Skip to main content
Information Security

All Questions

Ask Question
Tagged with
10 questions
Newest Active Bountied Unanswered
0 votes
3 answers
900 views

Why would a legitimate application run on a non-standard port?

Among the many "threats", I see on my SIEM, a non-standard port is a top one. It's always been a false positive, but I don't understand why this happens frequently?
user270109's user avatar
user270109
  • 1
2 votes
3 answers
2k views

Gathering network device data for security detection purposes

I've finally gotten the networking team to start sharing data on the devices they manage (routers, firewalls, VPN, NAC, etc), so we can get better insight into our network and focus more on detection. ...
estudiante's user avatar
estudiante
  • 21
3 votes
1 answer
500 views

Event codes for Unix [closed]

I have to write alerts in SIEM Tool. Do we have any events code for Unix as we have in Windows. If yes, where can I find that? If not, on what basis can we write alerts for unix flavours or machines?...
santosh407's user avatar
santosh407
  • 125
0 votes
1 answer
1k views

SIEM v/s Network Forensic

when SIEM is already implemented in a enterprise network; does it not do all tasks and report like network forensic investigation? Or can we do away with SIEM and have only Network Forensic tools ...
Oldman8899's user avatar
Oldman8899
  • 1
5 votes
2 answers
4k views

Event monitoring for a home network

I'd like to utilise some of the free SIEM type products out there to increase the chances that I will detect attacks and compromises of any of the devices on my home network. Most of my home devices ...
Michael's user avatar
Michael
  • 2,128
7 votes
1 answer
2k views

Security Operation Center (SOC) [closed]

I am looking for resources and details on establishing a security operation center (SoC) or network operation center (NoC) based on ITIL or any other applicable regulations. Where can I find good ...
Yasser Sobhdel's user avatar
Yasser Sobhdel
  • 309
1 vote
2 answers
597 views

is there any solution to manage network forensic, SIEM and intelligence analysis and investigation in a enterprise network?

Anyone have experience in a solution to manage in an integrated view this functionality ? - network forensic - SIEM - intelligence analysis and investigation Like Niksun or Solera solution do ? I'm ...
boos's user avatar
boos
  • 1,066
16 votes
3 answers
2k views

What techniques and tools do you use to relate security events?

You have central logging going, detailed app logging/alerting (e.g. modsec), network based security alerting (e.g. snort), and whatever else feeding your observation deck. Do you have any cool ...
Tate Hansen's user avatar
Tate Hansen
  • 13.8k
4 votes
2 answers
244 views

When would you support the storage of Security & Application event logs in the Cloud?

Under what conditions would you be comfortable storing server log data residing in a secure facility, off-premises? When would you consider a SaaS /hosted solution and what value add should that ...
makerofthings7's user avatar
makerofthings7
  • 51k
8 votes
2 answers
712 views

What features do you look for in an Enterprise Log Management solution?

This question is for IT Pros, and people who manage a company's infrastructure. Developers should see this related answer for tools geared for them. What are your requirements for such a Event Log ...
makerofthings7's user avatar
makerofthings7
  • 51k