September 10, 2024

Incident Response – Need for continuous fine tuned detection and logging

By venkat

Most major cyber attacks have a lot of early warning signals coming in, so early detection helps a lot and gives time for incident response.

Logs for Incident Response

https://www.first.org/resources/papers/conference2008/chuvakin-anton-slides.pdf

Best practises for Event Logging

Benefits of continuous and aggressive monitoring of your Event Logging:
Enhanced Visibility: Gain a deeper understanding of network activity and potential threats.
Faster Incident Response: Early Detection and quick response to security incidents.
Improved Resilience: Strengthen your organization’s ability to withstand cyberattacks.

More information:

https://media.defense.gov/2024/Aug/21/2003530453/-1/-1/0/JOINT-CSI-BEST-PRACTICES-EVENT-LOGGING-THREAT-DETECTION.PDF
https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3880942/nsa-joins-allies-in-releasing-best-practices-for-event-logging/

Best practices for Log Data Sources

https://attack.mitre.org/datasources

References

https://github.com/abhinavkorpal/awesome-computer-science-EBook/blob/master/Logging/Logging%20and%20Log%20Management_%20The%20Authoritative%20Guide%20to%20Undeanagement%20-%20Anton%20Chuvakin%20%26%20Kevin%20Schmidt%20%26%20Chris%20Phillips.pdf

About The Author

venkat

Venkat is founder of FlexibleIR. He brings 20 years of experience in building tools and products at Sun Microsystems, Intel, Novell, HP, Yahoo,Tesco and startups. He has developed test suites and frameworks for post silicon validation of the Xeon processor family (Fuzzing). He has worked deeply on UFS files system at SUN Microsystem. Was a security paranoid at Yahoo.