Skip to main content
Information Security

All Questions

Ask Question
Tagged with
6 questions
Newest Active Bountied Unanswered
1 vote
0 answers
47 views

How to analyze anomalous behavior in network having network log?

I have an assignment in which I have three logs from a network. One for control, from which I can define a typical behaviour pattern, one in which I have strange behaviour from accesses within the ...
dyxcvi's user avatar
dyxcvi
  • 11
1 vote
1 answer
2k views

Where can I download sample security log file archives?

I am volunteering to teach some folks to learn Splunk to analyze logs by using SIEM. Therefore I will need some public log file archives such as auditd, secure.log, firewall, webapp logs, which I can ...
Blacklion's user avatar
Blacklion
  • 93
2 votes
2 answers
3k views

Tracking Down Failed Logins

I've recently implemented a SIEM solution, and am now able to see a large amount of failed login attempts from legitimate users. In fact, it's such high volume that my SIEM is correlating them to be ...
Jake Y's user avatar
Jake Y
  • 21
3 votes
4 answers
952 views

SOC and generic log parsing

I am making a conceptual work-flow of a SOC so if we suppose that a SIEM solution is integrated inside an organization's in-house SOC. Also, if the team of the SOC is the one managing the SIEM ...
Hilo21's user avatar
Hilo21
  • 33
1 vote
0 answers
134 views

Would extracting logs from a European server to a US SIEM system cause privacy legal concerns?

Looking for an answer related to the European "General Data Protection Regulation." laws.
Kamic's user avatar
Kamic
  • 693
1 vote
1 answer
1k views

Are SIEM and NIDS/HIDS complementary?

I just would like to have your feedback if you were involved with Security Information and Event Management. From your experience, do we have to add a SIEM to an existing NIDS (snort) and HIDS (ossec)...
phackt's user avatar
phackt
  • 11