All Questions
Tagged with siem log-analysis
6
questions
1
vote
0
answers
47
views
How to analyze anomalous behavior in network having network log?
I have an assignment in which I have three logs from a network. One for control, from which I can define a typical behaviour pattern, one in which I have strange behaviour from accesses within the ...
1
vote
1
answer
2k
views
Where can I download sample security log file archives?
I am volunteering to teach some folks to learn Splunk to analyze logs by using SIEM. Therefore I will need some public log file archives such as auditd, secure.log, firewall, webapp logs, which I can ...
2
votes
2
answers
3k
views
Tracking Down Failed Logins
I've recently implemented a SIEM solution, and am now able to see a large amount of failed login attempts from legitimate users. In fact, it's such high volume that my SIEM is correlating them to be ...
3
votes
4
answers
952
views
SOC and generic log parsing
I am making a conceptual work-flow of a SOC so if we suppose that a SIEM solution is integrated inside an organization's in-house SOC. Also, if the team of the SOC is the one managing the SIEM ...
1
vote
0
answers
134
views
Would extracting logs from a European server to a US SIEM system cause privacy legal concerns?
Looking for an answer related to the European "General Data Protection Regulation." laws.
1
vote
1
answer
1k
views
Are SIEM and NIDS/HIDS complementary?
I just would like to have your feedback if you were involved with Security Information and Event Management.
From your experience, do we have to add a SIEM to an existing NIDS (snort) and HIDS (ossec)...