All Questions
19
questions
2
votes
2
answers
3k
views
Tracking Down Failed Logins
I've recently implemented a SIEM solution, and am now able to see a large amount of failed login attempts from legitimate users. In fact, it's such high volume that my SIEM is correlating them to be ...
1
vote
0
answers
571
views
How do use ArcSight ESM to monitor powershell logs? [closed]
I have read mixed reviews, our team within our DoD sector suggest that ingestion the logs directly into the SIEM platform would be best and I feel that having a third party tool with signatures, look ...
1
vote
2
answers
692
views
Fortigate Creating Millions of DNS events to standard domains [closed]
I am trying to tune our SIEM and noticed that we are receiving millions of DNS records every day from the same domains.
These are:
update.microsoft.com
swscan.apple.com
softwareupdate.vmware.com
...
3
votes
2
answers
1k
views
How IDS and Firewall Logs are aggregated and feed aggregated log to SIEM?
I am studying SIEM tools.
Firewall logs will be different from IDS logs and even from Antivirus logs.
How can log aggregation take place?
0
votes
3
answers
358
views
What is the difference between Compliance and Auditing in Information Security?
I am a student working on my semester project and it's about developing a SIEM solution with Big Data tools to be used in a SOC (security operations centre) and I know that collecting logs can be used ...
2
votes
1
answer
1k
views
SIEM Alien Vault recommended method for muting noise
I have installed Alien Vault into my environment and I am seeing a ton of logs going into the SIEM. Upon further investigation, I see that these are being generated by AlienVault itself. I think that ...
1
vote
0
answers
134
views
Would extracting logs from a European server to a US SIEM system cause privacy legal concerns?
Looking for an answer related to the European "General Data Protection Regulation." laws.
0
votes
1
answer
430
views
Feeding Azure portal logs into a SIEM solution
Currently working on a cloud transformation project where all infrastructure is being placed into Azure.
We currently use a SIEM solution to monitor and assess events across the environment. The ...
2
votes
2
answers
6k
views
Log information for SIEM auditing in Linux
How can I know what all types of events generated by Linux. I can get this from the logs, but reading logs and noting ID's is very time consuming. All events might not be triggered.
I need this ...
2
votes
2
answers
1k
views
Best practices when classifying log messages severity in an SIEM
When deploying an SIEM solution, what is the best practice when classifying the severity of each event that is being sent from individual devices?
I understand that this may be a little bit ...
4
votes
2
answers
2k
views
SIEM log pre-filtering question
As everyone knows each company wants to save as much money as possible. I have been tasked with pre-filtering logs on less important status/health messages before they get to the SIEM.
Does anyone ...
245
votes
18
answers
31k
views
Passwords being sent in clear text due to users' mistake in typing it in the username field
Upon reviewing the Logs generated by different SIEMs (Splunk, HP Logger Trial and the AlienVault platform’s SIEM) I noticed that for some reason quite a few users tend to make the mistake of typing ...
3
votes
2
answers
924
views
How to design SIEM RFP, keeping in view large database requirements?
I need some help regarding the design of SIEM requirments. In regard to large databases, what general requirements do I need to provide in order to provide coverage related to DB security?
Some of ...
0
votes
1
answer
578
views
SIEM technology is it database friendly? [closed]
I have a few questions regarding the use of Databases in SIEM technology. I would appreciate if you guys can help me understand / answer these questions. The answers from you help me design the SIEM ...
3
votes
2
answers
2k
views
Security logs on Linux, Solaris and Windows
As the company's security department, our system administrators ask us what they need to log for SIEM (Security Incident and Event Management). We don't have any prepared documents and are seeking ...