Educause Security Discussion mailing list archives
Re: CIS vs NIST
From: "Bridges, Robert A." <bridgesra () ORNL GOV>
Date: Thu, 3 May 2018 14:39:32 +0000
This is interesting, Kevin. Thanks for sharing. What's the cost to the host that's got audit data collection on? Is there noticeable slowdown/high memory cost, etc? Thanks, Bobby -- Robert A. Bridges, PhD, Research Mathematician, Cyber & Information Science Research Group, Oak Ridge National Laboratory On 5/2/18, 3:59 PM, "The EDUCAUSE Security Constituent Group Listserv on behalf of Kevin Wilcox" <SECURITY () LISTSERV EDUCAUSE EDU on behalf of wilcoxkm () APPSTATE EDU> wrote: On 30 April 2018 at 12:52, Valdis Kletnieks <valdis.kletnieks () vt edu> wrote: > To the best of my knowledge, nobody's using the Linux kernel audit logs for > near real time detection of events - it's of more use for forensic analysis of > incidents and system/package testing. I do. If a process is started by a user for the first time (or first time for however long I have log data for that host), if previously unused commands are kicked off, if commands with <x> name are started from <y> path where it's never been seen, etc., all trigger alerts. The same holds true for Windows process creation, powershell usage, AppLocker stopping something (or if it would have stopped something), etc. kmw
Current thread:
- Re: CIS vs NIST, (continued)
- Re: CIS vs NIST Adam Menos (Apr 30)
- Re: CIS vs NIST Simanovich, Roman (Apr 30)
- Re: [External Sender] Re: [SECURITY] CIS vs NIST Davis, Chris (Apr 30)
- Re: [External Sender] Re: [SECURITY] CIS vs NIST Edgmand, Craig (Apr 30)
- Re: [External Sender] Re: [SECURITY] CIS vs NIST Davis, Chris (Apr 30)
- Re: CIS vs NIST Menne, Michael S (Apr 30)
- Re: CIS vs NIST Valdis Kletnieks (Apr 30)
- Re: CIS vs NIST Bridges, Robert A. (Apr 30)
- Re: CIS vs NIST Valdis Kletnieks (Apr 30)
- Re: CIS vs NIST Bridges, Robert A. (Apr 30)
- Re: CIS vs NIST Kevin Wilcox (May 02)
- Re: CIS vs NIST Bridges, Robert A. (May 03)
- Re: CIS vs NIST Kevin Wilcox (May 03)
- Re: CIS vs NIST Valdis Kletnieks (Apr 30)
- Re: [External] Re: [SECURITY] CIS vs NIST Bennett, Daniel (May 21)
- Re: [External] Re: [SECURITY] CIS vs NIST Larry K. Emmons (May 21)