September 10, 2024

Incident Response – Need for continuous fine tuned detection and logging

By venkat

Most major cyber attacks have a lot of early warning signals coming in, so early detection helps a lot and gives time for incident response.

Logs for Incident Response

https://www.first.org/resources/papers/conference2008/chuvakin-anton-slides.pdf

Best practises for Event Logging


Benefits of continuous and aggressive monitoring of your Event Logging:
Enhanced Visibility: Gain a deeper understanding of network activity and potential threats.
Faster Incident Response: Early Detection and quick response to security incidents.
Improved Resilience: Strengthen your organization’s ability to withstand cyberattacks.

More information:

https://media.defense.gov/2024/Aug/21/2003530453/-1/-1/0/JOINT-CSI-BEST-PRACTICES-EVENT-LOGGING-THREAT-DETECTION.PDF
https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3880942/nsa-joins-allies-in-releasing-best-practices-for-event-logging/

Best practices for Log Data Sources

https://attack.mitre.org/datasources

References

https://github.com/abhinavkorpal/awesome-computer-science-EBook/blob/master/Logging/Logging%20and%20Log%20Management_%20The%20Authoritative%20Guide%20to%20Undeanagement%20-%20Anton%20Chuvakin%20%26%20Kevin%20Schmidt%20%26%20Chris%20Phillips.pdf