NSConclave, profile picture
Uploaded byNSConclave
1,178 views

Log Analysis

The document discusses log analysis and its components, including the importance of audit trail records for mitigating risks and meeting compliance regulations. It outlines how logs are generated, the various tools available for analysis, and some key use cases such as responding to data breaches and troubleshooting systems. Additionally, it differentiates between log monitoring and log analysis, emphasizing the latter's role in detecting intrusions.

Embed presentation

Download to read offline
Log Analysis NSConclave Click to add text Click to add text By Ravi Kariya 31st March 2020/4th May 2020 Click to add text
Agenda  Introduction  How does it work?  Why does it require?  Use cases  It's Demo Time  Tools we can use  Log Monitoring v/s Log Analysis Ravi Kariya imrkariya rrkariya 2
Introduction  Audit trail records  Document activities  Log analysis the evaluation of these records  To mitigate a variety of risks  To meet compliance regulations 3
How does it work?  Where can logs created?  Devices, Applications, OS, Smart Devices, etc...  All of them are saved in disk, in files, or log collectors  Consists a complete range of messages  Should be cleaned, structured to analyze patterns and anomalies  Can help to detect intrusions 4
Why? Let's have look into the flashback... Reconnaissance Scanning Gaining Access Maintaining Access Clearing Tracks 5
Use cases  To comply with internal security policies and outside regulations and audits  To understand and respond to data breaches and other security incidents  To troubleshoot systems, computers, or networks  To understand the behaviors of your users  To conduct forensics in the event of an investigation 6
IT's Demo Time 7
Linux utilities we may need... 8  awk - pattern scanning and processing language  cat - concatenate files and print on the standard output  grep - print lines that match patterns  ls – list directory contents  Sed - stream editor for filtering and transforming text  Sort - sort lines of text files  uniq - report or omit repeated lines  wc - print newline, word, and byte counts for each file  End of Thinking Capacity (etc)...
Sample Log Files We Have Lile... 9
Check number of lines 10
Sample log file... 11
Let's divide and rule the log file... 12  Part 1: Client's IP Address  Part 4,5: Time stamp and time zone of the client's IP.  Part 6: The Request Method which was applied (GET, POST, etc...)  Part 7: URL which was visited  Part 8: Version of HTTP used at the time of visiting  Part 9: HTTP Response Code (2xx, 3xx, 4xx, 5xx)  Part 10: Content length of the response  Part 11: Referrer Header value of Request  Part 12 to 18: User-agent Details Note: Missing parts are for self-study
Let's check our suspects... 13 Someone has visited the site for more than 8 lakhs time... Why?
Let's check suspects one by one 14  Command - cat access.* | grep "10.80.18.1" > Suspect/Suspect_1 - vim Suspect/Suspect_1 Note: Don't forget to enable the number mode.
Let's check suspects one by one, Cont'd.... and we can see that what is suspect doing here... 15
Tools  Graylog  Nagios  Elastic Stack (the "ELK Stack")  LOGalyze  Fluentd 16
Log Monitoring v/s Log Analysis  Log monitoring is the act of reviewing collected logs as they are recorded.  Log analysis, on the other hand, is a process typically performed by developers or other IT folks. 17
Quick Recap  Logs are maintained to detect intrusion attacks as well as used for trouble shooting purpose  Logs can be saved at devices  It is required to meet the compliance regulations  Various tools are also available to analyse logs  This is different than the log monitoring 18
Quick Recap 19
The End Thank You 20 NSConclave

More Related Content

PPT
Secure code practices
byHina Rawal
 
PPTX
Burp suite
bySOURABH DESHMUKH
 
PDF
Vulnerability Scanning Techniques and Vulnerability scores & exposures
byLearningwithRayYT
 
PPTX
Vulnerabilities in modern web applications
byNiyas Nazar
 
PPTX
Information security
byLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
PPTX
Vulnerability assessment & Penetration testing Basics
byMohammed Adam
 
PPTX
Introduction To Vulnerability Assessment & Penetration Testing
byRaghav Bisht
 
PPTX
Pen Testing Explained
byRand W. Hirt
 
Secure code practices
byHina Rawal
 
Burp suite
bySOURABH DESHMUKH
 
Vulnerability Scanning Techniques and Vulnerability scores & exposures
byLearningwithRayYT
 
Vulnerabilities in modern web applications
byNiyas Nazar
 
Information security
byLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Vulnerability assessment & Penetration testing Basics
byMohammed Adam
 
Introduction To Vulnerability Assessment & Penetration Testing
byRaghav Bisht
 
Pen Testing Explained
byRand W. Hirt
 

What's hot

PPTX
Cia security model
byImran Ahmed
 
PPTX
Social Engineering new.pptx
bySanthosh Prabhu
 
PDF
Cyber Threat Intelligence
bymohamed nasri
 
PDF
Offensive OSINT
byChristian Martorella
 
PPT
Intrusion Detection Systems and Intrusion Prevention Systems
byCleverence Kombe
 
PPTX
Network Security ppt
bySAIKAT BISWAS
 
PPT
Introduction To OWASP
byMarco Morana
 
PDF
Introduction to Web Application Penetration Testing
byNetsparker
 
PDF
Introduction to Cybersecurity
byKrutarth Vasavada
 
PPTX
Security vulnerability
byA. Shamel
 
PPTX
Security Information and Event Management (SIEM)
byk33a
 
PDF
Application Security | Application Security Tutorial | Cyber Security Certifi...
byEdureka!
 
PPTX
Cyber crime and security
bySharath Raj
 
PDF
Threat Intelligence
byDeepak Kumar (D3)
 
PPTX
Security awareness
byJosh Chandler
 
PDF
Cyber Threat Intelligence
byZaiffiEhsan
 
PPTX
Leveraging MITRE ATT&CK - Speaking the Common Language
byErik Van Buggenhout
 
PPTX
Introduction to Incident Response Management
byDon Caeiro
 
PPTX
Cyber Security
byADGP, Public Grivences, Bangalore
 
PPTX
Cybersecurity Attack Vectors: How to Protect Your Organization
byTriCorps Technologies
 
Cia security model
byImran Ahmed
 
Social Engineering new.pptx
bySanthosh Prabhu
 
Cyber Threat Intelligence
bymohamed nasri
 
Offensive OSINT
byChristian Martorella
 
Intrusion Detection Systems and Intrusion Prevention Systems
byCleverence Kombe
 
Network Security ppt
bySAIKAT BISWAS
 
Introduction To OWASP
byMarco Morana
 
Introduction to Web Application Penetration Testing
byNetsparker
 
Introduction to Cybersecurity
byKrutarth Vasavada
 
Security vulnerability
byA. Shamel
 
Security Information and Event Management (SIEM)
byk33a
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
byEdureka!
 
Cyber crime and security
bySharath Raj
 
Threat Intelligence
byDeepak Kumar (D3)
 
Security awareness
byJosh Chandler
 
Cyber Threat Intelligence
byZaiffiEhsan
 
Leveraging MITRE ATT&CK - Speaking the Common Language
byErik Van Buggenhout
 
Introduction to Incident Response Management
byDon Caeiro
 
Cyber Security
byADGP, Public Grivences, Bangalore
 
Cybersecurity Attack Vectors: How to Protect Your Organization
byTriCorps Technologies
 

Similar to Log Analysis

PPT
Logs for Information Assurance and Forensics @ USMA
byAnton Chuvakin
 
PPT
FIRST 2006 Full-day Tutorial on Logs for Incident Response
byAnton Chuvakin
 
PPT
Log Forensics from CEIC 2007
byAnton Chuvakin
 
PPT
NIST 800-92 Log Management Guide in the Real World
byAnton Chuvakin
 
PPTX
Power of logs: practices for network security
byInformation Technology Society Nepal
 
PPTX
Logs: Can’t Hate Them, Won’t Love Them: Brief Log Management Class by Anton C...
byAnton Chuvakin
 
PDF
File000138
byDesmond Devendran
 
DOC
Audit logs for Security and Compliance
byAnton Chuvakin
 
PPTX
Log maintenance network securiy
byMohsin Ali
 
PPT
Making Logs Sexy Again: Can We Finally Lose The Regexes?
byAnton Chuvakin
 
PPTX
Log Files
byHeinrich Hartmann
 
PPTX
Enterprise Logging and Log Management: Hot Topics by Dr. Anton Chuvakin
byAnton Chuvakin
 
PDF
UNIT -III SIEM aur baato kaise hai aap log.pdf
byhefagi6193
 
PPT
Investigating server logs
byAnimesh Shaw
 
PPT
Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008
byguestc0c304
 
PPT
Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008
byAnton Chuvakin
 
PPTX
detection pptx siem analyst security for understanding
byMuhammadAriSetiawan2
 
PPTX
Log Standards & Future Trends by Dr. Anton Chuvakin
byAnton Chuvakin
 
PPTX
First Responders Course - Session 6 - Detection Systems [2004]
byPhil Huggins FBCS CITP
 
PPT
Six Mistakes of Log Management 2008
byAnton Chuvakin
 
Logs for Information Assurance and Forensics @ USMA
byAnton Chuvakin
 
FIRST 2006 Full-day Tutorial on Logs for Incident Response
byAnton Chuvakin
 
Log Forensics from CEIC 2007
byAnton Chuvakin
 
NIST 800-92 Log Management Guide in the Real World
byAnton Chuvakin
 
Power of logs: practices for network security
byInformation Technology Society Nepal
 
Logs: Can’t Hate Them, Won’t Love Them: Brief Log Management Class by Anton C...
byAnton Chuvakin
 
File000138
byDesmond Devendran
 
Audit logs for Security and Compliance
byAnton Chuvakin
 
Log maintenance network securiy
byMohsin Ali
 
Making Logs Sexy Again: Can We Finally Lose The Regexes?
byAnton Chuvakin
 
Log Files
byHeinrich Hartmann
 
Enterprise Logging and Log Management: Hot Topics by Dr. Anton Chuvakin
byAnton Chuvakin
 
UNIT -III SIEM aur baato kaise hai aap log.pdf
byhefagi6193
 
Investigating server logs
byAnimesh Shaw
 
Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008
byguestc0c304
 
Logs for Incident Response and Forensics: Key Issues for GOVCERT.NL 2008
byAnton Chuvakin
 
detection pptx siem analyst security for understanding
byMuhammadAriSetiawan2
 
Log Standards & Future Trends by Dr. Anton Chuvakin
byAnton Chuvakin
 
First Responders Course - Session 6 - Detection Systems [2004]
byPhil Huggins FBCS CITP
 
Six Mistakes of Log Management 2008
byAnton Chuvakin
 

More from NSConclave

PDF
RED-TEAM_Conclave
byNSConclave
 
PPTX
Create a Custom Plugin in Burp Suite using the Extension
byNSConclave
 
PPTX
IOT SECURITY ASSESSMENT Pentester's Approach
byNSConclave
 
PPTX
Debugging Android Native Library
byNSConclave
 
PPTX
Burp Suite Extension Development
byNSConclave
 
PDF
Regular Expression Injection
byNSConclave
 
PDF
HTML5 Messaging (Post Message)
byNSConclave
 
PDF
Node.js Deserialization
byNSConclave
 
PDF
RIA Cross Domain Policy
byNSConclave
 
PDF
LDAP Injection
byNSConclave
 
PDF
Python Deserialization Attacks
byNSConclave
 
PDF
Sandboxing
byNSConclave
 
PDF
NoSql Injection
byNSConclave
 
PDF
Thick Client Testing Advanced
byNSConclave
 
PDF
Thick Client Testing Basics
byNSConclave
 
PDF
Markdown
byNSConclave
 
PDF
Docker 101
byNSConclave
 
PDF
Security Architecture Consulting - Hiren Shah
byNSConclave
 
PDF
OSINT: Open Source Intelligence - Rohan Braganza
byNSConclave
 
PDF
Lets get started with car hacking - Ankit Joshi
byNSConclave
 
RED-TEAM_Conclave
byNSConclave
 
Create a Custom Plugin in Burp Suite using the Extension
byNSConclave
 
IOT SECURITY ASSESSMENT Pentester's Approach
byNSConclave
 
Debugging Android Native Library
byNSConclave
 
Burp Suite Extension Development
byNSConclave
 
Regular Expression Injection
byNSConclave
 
HTML5 Messaging (Post Message)
byNSConclave
 
Node.js Deserialization
byNSConclave
 
RIA Cross Domain Policy
byNSConclave
 
LDAP Injection
byNSConclave
 
Python Deserialization Attacks
byNSConclave
 
Sandboxing
byNSConclave
 
NoSql Injection
byNSConclave
 
Thick Client Testing Advanced
byNSConclave
 
Thick Client Testing Basics
byNSConclave
 
Markdown
byNSConclave
 
Docker 101
byNSConclave
 
Security Architecture Consulting - Hiren Shah
byNSConclave
 
OSINT: Open Source Intelligence - Rohan Braganza
byNSConclave
 
Lets get started with car hacking - Ankit Joshi
byNSConclave
 

Recently uploaded

PDF
LogiNext Media Kit & Company Overview 2025
bysmritipatil055
 
PDF
LogiNext Media Kit & Company Overview 2025
bydhrutipatelk5617
 
PDF
LogiNext Media Kit & Company Overview 2025
bypriyajoshi2929
 
PPTX
Applicius Technologies: Full Service Overview for Branding, SEO, Web & App De...
byappliciustech
 
PDF
Physiotherapist App Development for Modern Rehabilitation
byV3CUBE TECHNOLABS
 
PDF
Manual Testing Still Matters: 7 Areas Where Humans Beat Automation
byKiwiQA Services
 
PDF
SLIDE PROPARTNER SUMMIT 2025 - ITALY.pdf
bygiuo
 
PDF
Accelerating Data Validation with QuerySurge AI
byRTTS
 
PDF
Smart ways to se AI in your business , presentation
byAI n Dot Net
 
PDF
Own Your Domain Before It Owns You - Domain Driven Design for Pragmaticians
byPosedio GmbH
 
PDF
AI-native development: from Prompt to Platform
byMaxim Salnikov
 
DOCX
The Rise of Headless CMS in Modern Web Development.docx
bywork4noahmiller
 
PDF
谷歌留痕技术教程[ 𝙩𝙤𝙥 𝟮𝟯𝟯. 𝙘 𝙤𝙢 ]
by6stynggfo
 
PDF
Why I Volunteer at FOSDEM and You Should Too
byImma Valls Bernaus
 
PDF
GDG ON CAMPUS NETAJI SUBHASH ENGINEERING COLLEGE BUILDING INTELLIGENT WEB APP...
bydscnsecorg
 
PDF
ChampionMATES – Compete With Friends. Predict Sports. Become the Champion.
byRafal Ksiazek
 
PDF
LogiNext Media Kit & Company Overview 2025
bysanikaroy72
 
PDF
Figma systems development services
bydavidjohansen1597
 
PDF
How to find your event photos instantly with a selfie using SnapSeek
bySnapSeek.app
 
PDF
LogiNext Media Kit & Company Overview 2025
bynidhisharmaq7184
 
LogiNext Media Kit & Company Overview 2025
bysmritipatil055
 
LogiNext Media Kit & Company Overview 2025
bydhrutipatelk5617
 
LogiNext Media Kit & Company Overview 2025
bypriyajoshi2929
 
Applicius Technologies: Full Service Overview for Branding, SEO, Web & App De...
byappliciustech
 
Physiotherapist App Development for Modern Rehabilitation
byV3CUBE TECHNOLABS
 
Manual Testing Still Matters: 7 Areas Where Humans Beat Automation
byKiwiQA Services
 
SLIDE PROPARTNER SUMMIT 2025 - ITALY.pdf
bygiuo
 
Accelerating Data Validation with QuerySurge AI
byRTTS
 
Smart ways to se AI in your business , presentation
byAI n Dot Net
 
Own Your Domain Before It Owns You - Domain Driven Design for Pragmaticians
byPosedio GmbH
 
AI-native development: from Prompt to Platform
byMaxim Salnikov
 
The Rise of Headless CMS in Modern Web Development.docx
bywork4noahmiller
 
谷歌留痕技术教程[ 𝙩𝙤𝙥 𝟮𝟯𝟯. 𝙘 𝙤𝙢 ]
by6stynggfo
 
Why I Volunteer at FOSDEM and You Should Too
byImma Valls Bernaus
 
GDG ON CAMPUS NETAJI SUBHASH ENGINEERING COLLEGE BUILDING INTELLIGENT WEB APP...
bydscnsecorg
 
ChampionMATES – Compete With Friends. Predict Sports. Become the Champion.
byRafal Ksiazek
 
LogiNext Media Kit & Company Overview 2025
bysanikaroy72
 
Figma systems development services
bydavidjohansen1597
 
How to find your event photos instantly with a selfie using SnapSeek
bySnapSeek.app
 
LogiNext Media Kit & Company Overview 2025
bynidhisharmaq7184
 

Log Analysis

  • 1.
    Log Analysis NSConclave Click toadd text Click to add text By Ravi Kariya 31st March 2020/4th May 2020 Click to add text
  • 2.
    Agenda  Introduction  Howdoes it work?  Why does it require?  Use cases  It's Demo Time  Tools we can use  Log Monitoring v/s Log Analysis Ravi Kariya imrkariya rrkariya 2
  • 3.
    Introduction  Audit trailrecords  Document activities  Log analysis the evaluation of these records  To mitigate a variety of risks  To meet compliance regulations 3
  • 4.
    How does itwork?  Where can logs created?  Devices, Applications, OS, Smart Devices, etc...  All of them are saved in disk, in files, or log collectors  Consists a complete range of messages  Should be cleaned, structured to analyze patterns and anomalies  Can help to detect intrusions 4
  • 5.
    Why? Let's havelook into the flashback... Reconnaissance Scanning Gaining Access Maintaining Access Clearing Tracks 5
  • 6.
    Use cases  Tocomply with internal security policies and outside regulations and audits  To understand and respond to data breaches and other security incidents  To troubleshoot systems, computers, or networks  To understand the behaviors of your users  To conduct forensics in the event of an investigation 6
  • 7.
  • 8.
    Linux utilities wemay need... 8  awk - pattern scanning and processing language  cat - concatenate files and print on the standard output  grep - print lines that match patterns  ls – list directory contents  Sed - stream editor for filtering and transforming text  Sort - sort lines of text files  uniq - report or omit repeated lines  wc - print newline, word, and byte counts for each file  End of Thinking Capacity (etc)...
  • 9.
    Sample Log FilesWe Have Lile... 9
  • 10.
  • 11.
  • 12.
    Let's divide andrule the log file... 12  Part 1: Client's IP Address  Part 4,5: Time stamp and time zone of the client's IP.  Part 6: The Request Method which was applied (GET, POST, etc...)  Part 7: URL which was visited  Part 8: Version of HTTP used at the time of visiting  Part 9: HTTP Response Code (2xx, 3xx, 4xx, 5xx)  Part 10: Content length of the response  Part 11: Referrer Header value of Request  Part 12 to 18: User-agent Details Note: Missing parts are for self-study
  • 13.
    Let's check oursuspects... 13 Someone has visited the site for more than 8 lakhs time... Why?
  • 14.
    Let's check suspectsone by one 14  Command - cat access.* | grep "10.80.18.1" > Suspect/Suspect_1 - vim Suspect/Suspect_1 Note: Don't forget to enable the number mode.
  • 15.
    Let's check suspectsone by one, Cont'd.... and we can see that what is suspect doing here... 15
  • 16.
    Tools  Graylog  Nagios Elastic Stack (the "ELK Stack")  LOGalyze  Fluentd 16
  • 17.
    Log Monitoring v/sLog Analysis  Log monitoring is the act of reviewing collected logs as they are recorded.  Log analysis, on the other hand, is a process typically performed by developers or other IT folks. 17
  • 18.
    Quick Recap  Logsare maintained to detect intrusion attacks as well as used for trouble shooting purpose  Logs can be saved at devices  It is required to meet the compliance regulations  Various tools are also available to analyse logs  This is different than the log monitoring 18
  • 19.
  • 20.