Security Basics mailing list archives

RE: Making /planing a successful SIEM/Log Management project

From: "Frye, Dan" <Dan.Frye () cedarcrestone com>
Date: Thu, 20 Aug 2009 12:28:04 -0400

The most important thing to do prior to even looking at vendors is
determine the business cases you need to support. Example - are you
looking for simple things like locked out accounts on Windows? Or are
you looking for netflow data that doesn't match pre-established
behavioral patterns? What are those patterns? You have to understand
what you need first.

There are a million and one unique use cases for log data and every
business is different. Find the ones you need, then go look at products,
then match your use cases to what the product can do. Also, don't be
satisfied with a week of PoC time - put it into a "production"
environment, or a copy of it. VMWare out some existing hosts and remove
from your network then run it there - if you use a "test" env you will
miss things or not be able to fully test the use cases you identified.

Good luck ... the concept of SIEM is a very seductive idea, but often
fraught with peril... I learned the hard way.

Daniel

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of pent 5971
Sent: Thursday, August 20, 2009 7:30 AM
To: security-basics () securityfocus com
Subject: Making /planing a successful SIEM/Log Management project

Hi,
I would like to ask for your experience in SIEM/ log management
projects. For you
what are the steps/ roadmap for a succesfull SIEM, log management
projects?

Any written checklist?

Regards

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an
SSL certificate.  We look at how SSL works, how it benefits your company
and how your customers can tell if a site is secure. You will find out
how to test, purchase, install and use a thawte Digital Certificate on
your Apache web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

Making /planing a successful SIEM/Log Management project pent 5971 (Aug 20)
- RE: Making /planing a successful SIEM/Log Management project Frye, Dan (Aug 20)
- Re: Making /planing a successful SIEM/Log Management project Chris Brenton (Aug 20)
  - Re: Making /planing a successful SIEM/Log Management project aditya mukadam (Aug 21)