All Questions
10
questions
0
votes
3
answers
900
views
Why would a legitimate application run on a non-standard port?
Among the many "threats", I see on my SIEM, a non-standard port is a top one. It's always been a false positive, but I don't understand why this happens frequently?
2
votes
3
answers
2k
views
Gathering network device data for security detection purposes
I've finally gotten the networking team to start sharing data on the devices they manage (routers, firewalls, VPN, NAC, etc), so we can get better insight into our network and focus more on detection.
...
3
votes
1
answer
500
views
Event codes for Unix [closed]
I have to write alerts in SIEM Tool. Do we have any events code for Unix as we have in Windows.
If yes, where can I find that?
If not, on what basis can we write alerts for unix flavours or machines?...
0
votes
1
answer
1k
views
SIEM v/s Network Forensic
when SIEM is already implemented in a enterprise network; does it not do all tasks and report like network forensic investigation? Or can we do away with SIEM and have only Network Forensic tools ...
5
votes
2
answers
4k
views
Event monitoring for a home network
I'd like to utilise some of the free SIEM type products out there to increase the chances that I will detect attacks and compromises of any of the devices on my home network. Most of my home devices ...
7
votes
1
answer
2k
views
Security Operation Center (SOC) [closed]
I am looking for resources and details on establishing a security operation center (SoC) or network operation center (NoC) based on ITIL or any other applicable regulations. Where can I find good ...
1
vote
2
answers
597
views
is there any solution to manage network forensic, SIEM and intelligence analysis and investigation in a enterprise network?
Anyone have experience in a solution to manage in an integrated view this functionality ?
- network forensic
- SIEM
- intelligence analysis and investigation
Like Niksun or Solera solution do ?
I'm ...
16
votes
3
answers
2k
views
What techniques and tools do you use to relate security events?
You have central logging going, detailed app logging/alerting (e.g. modsec), network based security alerting (e.g. snort), and whatever else feeding your observation deck.
Do you have any cool ...
4
votes
2
answers
244
views
When would you support the storage of Security & Application event logs in the Cloud?
Under what conditions would you be comfortable storing server log data residing in a secure facility, off-premises?
When would you consider a SaaS /hosted solution and what value add should that ...
8
votes
2
answers
712
views
What features do you look for in an Enterprise Log Management solution?
This question is for IT Pros, and people who manage a company's infrastructure. Developers should see this related answer for tools geared for them.
What are your requirements for such a Event Log ...