Every Organization Needs Centralized Logging

Oct 18, 2022 6:03:30 PM / by Eric Capuano posted in DFIR, Incident Response, Open Source, Defense, Monitoring, Graylog, Logging, Compliance

Logs are on the systems, why do I need this?

Because Digital Forensics & Incident Response is expensive -- likely the highest billable rate among most IT/security practices.

Why? Because it is a very skilled, but meticulous and time-consuming activity and my team has done our fair share of it. Most often, the bulk of the time is spent collecting often volatile evidence from countless systems in hopes that enough of the attacker activity is still traceable. The best evidence sources are often the ones least available at the time of the investigation -- logs. Why? Because they roll over, or get deleted, etc.

If I walked into an organization that had centralized logging, I could probably cut the IR effort in half because a huge amount of the data I need is there ready to be queried. This allows me to perform deeper forensic analysis only on systems that exhibited noteworthy activity.
 
Read More

Okta + LAPSUS$ Security Incident

Mar 22, 2022 8:11:44 PM / by Eric Capuano posted in Incident Response, Monitoring, Logging, Cloud, SSO

As many in the industry are now aware, Okta experienced a form of security breach back in January which the wider industry was unaware of until screenshots obtained by the LAPSUS$ group were posted on Twitter on March 21st, at 10:15pm CDT.

Read More

Detecting Threats with Graylog Pipelines - Part 2

Jan 4, 2021 5:01:00 PM / by Eric Capuano posted in Operations, SecOps, Security, SOC, InfoSec, Monitoring, Graylog, Logging

In my previous post, I explained the fundamental purpose and use cases of pipelines in Graylog – now let's move towards some more advanced topics.

Read More

Detecting Threats with Graylog Pipelines - Part 1

Dec 31, 2020 5:16:00 PM / by Eric Capuano posted in Operations, SecOps, Security, SOC, InfoSec, Monitoring, Graylog, Logging

If you are here hoping to learn more about using Graylog for the purpose of monitoring the security posture of your organization, strap in – it's about to get real.

Read More

Endpoint Logging For The Win!

Nov 3, 2020 10:32:00 AM / by Samuel Kimmons posted in DFIR, Forensics, SecOps, Security, InfoSec, Defense, Logging

Whether you're on the Defensive or Offensive side of security, it's important to understand how common attack tools look in an environment. As someone defending a network, the use of proper logging can help prevent visibility gaps. You could have the best perimeter detections that are available, but without visibility into the activity on your endpoints, you're essentially missing a piece of the puzzle.

Read More

Graylog and Cylance Protect Integration

Dec 23, 2019 2:37:00 PM / by Whitney Champion posted in Operations, SecOps, Security, Graylog, Logging, DevOps, API, Cylance

TL;DR - we needed to ingest multiple sources of Cylance logs into Graylog, and this is how we did it.

Read More
View RSS Feed