SlideShare a Scribd company logo

SureLog SIEM Profiler

Download as DOCX, PDF
Ertugrul Akbas
Ertugrul Akbas

SureLog leverage automated behavioral profiling to automatically detect anomalies and autonomously define rules on the data, to discover security events that require investigation. Behavior analysis and profiling relies on statistical modeling and data science in SureLog in order to identify patterns of behavior and compare them against other human or machine activities. The Profiler is a feature extraction mechanism that can generate a profile describing the behavior of an entity. An entity might be an any field of message like protocol used in communication as well as a server, user, subnet or application. Once a profile has been generated defining what normal behavior looks-like, models can be built that identify anomalous behavior.

Technology
1 of 4
SURELOG SIEM PROFILER SureLog leverage automated behavioral profiling to automatically detect anomalies and autonomously define rules on the data, to discover security events that require investigation. Behavior analysis and profiling relies on statistical modeling and data science in SureLog in order to identify patterns of behavior and compare them against other human or machine activities. The Profiler is a feature extraction mechanism that can generate a profile describing the behavior of an entity. An entity might be an any field of message like protocol used in communication as well as a server, user, subnet or application. Once a profile has been generated defining what normal behavior looks-like, models can be built that identify anomalous behavior. In SureLog; Profiler is enhancing SIEM Correlation Rules Through Baselining. This is achieved by summarizing the streaming telemetry data consumed by SureLog over sliding windows. Profiling is compressing time. A summary statistic is applied to the data received within a given window. Collecting this summary across many windows results in a time series that is useful for analysis. Any field contained within a message can be used to generate a profile. A profile can even be produced by combining fields that originate in different data sources. A user has considerable power to transform the data used in a profile by leveraging the SureLog correlation engine. SureLog Rule As a Code platform [1] which is powered by JAVA is the definition point for profiles. Profiler in correlation engine can be configured using JAVA. Profile definition: result=Profiler.update(profilename, foreach, filter, hour, dayofweek, day, month, function, data) Profiles A profile definition requires JAVA method definition. The specification contains the following elements.
Name Description profilename Required Unique name identifyingthe profile. foreach Required A separate profile is maintained“foreach”of these. filter Required Booleanexpressionthat determinesif amessage shouldbe appliedtothe profile. data Required One or more expressions executedatthe start of a window period. update Required One or more expressions executedwhenamessage is appliedtothe profile.Name of the JAVA method. expires Optional Profile data& calculation expiresafterthistime Example 1: The ratio of DNS traffic to HTTP traffic for each host. The following profiler rule as a code would be used to generate this profile. Profiler profiler=new Profiler(); if (generalcorrelationobject1.getProtocol()=='HTTP') profiler.update("Profiler- 10",generalcorrelationobject1.SourceAccount,"http_total",generalcorrelati onobject1.getHour(),generalcorrelationobject1.getDayOfWeek(),generalcorre lationobject1.getDay(),generalcorrelationobject1.getMonth(),"SUM",1); else if (generalcorrelationobject1.getProtocol()=='DNS') profiler.update("Profiler- 10",generalcorrelationobject1.SourceAccount,"dns_total",generalcorrelatio nobject1.getHour(),generalcorrelationobject1.getDayOfWeek(),generalcorrel ationobject1.getDay(),generalcorrelationobject1.getMonth(),"SUM",1); Baseline creation: createweekdaybaseline(String pure_profile_name, int dayofweek, int lastnumberofweeks,String parameter) in this case a particular user will be known. The following examples shows how this profile data might be retrieved. Retrieve all values of ‘http_protocol/dns_protocol’ from over the past 4 weeks of the 4 th day of the week (Tuesday) and calculate percentiles (A percentile (or a centile) is a measure used in statistics indicating the value below which a given percentage of observations in a group of observations fall. For example, the 20th percentile is the value (or score) below which 20% of the observations may be found.)
ProfilerUtil pu=new ProfilerUtil(); // look for a user whose http to dns protocol ratio is %300 more than %95 of the other users for the last four week ratio for 4th day of week(Tuesday) pu.percentile(95,300,"Profiler-10",5,4,"http_total","dns_total"); Example 2: The total number of bytes of HTTP data for each host Profiler profiler=new Profiler(); if (generalcorrelationobject1.getProtocol()=='HTTP') profiler.update("Profiler- HTTP",generalcorrelationobject1.SourceMachine,"http_size",generalcorrelat ionobject1.getHour(),generalcorrelationobject1.getDayOfWeek(),generalcorr elationobject1.getDay(),generalcorrelationobject1.getMonth(),"SUM", generalcorrelationobject1.getRCVD()); The following examples shows how this profile data might be retrieved. Retrieve all values of ‘http_protocol/dns_protocol’ from over the past 4 weeks of the 4 th day of the week (Tuesday) and calculate percentiles and get the Source IPs which HTTP traffic is more than %95 of others Soure IPs. ProfilerUtil pu=new ProfilerUtil(); // look for a user whose http to dns protocol ratio is %10 more than %95 of the other users for the last four week ratio for 4th day of week(Tuesday) pu.percentile(95,10,"Profiler-HTTP ",5,4); Example 3: The average of the lengthfieldof HTTPtraffic.The followingconfigurationwould be usedto generate thisprofile.: Profiler profiler=new Profiler(); if (generalcorrelationobject1.getProtocol()=='HTTP') profiler.update("Profiler-HTTP- Length",generalcorrelationobject1.SourceMachine,"http_lenght",generalcorr elationobject1.getHour(),generalcorrelationobject1.getDayOfWeek(),general correlationobject1.getDay(),generalcorrelationobject1.getMonth(),"SUM", generalcorrelationobject1.getURL().length()); In orderto create average/mean ProfilerUtil pu=new ProfilerUtil(); // Mean for the last 7 hours result=pu.meanHourly("Profiler-HTTP-Length",7);
Example 4: These examples assume a profile has been defined called ‘snort-alerts’ that tracks the number of Snort alerts associated with an IP address over time. The profile definition might look similar to the following. Profiler profiler=new Profiler(); if (generalcorrelationobject1.getLogSubType()=='Snort') profiler.update("Profiler- Snort",generalcorrelationobject1.SourceMachine,"snort",generalcorrelation object1.getHour(),generalcorrelationobject1.getDayOfWeek(),generalcorrela tionobject1.getDay(),generalcorrelationobject1.getMonth(),"SUM", 1); In orderto create average/mean ProfilerUtil pu=new ProfilerUtil(); // Mean for the last 7 hours result=pu.meanHourly("Profiler-Snort",7); Profilerlearnsfromwhatusersandentitiesdoona regularbasis,forinstance,  where douserslogin from?  whatdevicesdotheyloginfrom?  whatfile serversandapplicationsdotheyaccess?  whatprivilegesdotheyhave?andso on. Example 5: How to detectwhenauserlog infor firsttime in a system? Profiler profiler=new Profiler(); if (generalcorrelationobject1.getTAXONOMY()==' Informational.Authentication.Succeeded') profiler.update("Profiler- Login",generalcorrelationobject1.SourceAccount(), generalcorrelationobject1.SourceMachine,generalcorrelationobject1.getHour (),generalcorrelationobject1.getDayOfWeek(),generalcorrelationobject1.get Day(),generalcorrelationobject1.getMonth(),"ADD", 1); ConcurrentHashMap profile=pu.createweekdaybaselineAsMap("Profiler- Login",7,4,"Login"); if (profile!=null) GlobalListManager.profiles.put("log-term-logins",profile); CheckInListchk=newCheckInList(); if(chk.isInList("log-term- logins","Login",generalcorrelationobject1.getSourceAccount(),generalcorrelationobject1.getSourc eMachine())) chk.notify(); References 1- https://medium.com/which-generation-of-siem/rule-as-a-code-surelog-correlation-engine- and-beyond-90dc6ab9a52c

Recommended

Siem tools
Siem toolsSiem tools
Siem toolsErtugrul Akbas
 
SureLog SIEM
SureLog SIEMSureLog SIEM
SureLog SIEMErtugrul Akbas
 
Log correlation SIEM rule examples and correlation engine performance data
Log correlation SIEM rule examples and correlation engine performance dataLog correlation SIEM rule examples and correlation engine performance data
Log correlation SIEM rule examples and correlation engine performance dataErtugrul Akbas
 
SIEM Surelog Arcsight Qradar LogRhythm Alienvault Solarwinds LEM Performance...
SIEM Surelog Arcsight Qradar LogRhythm Alienvault Solarwinds LEM Performance...SIEM Surelog Arcsight Qradar LogRhythm Alienvault Solarwinds LEM Performance...
SIEM Surelog Arcsight Qradar LogRhythm Alienvault Solarwinds LEM Performance...Ertugrul Akbas
 
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...Monitoring Privileged User Actions for Security and Compliance with SureLog: ...
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...Ertugrul Akbas
 
Enhancing SIEM Correlation Rules Through Baselining
Enhancing SIEM Correlation Rules Through BaseliningEnhancing SIEM Correlation Rules Through Baselining
Enhancing SIEM Correlation Rules Through BaseliningErtugrul Akbas
 
Why SureLog?
Why SureLog?Why SureLog?
Why SureLog?Ertugrul Akbas
 
Writing Nagios Plugins in Python
Writing Nagios Plugins in PythonWriting Nagios Plugins in Python
Writing Nagios Plugins in Pythonguesta6e653
 

Recommended

Siem tools
Siem toolsSiem tools
Siem toolsErtugrul Akbas
 
SureLog SIEM
SureLog SIEMSureLog SIEM
SureLog SIEMErtugrul Akbas
 
Log correlation SIEM rule examples and correlation engine performance data
Log correlation SIEM rule examples and correlation engine performance dataLog correlation SIEM rule examples and correlation engine performance data
Log correlation SIEM rule examples and correlation engine performance dataErtugrul Akbas
 
SIEM Surelog Arcsight Qradar LogRhythm Alienvault Solarwinds LEM Performance...
SIEM Surelog Arcsight Qradar LogRhythm Alienvault Solarwinds LEM Performance...SIEM Surelog Arcsight Qradar LogRhythm Alienvault Solarwinds LEM Performance...
SIEM Surelog Arcsight Qradar LogRhythm Alienvault Solarwinds LEM Performance...Ertugrul Akbas
 
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...Monitoring Privileged User Actions for Security and Compliance with SureLog: ...
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...Ertugrul Akbas
 
Enhancing SIEM Correlation Rules Through Baselining
Enhancing SIEM Correlation Rules Through BaseliningEnhancing SIEM Correlation Rules Through Baselining
Enhancing SIEM Correlation Rules Through BaseliningErtugrul Akbas
 
Why SureLog?
Why SureLog?Why SureLog?
Why SureLog?Ertugrul Akbas
 
Writing Nagios Plugins in Python
Writing Nagios Plugins in PythonWriting Nagios Plugins in Python
Writing Nagios Plugins in Pythonguesta6e653
 
8 must dos for a perfect privileged account management strategy
8 must dos for a perfect privileged account management strategy8 must dos for a perfect privileged account management strategy
8 must dos for a perfect privileged account management strategyManageEngine
 
IT security : Keep calm and monitor PowerShell
IT security : Keep calm and monitor PowerShellIT security : Keep calm and monitor PowerShell
IT security : Keep calm and monitor PowerShellManageEngine
 
SHOWDOWN: Threat Stack vs. Red Hat AuditD
SHOWDOWN: Threat Stack vs. Red Hat AuditDSHOWDOWN: Threat Stack vs. Red Hat AuditD
SHOWDOWN: Threat Stack vs. Red Hat AuditDThreat Stack
 
First Response - Session 11 - Incident Response [2004]
First Response - Session 11 - Incident Response [2004]First Response - Session 11 - Incident Response [2004]
First Response - Session 11 - Incident Response [2004]Phil Huggins FBCS CITP
 
Top 5 Priorities for Cloud Security
Top 5 Priorities for Cloud SecurityTop 5 Priorities for Cloud Security
Top 5 Priorities for Cloud SecurityTeri Radichel
 
10 Good Reasons - NetApp for ransomware protection
10 Good Reasons - NetApp for ransomware protection10 Good Reasons - NetApp for ransomware protection
10 Good Reasons - NetApp for ransomware protectionMatt Watts
 
Should You Use Security Point Solutions?
Should You Use Security Point Solutions?Should You Use Security Point Solutions?
Should You Use Security Point Solutions?Threat Stack
 
Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Matt Soseman
 
Sol 03 - Office 365 Advanced Security Hardening with cFocus Software
Sol 03 - Office 365 Advanced Security Hardening with cFocus SoftwareSol 03 - Office 365 Advanced Security Hardening with cFocus Software
Sol 03 - Office 365 Advanced Security Hardening with cFocus SoftwareJasson Walker
 
HPE ArcSight RepSM Plus Model Import Connector Config Guide
HPE ArcSight RepSM Plus Model Import Connector Config GuideHPE ArcSight RepSM Plus Model Import Connector Config Guide
HPE ArcSight RepSM Plus Model Import Connector Config Guideprotect724rkeer
 
HPE ArcSight RepSM Plus 1.6 Release Notes
HPE ArcSight RepSM Plus 1.6 Release NotesHPE ArcSight RepSM Plus 1.6 Release Notes
HPE ArcSight RepSM Plus 1.6 Release Notesprotect724rkeer
 
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk
 
SplunkLive! Zurich 2018: Splunk for Security at Swisscom CSIRT
SplunkLive! Zurich 2018: Splunk for Security at Swisscom CSIRTSplunkLive! Zurich 2018: Splunk for Security at Swisscom CSIRT
SplunkLive! Zurich 2018: Splunk for Security at Swisscom CSIRTSplunk
 
Sumo Logic Quickstart - Jan 2017
Sumo Logic Quickstart - Jan 2017Sumo Logic Quickstart - Jan 2017
Sumo Logic Quickstart - Jan 2017Sumo Logic
 
AWS Security Ideas - re:Invent 2016
AWS Security Ideas - re:Invent 2016AWS Security Ideas - re:Invent 2016
AWS Security Ideas - re:Invent 2016Teri Radichel
 
Deployment websese
Deployment webseseDeployment websese
Deployment websesethanglx
 
Sumo Logic QuickStart Webinar Oct 2016
Sumo Logic QuickStart Webinar Oct 2016Sumo Logic QuickStart Webinar Oct 2016
Sumo Logic QuickStart Webinar Oct 2016Sumo Logic
 
It All Started With a Wager About System Upgrades
It All Started With a Wager About System UpgradesIt All Started With a Wager About System Upgrades
It All Started With a Wager About System UpgradesThreat Stack
 
HPE ArcSight RepSM Plus 1.6 Solution Guide
HPE ArcSight RepSM Plus 1.6 Solution GuideHPE ArcSight RepSM Plus 1.6 Solution Guide
HPE ArcSight RepSM Plus 1.6 Solution Guideprotect724rkeer
 
Sumo Logic Webinar: Visibility into your Host Metrics
Sumo Logic Webinar: Visibility into your Host MetricsSumo Logic Webinar: Visibility into your Host Metrics
Sumo Logic Webinar: Visibility into your Host MetricsSumo Logic
 
Detection as Code, Automation, and Testing: The Key to Unlocking the Power of...
Detection as Code, Automation, and Testing: The Key to Unlocking the Power of...Detection as Code, Automation, and Testing: The Key to Unlocking the Power of...
Detection as Code, Automation, and Testing: The Key to Unlocking the Power of...MITRE ATT&CK
 
Unit 1
Unit 1Unit 1
Unit 1donny101
 

More Related Content

What's hot

8 must dos for a perfect privileged account management strategy
8 must dos for a perfect privileged account management strategy8 must dos for a perfect privileged account management strategy
8 must dos for a perfect privileged account management strategyManageEngine
 
IT security : Keep calm and monitor PowerShell
IT security : Keep calm and monitor PowerShellIT security : Keep calm and monitor PowerShell
IT security : Keep calm and monitor PowerShellManageEngine
 
SHOWDOWN: Threat Stack vs. Red Hat AuditD
SHOWDOWN: Threat Stack vs. Red Hat AuditDSHOWDOWN: Threat Stack vs. Red Hat AuditD
SHOWDOWN: Threat Stack vs. Red Hat AuditDThreat Stack
 
First Response - Session 11 - Incident Response [2004]
First Response - Session 11 - Incident Response [2004]First Response - Session 11 - Incident Response [2004]
First Response - Session 11 - Incident Response [2004]Phil Huggins FBCS CITP
 
Top 5 Priorities for Cloud Security
Top 5 Priorities for Cloud SecurityTop 5 Priorities for Cloud Security
Top 5 Priorities for Cloud SecurityTeri Radichel
 
10 Good Reasons - NetApp for ransomware protection
10 Good Reasons - NetApp for ransomware protection10 Good Reasons - NetApp for ransomware protection
10 Good Reasons - NetApp for ransomware protectionMatt Watts
 
Should You Use Security Point Solutions?
Should You Use Security Point Solutions?Should You Use Security Point Solutions?
Should You Use Security Point Solutions?Threat Stack
 
Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Matt Soseman
 
Sol 03 - Office 365 Advanced Security Hardening with cFocus Software
Sol 03 - Office 365 Advanced Security Hardening with cFocus SoftwareSol 03 - Office 365 Advanced Security Hardening with cFocus Software
Sol 03 - Office 365 Advanced Security Hardening with cFocus SoftwareJasson Walker
 
HPE ArcSight RepSM Plus Model Import Connector Config Guide
HPE ArcSight RepSM Plus Model Import Connector Config GuideHPE ArcSight RepSM Plus Model Import Connector Config Guide
HPE ArcSight RepSM Plus Model Import Connector Config Guideprotect724rkeer
 
HPE ArcSight RepSM Plus 1.6 Release Notes
HPE ArcSight RepSM Plus 1.6 Release NotesHPE ArcSight RepSM Plus 1.6 Release Notes
HPE ArcSight RepSM Plus 1.6 Release Notesprotect724rkeer
 
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk
 
SplunkLive! Zurich 2018: Splunk for Security at Swisscom CSIRT
SplunkLive! Zurich 2018: Splunk for Security at Swisscom CSIRTSplunkLive! Zurich 2018: Splunk for Security at Swisscom CSIRT
SplunkLive! Zurich 2018: Splunk for Security at Swisscom CSIRTSplunk
 
Sumo Logic Quickstart - Jan 2017
Sumo Logic Quickstart - Jan 2017Sumo Logic Quickstart - Jan 2017
Sumo Logic Quickstart - Jan 2017Sumo Logic
 
AWS Security Ideas - re:Invent 2016
AWS Security Ideas - re:Invent 2016AWS Security Ideas - re:Invent 2016
AWS Security Ideas - re:Invent 2016Teri Radichel
 
Deployment websese
Deployment webseseDeployment websese
Deployment websesethanglx
 
Sumo Logic QuickStart Webinar Oct 2016
Sumo Logic QuickStart Webinar Oct 2016Sumo Logic QuickStart Webinar Oct 2016
Sumo Logic QuickStart Webinar Oct 2016Sumo Logic
 
It All Started With a Wager About System Upgrades
It All Started With a Wager About System UpgradesIt All Started With a Wager About System Upgrades
It All Started With a Wager About System UpgradesThreat Stack
 
HPE ArcSight RepSM Plus 1.6 Solution Guide
HPE ArcSight RepSM Plus 1.6 Solution GuideHPE ArcSight RepSM Plus 1.6 Solution Guide
HPE ArcSight RepSM Plus 1.6 Solution Guideprotect724rkeer
 
Sumo Logic Webinar: Visibility into your Host Metrics
Sumo Logic Webinar: Visibility into your Host MetricsSumo Logic Webinar: Visibility into your Host Metrics
Sumo Logic Webinar: Visibility into your Host MetricsSumo Logic
 

What's hot (20)

8 must dos for a perfect privileged account management strategy
8 must dos for a perfect privileged account management strategy8 must dos for a perfect privileged account management strategy
8 must dos for a perfect privileged account management strategy
 
IT security : Keep calm and monitor PowerShell
IT security : Keep calm and monitor PowerShellIT security : Keep calm and monitor PowerShell
IT security : Keep calm and monitor PowerShell
 
SHOWDOWN: Threat Stack vs. Red Hat AuditD
SHOWDOWN: Threat Stack vs. Red Hat AuditDSHOWDOWN: Threat Stack vs. Red Hat AuditD
SHOWDOWN: Threat Stack vs. Red Hat AuditD
 
First Response - Session 11 - Incident Response [2004]
First Response - Session 11 - Incident Response [2004]First Response - Session 11 - Incident Response [2004]
First Response - Session 11 - Incident Response [2004]
 
Top 5 Priorities for Cloud Security
Top 5 Priorities for Cloud SecurityTop 5 Priorities for Cloud Security
Top 5 Priorities for Cloud Security
 
10 Good Reasons - NetApp for ransomware protection
10 Good Reasons - NetApp for ransomware protection10 Good Reasons - NetApp for ransomware protection
10 Good Reasons - NetApp for ransomware protection
 
Should You Use Security Point Solutions?
Should You Use Security Point Solutions?Should You Use Security Point Solutions?
Should You Use Security Point Solutions?
 
Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck
 
Sol 03 - Office 365 Advanced Security Hardening with cFocus Software
Sol 03 - Office 365 Advanced Security Hardening with cFocus SoftwareSol 03 - Office 365 Advanced Security Hardening with cFocus Software
Sol 03 - Office 365 Advanced Security Hardening with cFocus Software
 
HPE ArcSight RepSM Plus Model Import Connector Config Guide
HPE ArcSight RepSM Plus Model Import Connector Config GuideHPE ArcSight RepSM Plus Model Import Connector Config Guide
HPE ArcSight RepSM Plus Model Import Connector Config Guide
 
HPE ArcSight RepSM Plus 1.6 Release Notes
HPE ArcSight RepSM Plus 1.6 Release NotesHPE ArcSight RepSM Plus 1.6 Release Notes
HPE ArcSight RepSM Plus 1.6 Release Notes
 
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
 
SplunkLive! Zurich 2018: Splunk for Security at Swisscom CSIRT
SplunkLive! Zurich 2018: Splunk for Security at Swisscom CSIRTSplunkLive! Zurich 2018: Splunk for Security at Swisscom CSIRT
SplunkLive! Zurich 2018: Splunk for Security at Swisscom CSIRT
 
Sumo Logic Quickstart - Jan 2017
Sumo Logic Quickstart - Jan 2017Sumo Logic Quickstart - Jan 2017
Sumo Logic Quickstart - Jan 2017
 
AWS Security Ideas - re:Invent 2016
AWS Security Ideas - re:Invent 2016AWS Security Ideas - re:Invent 2016
AWS Security Ideas - re:Invent 2016
 
Deployment websese
Deployment webseseDeployment websese
Deployment websese
 
Sumo Logic QuickStart Webinar Oct 2016
Sumo Logic QuickStart Webinar Oct 2016Sumo Logic QuickStart Webinar Oct 2016
Sumo Logic QuickStart Webinar Oct 2016
 
It All Started With a Wager About System Upgrades
It All Started With a Wager About System UpgradesIt All Started With a Wager About System Upgrades
It All Started With a Wager About System Upgrades
 
HPE ArcSight RepSM Plus 1.6 Solution Guide
HPE ArcSight RepSM Plus 1.6 Solution GuideHPE ArcSight RepSM Plus 1.6 Solution Guide
HPE ArcSight RepSM Plus 1.6 Solution Guide
 
Sumo Logic Webinar: Visibility into your Host Metrics
Sumo Logic Webinar: Visibility into your Host MetricsSumo Logic Webinar: Visibility into your Host Metrics
Sumo Logic Webinar: Visibility into your Host Metrics
 

Similar to SureLog SIEM Profiler

Detection as Code, Automation, and Testing: The Key to Unlocking the Power of...
Detection as Code, Automation, and Testing: The Key to Unlocking the Power of...Detection as Code, Automation, and Testing: The Key to Unlocking the Power of...
Detection as Code, Automation, and Testing: The Key to Unlocking the Power of...MITRE ATT&CK
 
SplunkLive! Munich 2018: Data Onboarding Overview
SplunkLive! Munich 2018: Data Onboarding OverviewSplunkLive! Munich 2018: Data Onboarding Overview
SplunkLive! Munich 2018: Data Onboarding OverviewSplunk
 
performancetestingjmeter-121109061704-phpapp02
performancetestingjmeter-121109061704-phpapp02performancetestingjmeter-121109061704-phpapp02
performancetestingjmeter-121109061704-phpapp02Gopi Raghavendra
 
performancetestingjmeter-121109061704-phpapp02 (1)
performancetestingjmeter-121109061704-phpapp02 (1)performancetestingjmeter-121109061704-phpapp02 (1)
performancetestingjmeter-121109061704-phpapp02 (1)QA Programmer
 
Lightning Component - Components, Actions and Events
Lightning Component - Components, Actions and EventsLightning Component - Components, Actions and Events
Lightning Component - Components, Actions and EventsDurgesh Dhoot
 
SplunkLive! Frankfurt 2018 - Data Onboarding Overview
SplunkLive! Frankfurt 2018 - Data Onboarding OverviewSplunkLive! Frankfurt 2018 - Data Onboarding Overview
SplunkLive! Frankfurt 2018 - Data Onboarding OverviewSplunk
 
Application Programming Interface
Application Programming InterfaceApplication Programming Interface
Application Programming InterfaceSeculert
 
Apache Eagle at Hadoop Summit 2016 San Jose
Apache Eagle at Hadoop Summit 2016 San JoseApache Eagle at Hadoop Summit 2016 San Jose
Apache Eagle at Hadoop Summit 2016 San JoseHao Chen
 
Sumo Logic Cert Jam - Security & Compliance
Sumo Logic Cert Jam - Security & ComplianceSumo Logic Cert Jam - Security & Compliance
Sumo Logic Cert Jam - Security & ComplianceSumo Logic
 
Chapter 8 agent-oriented software engineering ch8-prometheus research methodo...
Chapter 8 agent-oriented software engineering ch8-prometheus research methodo...Chapter 8 agent-oriented software engineering ch8-prometheus research methodo...
Chapter 8 agent-oriented software engineering ch8-prometheus research methodo...farshad33
 
Logging, tracing and metrics: Instrumentation in .NET 5 and Azure
Logging, tracing and metrics: Instrumentation in .NET 5 and AzureLogging, tracing and metrics: Instrumentation in .NET 5 and Azure
Logging, tracing and metrics: Instrumentation in .NET 5 and AzureAlex Thissen
 
On the Choice of Models of Computation for Writing Executable Specificatoins ...
On the Choice of Models of Computation for Writing Executable Specificatoins ...On the Choice of Models of Computation for Writing Executable Specificatoins ...
On the Choice of Models of Computation for Writing Executable Specificatoins ...ijeukens
 
Phishing Website Detection Paradigm using XGBoost
Phishing Website Detection Paradigm using XGBoostPhishing Website Detection Paradigm using XGBoost
Phishing Website Detection Paradigm using XGBoostIRJET Journal
 
Cyber intrusion analyst occupational brief
Cyber intrusion analyst occupational briefCyber intrusion analyst occupational brief
Cyber intrusion analyst occupational briefEnda Crossan
 
Performance testing and j meter
Performance testing and j meterPerformance testing and j meter
Performance testing and j meterPurna Chandar
 

Similar to SureLog SIEM Profiler (20)

Detection as Code, Automation, and Testing: The Key to Unlocking the Power of...
Detection as Code, Automation, and Testing: The Key to Unlocking the Power of...Detection as Code, Automation, and Testing: The Key to Unlocking the Power of...
Detection as Code, Automation, and Testing: The Key to Unlocking the Power of...
 
Unit 1
Unit 1Unit 1
Unit 1
 
SplunkLive! Munich 2018: Data Onboarding Overview
SplunkLive! Munich 2018: Data Onboarding OverviewSplunkLive! Munich 2018: Data Onboarding Overview
SplunkLive! Munich 2018: Data Onboarding Overview
 
performancetestingjmeter-121109061704-phpapp02
performancetestingjmeter-121109061704-phpapp02performancetestingjmeter-121109061704-phpapp02
performancetestingjmeter-121109061704-phpapp02
 
performancetestingjmeter-121109061704-phpapp02 (1)
performancetestingjmeter-121109061704-phpapp02 (1)performancetestingjmeter-121109061704-phpapp02 (1)
performancetestingjmeter-121109061704-phpapp02 (1)
 
Lightning Component - Components, Actions and Events
Lightning Component - Components, Actions and EventsLightning Component - Components, Actions and Events
Lightning Component - Components, Actions and Events
 
SplunkLive! Frankfurt 2018 - Data Onboarding Overview
SplunkLive! Frankfurt 2018 - Data Onboarding OverviewSplunkLive! Frankfurt 2018 - Data Onboarding Overview
SplunkLive! Frankfurt 2018 - Data Onboarding Overview
 
Application Programming Interface
Application Programming InterfaceApplication Programming Interface
Application Programming Interface
 
Struts Ppt 1
Struts Ppt 1Struts Ppt 1
Struts Ppt 1
 
Apache Eagle: Secure Hadoop in Real Time
Apache Eagle: Secure Hadoop in Real TimeApache Eagle: Secure Hadoop in Real Time
Apache Eagle: Secure Hadoop in Real Time
 
Apache Eagle at Hadoop Summit 2016 San Jose
Apache Eagle at Hadoop Summit 2016 San JoseApache Eagle at Hadoop Summit 2016 San Jose
Apache Eagle at Hadoop Summit 2016 San Jose
 
Sumo Logic Cert Jam - Security & Compliance
Sumo Logic Cert Jam - Security & ComplianceSumo Logic Cert Jam - Security & Compliance
Sumo Logic Cert Jam - Security & Compliance
 
Chapter 8 agent-oriented software engineering ch8-prometheus research methodo...
Chapter 8 agent-oriented software engineering ch8-prometheus research methodo...Chapter 8 agent-oriented software engineering ch8-prometheus research methodo...
Chapter 8 agent-oriented software engineering ch8-prometheus research methodo...
 
QSpiders - Installation and Brief Dose of Load Runner
QSpiders - Installation and Brief Dose of Load RunnerQSpiders - Installation and Brief Dose of Load Runner
QSpiders - Installation and Brief Dose of Load Runner
 
Logging, tracing and metrics: Instrumentation in .NET 5 and Azure
Logging, tracing and metrics: Instrumentation in .NET 5 and AzureLogging, tracing and metrics: Instrumentation in .NET 5 and Azure
Logging, tracing and metrics: Instrumentation in .NET 5 and Azure
 
On the Choice of Models of Computation for Writing Executable Specificatoins ...
On the Choice of Models of Computation for Writing Executable Specificatoins ...On the Choice of Models of Computation for Writing Executable Specificatoins ...
On the Choice of Models of Computation for Writing Executable Specificatoins ...
 
Phishing Website Detection Paradigm using XGBoost
Phishing Website Detection Paradigm using XGBoostPhishing Website Detection Paradigm using XGBoost
Phishing Website Detection Paradigm using XGBoost
 
Struts
StrutsStruts
Struts
 
Cyber intrusion analyst occupational brief
Cyber intrusion analyst occupational briefCyber intrusion analyst occupational brief
Cyber intrusion analyst occupational brief
 
Performance testing and j meter
Performance testing and j meterPerformance testing and j meter
Performance testing and j meter
 

More from Ertugrul Akbas

BDDK, SPK, TCMB, Cumhurbaşkanlığı Dijital Dönüşüm Ofisi ve ISO27001 Denetiml...
BDDK, SPK, TCMB, Cumhurbaşkanlığı Dijital Dönüşüm Ofisi ve ISO27001 Denetiml...BDDK, SPK, TCMB, Cumhurbaşkanlığı Dijital Dönüşüm Ofisi ve ISO27001 Denetiml...
BDDK, SPK, TCMB, Cumhurbaşkanlığı Dijital Dönüşüm Ofisi ve ISO27001 Denetiml...Ertugrul Akbas
 
Olay Müdahale İçin Canlı Kayıtların Saklanmasının Önemi
Olay Müdahale İçin Canlı Kayıtların Saklanmasının ÖnemiOlay Müdahale İçin Canlı Kayıtların Saklanmasının Önemi
Olay Müdahale İçin Canlı Kayıtların Saklanmasının ÖnemiErtugrul Akbas
 
SOC ve SIEM Çözümlerinde Korelasyon
SOC ve SIEM Çözümlerinde KorelasyonSOC ve SIEM Çözümlerinde Korelasyon
SOC ve SIEM Çözümlerinde KorelasyonErtugrul Akbas
 
SIEM den Maksimum Fayda Almak
SIEM den Maksimum Fayda AlmakSIEM den Maksimum Fayda Almak
SIEM den Maksimum Fayda AlmakErtugrul Akbas
 
SureLog SIEM Fast Edition Özellikleri ve Fiyatı
SureLog SIEM Fast Edition Özellikleri ve FiyatıSureLog SIEM Fast Edition Özellikleri ve Fiyatı
SureLog SIEM Fast Edition Özellikleri ve FiyatıErtugrul Akbas
 
SureLog SIEM Fast Edition
SureLog SIEM Fast EditionSureLog SIEM Fast Edition
SureLog SIEM Fast EditionErtugrul Akbas
 
SureLog intelligent response
SureLog intelligent responseSureLog intelligent response
SureLog intelligent responseErtugrul Akbas
 
SureLog SIEM Has The Best On-Line Log Retention Time (Hot Storage).
SureLog SIEM Has The Best On-Line Log Retention Time (Hot Storage).SureLog SIEM Has The Best On-Line Log Retention Time (Hot Storage).
SureLog SIEM Has The Best On-Line Log Retention Time (Hot Storage).Ertugrul Akbas
 
Detecting attacks with SureLog SIEM
Detecting attacks with SureLog SIEMDetecting attacks with SureLog SIEM
Detecting attacks with SureLog SIEMErtugrul Akbas
 
SIEM ve KVKK Teknik Tedbirlerinin ANET SureLog SIEM ile uygulanması
SIEM ve KVKK Teknik Tedbirlerinin ANET SureLog SIEM ile uygulanması SIEM ve KVKK Teknik Tedbirlerinin ANET SureLog SIEM ile uygulanması
SIEM ve KVKK Teknik Tedbirlerinin ANET SureLog SIEM ile uygulanması Ertugrul Akbas
 
KVKK Siperium Data Analyzer & Data Discovery
KVKK Siperium Data Analyzer & Data DiscoveryKVKK Siperium Data Analyzer & Data Discovery
KVKK Siperium Data Analyzer & Data DiscoveryErtugrul Akbas
 

More from Ertugrul Akbas (20)

BDDK, SPK, TCMB, Cumhurbaşkanlığı Dijital Dönüşüm Ofisi ve ISO27001 Denetiml...
BDDK, SPK, TCMB, Cumhurbaşkanlığı Dijital Dönüşüm Ofisi ve ISO27001 Denetiml...BDDK, SPK, TCMB, Cumhurbaşkanlığı Dijital Dönüşüm Ofisi ve ISO27001 Denetiml...
BDDK, SPK, TCMB, Cumhurbaşkanlığı Dijital Dönüşüm Ofisi ve ISO27001 Denetiml...
 
Olay Müdahale İçin Canlı Kayıtların Saklanmasının Önemi
Olay Müdahale İçin Canlı Kayıtların Saklanmasının ÖnemiOlay Müdahale İçin Canlı Kayıtların Saklanmasının Önemi
Olay Müdahale İçin Canlı Kayıtların Saklanmasının Önemi
 
SOC ve SIEM Çözümlerinde Korelasyon
SOC ve SIEM Çözümlerinde KorelasyonSOC ve SIEM Çözümlerinde Korelasyon
SOC ve SIEM Çözümlerinde Korelasyon
 
SIEM den Maksimum Fayda Almak
SIEM den Maksimum Fayda AlmakSIEM den Maksimum Fayda Almak
SIEM den Maksimum Fayda Almak
 
SureLog SIEM Fast Edition Özellikleri ve Fiyatı
SureLog SIEM Fast Edition Özellikleri ve FiyatıSureLog SIEM Fast Edition Özellikleri ve Fiyatı
SureLog SIEM Fast Edition Özellikleri ve Fiyatı
 
Neden SureLog?
Neden SureLog?Neden SureLog?
Neden SureLog?
 
SureLog SIEM
SureLog SIEMSureLog SIEM
SureLog SIEM
 
SureLog SIEM Fast Edition
SureLog SIEM Fast EditionSureLog SIEM Fast Edition
SureLog SIEM Fast Edition
 
SureLog SIEM
SureLog SIEMSureLog SIEM
SureLog SIEM
 
SureLog SIEM
SureLog SIEMSureLog SIEM
SureLog SIEM
 
SureLog SIEM
SureLog SIEMSureLog SIEM
SureLog SIEM
 
SureLog SIEM
SureLog SIEMSureLog SIEM
SureLog SIEM
 
SureLog SIEM
SureLog SIEMSureLog SIEM
SureLog SIEM
 
SureLog intelligent response
SureLog intelligent responseSureLog intelligent response
SureLog intelligent response
 
SureLog SIEM Has The Best On-Line Log Retention Time (Hot Storage).
SureLog SIEM Has The Best On-Line Log Retention Time (Hot Storage).SureLog SIEM Has The Best On-Line Log Retention Time (Hot Storage).
SureLog SIEM Has The Best On-Line Log Retention Time (Hot Storage).
 
Detecting attacks with SureLog SIEM
Detecting attacks with SureLog SIEMDetecting attacks with SureLog SIEM
Detecting attacks with SureLog SIEM
 
SureLog SIEM
SureLog SIEMSureLog SIEM
SureLog SIEM
 
KVKK
KVKKKVKK
KVKK
 
SIEM ve KVKK Teknik Tedbirlerinin ANET SureLog SIEM ile uygulanması
SIEM ve KVKK Teknik Tedbirlerinin ANET SureLog SIEM ile uygulanması SIEM ve KVKK Teknik Tedbirlerinin ANET SureLog SIEM ile uygulanması
SIEM ve KVKK Teknik Tedbirlerinin ANET SureLog SIEM ile uygulanması
 
KVKK Siperium Data Analyzer & Data Discovery
KVKK Siperium Data Analyzer & Data DiscoveryKVKK Siperium Data Analyzer & Data Discovery
KVKK Siperium Data Analyzer & Data Discovery
 

Recently uploaded

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 

Recently uploaded (20)

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 

SureLog SIEM Profiler

  • 1. SURELOG SIEM PROFILER SureLog leverage automated behavioral profiling to automatically detect anomalies and autonomously define rules on the data, to discover security events that require investigation. Behavior analysis and profiling relies on statistical modeling and data science in SureLog in order to identify patterns of behavior and compare them against other human or machine activities. The Profiler is a feature extraction mechanism that can generate a profile describing the behavior of an entity. An entity might be an any field of message like protocol used in communication as well as a server, user, subnet or application. Once a profile has been generated defining what normal behavior looks-like, models can be built that identify anomalous behavior. In SureLog; Profiler is enhancing SIEM Correlation Rules Through Baselining. This is achieved by summarizing the streaming telemetry data consumed by SureLog over sliding windows. Profiling is compressing time. A summary statistic is applied to the data received within a given window. Collecting this summary across many windows results in a time series that is useful for analysis. Any field contained within a message can be used to generate a profile. A profile can even be produced by combining fields that originate in different data sources. A user has considerable power to transform the data used in a profile by leveraging the SureLog correlation engine. SureLog Rule As a Code platform [1] which is powered by JAVA is the definition point for profiles. Profiler in correlation engine can be configured using JAVA. Profile definition: result=Profiler.update(profilename, foreach, filter, hour, dayofweek, day, month, function, data) Profiles A profile definition requires JAVA method definition. The specification contains the following elements.
  • 2. Name Description profilename Required Unique name identifyingthe profile. foreach Required A separate profile is maintained“foreach”of these. filter Required Booleanexpressionthat determinesif amessage shouldbe appliedtothe profile. data Required One or more expressions executedatthe start of a window period. update Required One or more expressions executedwhenamessage is appliedtothe profile.Name of the JAVA method. expires Optional Profile data& calculation expiresafterthistime Example 1: The ratio of DNS traffic to HTTP traffic for each host. The following profiler rule as a code would be used to generate this profile. Profiler profiler=new Profiler(); if (generalcorrelationobject1.getProtocol()=='HTTP') profiler.update("Profiler- 10",generalcorrelationobject1.SourceAccount,"http_total",generalcorrelati onobject1.getHour(),generalcorrelationobject1.getDayOfWeek(),generalcorre lationobject1.getDay(),generalcorrelationobject1.getMonth(),"SUM",1); else if (generalcorrelationobject1.getProtocol()=='DNS') profiler.update("Profiler- 10",generalcorrelationobject1.SourceAccount,"dns_total",generalcorrelatio nobject1.getHour(),generalcorrelationobject1.getDayOfWeek(),generalcorrel ationobject1.getDay(),generalcorrelationobject1.getMonth(),"SUM",1); Baseline creation: createweekdaybaseline(String pure_profile_name, int dayofweek, int lastnumberofweeks,String parameter) in this case a particular user will be known. The following examples shows how this profile data might be retrieved. Retrieve all values of ‘http_protocol/dns_protocol’ from over the past 4 weeks of the 4 th day of the week (Tuesday) and calculate percentiles (A percentile (or a centile) is a measure used in statistics indicating the value below which a given percentage of observations in a group of observations fall. For example, the 20th percentile is the value (or score) below which 20% of the observations may be found.)
  • 3. ProfilerUtil pu=new ProfilerUtil(); // look for a user whose http to dns protocol ratio is %300 more than %95 of the other users for the last four week ratio for 4th day of week(Tuesday) pu.percentile(95,300,"Profiler-10",5,4,"http_total","dns_total"); Example 2: The total number of bytes of HTTP data for each host Profiler profiler=new Profiler(); if (generalcorrelationobject1.getProtocol()=='HTTP') profiler.update("Profiler- HTTP",generalcorrelationobject1.SourceMachine,"http_size",generalcorrelat ionobject1.getHour(),generalcorrelationobject1.getDayOfWeek(),generalcorr elationobject1.getDay(),generalcorrelationobject1.getMonth(),"SUM", generalcorrelationobject1.getRCVD()); The following examples shows how this profile data might be retrieved. Retrieve all values of ‘http_protocol/dns_protocol’ from over the past 4 weeks of the 4 th day of the week (Tuesday) and calculate percentiles and get the Source IPs which HTTP traffic is more than %95 of others Soure IPs. ProfilerUtil pu=new ProfilerUtil(); // look for a user whose http to dns protocol ratio is %10 more than %95 of the other users for the last four week ratio for 4th day of week(Tuesday) pu.percentile(95,10,"Profiler-HTTP ",5,4); Example 3: The average of the lengthfieldof HTTPtraffic.The followingconfigurationwould be usedto generate thisprofile.: Profiler profiler=new Profiler(); if (generalcorrelationobject1.getProtocol()=='HTTP') profiler.update("Profiler-HTTP- Length",generalcorrelationobject1.SourceMachine,"http_lenght",generalcorr elationobject1.getHour(),generalcorrelationobject1.getDayOfWeek(),general correlationobject1.getDay(),generalcorrelationobject1.getMonth(),"SUM", generalcorrelationobject1.getURL().length()); In orderto create average/mean ProfilerUtil pu=new ProfilerUtil(); // Mean for the last 7 hours result=pu.meanHourly("Profiler-HTTP-Length",7);
  • 4. Example 4: These examples assume a profile has been defined called ‘snort-alerts’ that tracks the number of Snort alerts associated with an IP address over time. The profile definition might look similar to the following. Profiler profiler=new Profiler(); if (generalcorrelationobject1.getLogSubType()=='Snort') profiler.update("Profiler- Snort",generalcorrelationobject1.SourceMachine,"snort",generalcorrelation object1.getHour(),generalcorrelationobject1.getDayOfWeek(),generalcorrela tionobject1.getDay(),generalcorrelationobject1.getMonth(),"SUM", 1); In orderto create average/mean ProfilerUtil pu=new ProfilerUtil(); // Mean for the last 7 hours result=pu.meanHourly("Profiler-Snort",7); Profilerlearnsfromwhatusersandentitiesdoona regularbasis,forinstance,  where douserslogin from?  whatdevicesdotheyloginfrom?  whatfile serversandapplicationsdotheyaccess?  whatprivilegesdotheyhave?andso on. Example 5: How to detectwhenauserlog infor firsttime in a system? Profiler profiler=new Profiler(); if (generalcorrelationobject1.getTAXONOMY()==' Informational.Authentication.Succeeded') profiler.update("Profiler- Login",generalcorrelationobject1.SourceAccount(), generalcorrelationobject1.SourceMachine,generalcorrelationobject1.getHour (),generalcorrelationobject1.getDayOfWeek(),generalcorrelationobject1.get Day(),generalcorrelationobject1.getMonth(),"ADD", 1); ConcurrentHashMap profile=pu.createweekdaybaselineAsMap("Profiler- Login",7,4,"Login"); if (profile!=null) GlobalListManager.profiles.put("log-term-logins",profile); CheckInListchk=newCheckInList(); if(chk.isInList("log-term- logins","Login",generalcorrelationobject1.getSourceAccount(),generalcorrelationobject1.getSourc eMachine())) chk.notify(); References 1- https://medium.com/which-generation-of-siem/rule-as-a-code-surelog-correlation-engine- and-beyond-90dc6ab9a52c