-29th, 2011 in Saint Paul, MN. For more information on the conference (including photos and videos), visit: http://go.nagios.com/nwcna
Jiangping Xu, Microsoft
With a rapid growing of M365 Office customers, the security scanning coverage has been tripled in years and it keeps scaling. Making all Office service machines compliant and security patching up to date within different product environments is challenging and require a growing mindset and scalable engineering solution. In this session, we introduce approaches and security scanning infrastructures we build to support large scale of service machines. We will discuss how to detect unhealthy scanners and hosts across M365 services and how to make monitoring and alerts intelligent and action based.
This talk is about the creation of a new security tool, Red October. Red October can be used to enforce the two-person rule for access to critical data, helping keep company data protected from insider threats.
The security industry tends to be less open about the details of how their software works than other parts of the software industry. This project was created to tackle the practical challenges of traditional security compliance, but inspired by an open source mentality. By taking a vague set of regulatory requirements we devised a user-friendly tool that solves a broader problem that is an issue for many small organizations.
This talk will teach people about cryptography and division of responsibility in key management, a very important consideration when moving a business to the cloud. It will also help show where to draw the line between using existing cryptographic and security mechanisms, and building your own.
Many information security systems rely on cryptographic schemes that need truly random numbers be secure. In recent months there have been several high profile news stories about weaknesses or potential compromises in both software and hardware random number generators. A compromised random number generator is difficult to catch because it can output random looking data that is predictable to an attacker only. In this talk I describe how to go from knowledge of a weakness in a random number generator to a full security compromise.
We will look at examples including how to fully decrypt a TLS stream, how to compromise a bitcoin wallet by looking at the ECDSA signatures on the public block chain, how to factor improperly generated RSA keys, and more. There will be live demos and discussions of interesting ways to pull off these attacks.
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Website: https://samsclass.info/121/121_F16.shtml
Kaseya Connect 2012 - THE ABC'S OF MONITORINGKaseya
Is Agent or Agentless the best approach to monitoring devices and applications? The answer is both. Join us as we review the various approaches and solutions that Kaseya offers to handle this complex question and how they will be enhanced over the coming year.
Presented by: Jeff Keyes, Product Marketing Manager & Scott Brackett, Product Manager
Speed and agility are the most expected in today’s analytics tools. The quicker you get from idea to insights, the more you can innovate & perform ad-hoc data analysis. I will be talking about how we can use AWS serverless architecture to stream IoT data, managed by python. We can be up and running in minutes―starting small, but able to easily grow to millions of devices and billions of messages.
This session is recommended for anyone interested in understanding how to use AWS big data services to develop real-time analytics applications. In this session, you will get an overview of a number of Amazon's big data and analytics services that enable you to build highly scaleable cloud applications that immediately and continuously analyze large sets of distributed data. We'll explain how services like Amazon Kinesis, EMR and Redshift can be used for data ingestion, processing and storage to enable real-time insights and analysis into customer, operational and machine generated data and log files. We'll explore system requirements, design considerations, and walk through a specific customer use case to illustrate the power of real-time insights on their business.
AWS re:Invent presentation: Unmeltable Infrastructure at Scale by Loggly SolarWinds Loggly
April 2014 update to this presentation: Loggly removed Storm from its architecture. Details here: https://www.loggly.com/blog/what-we-learned-about-scaling-with-apache-storm/
This is a technical architect's case study of how Loggly has employed the latest social-media-scale technologies as the backbone ingestion processing for our multi-tenant, geo-distributed, and real-time log management system. Given by Jim Nisbet and Philip O'Toole, this presentation describes design details of how we built a second-generation system fully leveraging AWS services including Amazon Route 53 DNS with heartbeat and latency-based routing, multi-region VPCs, Elastic Load Balancing, Amazon Relational Database Service, and a number of pro-active and re-active approaches to scaling computational and indexing capacity.
The talk includes lessons learned in our first generation release, validated by thousands of customers; speed bumps and the mistakes we made along the way; various data models and architectures previously considered; and success at scale: speeds, feeds, and an unmeltable log processing engine.
Présentation de la suite ELK dans un contexte SIEM et zoom sur Wazuh (OSSEC) , IDS open source
Venez découvrir comment être proactif face aux problèmes de cyber sécurité en analysant les données fournies par vos équipements et applications critiques.
Infrastructure at Scale: Apache Kafka, Twitter Storm & Elastic Search (ARC303...Amazon Web Services
"This is a technical architect's case study of how Loggly has employed the latest social-media-scale technologies as the backbone ingestion processing for our multi-tenant, geo-distributed, and real-time log management system. This presentation describes design details of how we built a second-generation system fully leveraging AWS services including Amazon Route 53 DNS with heartbeat and latency-based routing, multi-region VPCs, Elastic Load Balancing, Amazon Relational Database Service, and a number of pro-active and re-active approaches to scaling computational and indexing capacity.
The talk includes lessons learned in our first generation release, validated by thousands of customers; speed bumps and the mistakes we made along the way; various data models and architectures previously considered; and success at scale: speeds, feeds, and an unmeltable log processing engine."
Scale confidently. From laptop to lots of nodes to multi-cluster, multi-use case deployments, Elastic experts are sharing best practices to master and pitfalls to avoid when it comes to scaling Elasticsearch.
AI Genie Review: World’s First Open AI WordPress Website CreatorGoogle
AI Genie Review: World’s First Open AI WordPress Website Creator
👉👉 Click Here To Get More Info 👇👇
https://sumonreview.com/ai-genie-review
AI Genie Review: Key Features
✅Creates Limitless Real-Time Unique Content, auto-publishing Posts, Pages & Images directly from Chat GPT & Open AI on WordPress in any Niche
✅First & Only Google Bard Approved Software That Publishes 100% Original, SEO Friendly Content using Open AI
✅Publish Automated Posts and Pages using AI Genie directly on Your website
✅50 DFY Websites Included Without Adding Any Images, Content Or Doing Anything Yourself
✅Integrated Chat GPT Bot gives Instant Answers on Your Website to Visitors
✅Just Enter the title, and your Content for Pages and Posts will be ready on your website
✅Automatically insert visually appealing images into posts based on keywords and titles.
✅Choose the temperature of the content and control its randomness.
✅Control the length of the content to be generated.
✅Never Worry About Paying Huge Money Monthly To Top Content Creation Platforms
✅100% Easy-to-Use, Newbie-Friendly Technology
✅30-Days Money-Back Guarantee
See My Other Reviews Article:
(1) TubeTrivia AI Review: https://sumonreview.com/tubetrivia-ai-review
(2) SocioWave Review: https://sumonreview.com/sociowave-review
(3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review
(4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review
#AIGenieApp #AIGenieBonus #AIGenieBonuses #AIGenieDemo #AIGenieDownload #AIGenieLegit #AIGenieLiveDemo #AIGenieOTO #AIGeniePreview #AIGenieReview #AIGenieReviewandBonus #AIGenieScamorLegit #AIGenieSoftware #AIGenieUpgrades #AIGenieUpsells #HowDoesAlGenie #HowtoBuyAIGenie #HowtoMakeMoneywithAIGenie #MakeMoneyOnline #MakeMoneywithAIGenie
OpenMetadata Community Meeting - 5th June 2024OpenMetadata
The OpenMetadata Community Meeting was held on June 5th, 2024. In this meeting, we discussed about the data quality capabilities that are integrated with the Incident Manager, providing a complete solution to handle your data observability needs. Watch the end-to-end demo of the data quality features.
* How to run your own data quality framework
* What is the performance impact of running data quality frameworks
* How to run the test cases in your own ETL pipelines
* How the Incident Manager is integrated
* Get notified with alerts when test cases fail
Watch the meeting recording here - https://www.youtube.com/watch?v=UbNOje0kf6E
Large Language Models and the End of ProgrammingMatt Welsh
Talk by Matt Welsh at Craft Conference 2024 on the impact that Large Language Models will have on the future of software development. In this talk, I discuss the ways in which LLMs will impact the software industry, from replacing human software developers with AI, to replacing conventional software with models that perform reasoning, computation, and problem-solving.
Code reviews are vital for ensuring good code quality. They serve as one of our last lines of defense against bugs and subpar code reaching production.
Yet, they often turn into annoying tasks riddled with frustration, hostility, unclear feedback and lack of standards. How can we improve this crucial process?
In this session we will cover:
- The Art of Effective Code Reviews
- Streamlining the Review Process
- Elevating Reviews with Automated Tools
By the end of this presentation, you'll have the knowledge on how to organize and improve your code review proces
Unleash Unlimited Potential with One-Time Purchase
BoxLang is more than just a language; it's a community. By choosing a Visionary License, you're not just investing in your success, you're actively contributing to the ongoing development and support of BoxLang.
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...Juraj Vysvader
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I didn't get rich from it but it did have 63K downloads (powered possible tens of thousands of websites).
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeAftab Hussain
Understanding variable roles in code has been found to be helpful by students
in learning programming -- could variable roles help deep neural models in
performing coding tasks? We do an exploratory study.
- These are slides of the talk given at InteNSE'23: The 1st International Workshop on Interpretability and Robustness in Neural Software Engineering, co-located with the 45th International Conference on Software Engineering, ICSE 2023, Melbourne Australia
Enhancing Research Orchestration Capabilities at ORNL.pdfGlobus
Cross-facility research orchestration comes with ever-changing constraints regarding the availability and suitability of various compute and data resources. In short, a flexible data and processing fabric is needed to enable the dynamic redirection of data and compute tasks throughout the lifecycle of an experiment. In this talk, we illustrate how we easily leveraged Globus services to instrument the ACE research testbed at the Oak Ridge Leadership Computing Facility with flexible data and task orchestration capabilities.
First Steps with Globus Compute Multi-User EndpointsGlobus
In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.
Check out the webinar slides to learn more about how XfilesPro transforms Salesforce document management by leveraging its world-class applications. For more details, please connect with sales@xfilespro.com
If you want to watch the on-demand webinar, please click here: https://www.xfilespro.com/webinars/salesforce-document-management-2-0-smarter-faster-better/
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
E-commerce Application Development Company.pdfHornet Dynamics
Your business can reach new heights with our assistance as we design solutions that are specifically appropriate for your goals and vision. Our eCommerce application solutions can digitally coordinate all retail operations processes to meet the demands of the marketplace while maintaining business continuity.
In the ever-evolving landscape of technology, enterprise software development is undergoing a significant transformation. Traditional coding methods are being challenged by innovative no-code solutions, which promise to streamline and democratize the software development process.
This shift is particularly impactful for enterprises, which require robust, scalable, and efficient software to manage their operations. In this article, we will explore the various facets of enterprise software development with no-code solutions, examining their benefits, challenges, and the future potential they hold.
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Crescat
Crescat is industry-trusted event management software, built by event professionals for event professionals. Founded in 2017, we have three key products tailored for the live event industry.
Crescat Event for concert promoters and event agencies. Crescat Venue for music venues, conference centers, wedding venues, concert halls and more. And Crescat Festival for festivals, conferences and complex events.
With a wide range of popular features such as event scheduling, shift management, volunteer and crew coordination, artist booking and much more, Crescat is designed for customisation and ease-of-use.
Over 125,000 events have been planned in Crescat and with hundreds of customers of all shapes and sizes, from boutique event agencies through to international concert promoters, Crescat is rigged for success. What's more, we highly value feedback from our users and we are constantly improving our software with updates, new features and improvements.
If you plan events, run a venue or produce festivals and you're looking for ways to make your life easier, then we have a solution for you. Try our software for free or schedule a no-obligation demo with one of our product specialists today at crescat.io
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Large enterprise SIEM: get ready for oversize
1. Large enterprise SIEM:
get ready for oversize
Svetlana/Mona Arkhipova
Qiwi
OWASP Meetup, Moscow, 28 Feb 2015
2. What are we talking about?
• Log collecting != Security Information and
Event Management
• Systems monitoring is not enough
• Logs as a ‘Big Data’
•
3. WTF is qRadar?
Hello IBM!
• Log management
• Network activity/anomaly detection
• SIEM
• Nice API
4. WTF is qRadar?
Administrator’s nightmare:
• Frontend: Java+Tomcat
• Backend: Java daemons
• DB: Ariel for collected+
indexed data, PostgreSQL for ‘static’ data
• Painful performance metrics and load
balancing
6. To log or not to log
Guides/best practices
• https://www.owasp.org/index.php/Logging_Cheat_
Sheet
• http://www.syslog.org/logged/logging-and-syslog-
best-practices/
• http://sniperforensicstoolkit.squarespace.com/stora
ge/logging/Windows%20Logging%20Cheat%20Shee
t%20v1.1.pdf
• https://zeltser.com/media/docs/security-incident-
log-review-checklist.pdf
• …
7. To log or not to log
Huston, we got a problem:
• Standard syslog message size (RFC 5424)
• Windows security logs permissions on
W7/2008+
• Database audit – what to log?
• Log files on FS (IIS and so on)
• In-house developed apps
8. To log or not to log
Standard sources: Windows
• Event collectors vs. agents
• Extended system audit
• Non-English logs:
9. To log or not to log
Standard sources: *nix, network devices
• Syslog as a standard
• TCP syslog+network issues=pain
(google: “TCP is not reliable”)
• UDP syslog message size
• Auditd – what to log?
10. To log or not to log
Standard sources: Databases
• Is login history enough?
• Syslog vs DB connection
11. To log or not to log
Non-Standard sources:
• Exotic network devices
• In-house developed apps
• 1C (OMG…) and other specific apps
• Integration with other security systems (NGFW,
DBFW, AV, Security scanners…)
12. To log or not to log
When syslog is powerless:
WAF CEF log file
13. Normalizing/indexing
Event at a glance
• Standard properties: timestamp, src IP, dst IP, log
source identifier and so on
• Custom event properties – KISS principle
• No search – no property.
Indexing
• Standard properties – index, index, index!
• Custom event properties indexing: with great
power comes great responsibility…
• BTW, watch your index size.
14. Over(sizing)
Current Qiwi SIEM metrics:
• 1800 log sources
• 10 000 - 24 000 RAW events per second (EPS)
• ~11 600 network flows per second (FPS),
~700 000 flows per minute(FPM)
SIEM system: 39 virtual servers, 2 hardware servers
with Napatech 2x10G cards, 1 archive server
16. Online/offline storage
Daily stats:
• 67-145 Gb raw event logs per day
• 37-53 Gb network communication events per
day
• Online storage – fast access (realtime + some
previoius data)
• Offline – archive storage
18. Internal security scanners
“Normal paranormal” activity inside and outside.
• Butthurt :(
• Log or drop events?
• Custom rules set for nodes
• Keep an eye on credentials!
• Balancers
NAT/SNAThttps://f5.com/resources/white-
papers/load-balancing-101-nuts-and-bolts