What is Event Correlation?
identification of significant relationships from multiple log sources such as application logs, endpoint logs, and network logs
What are the different common log types?
- event
- audit
- error
- debug
What are event logs?
logs record information about a system or network occurrence, such as login attempts, application events and network traffic
What are audit logs?
a sequential recording of activities within a system by capturing who performed an action, what activity was initiated, and how the system responded
What are the two types of audit logs?
Success and Failure
What are common log sources?
- network logs
- network devices such as switches and routers and through packet capture solutions
- host perimeter logs
- firewalls, proxies, and VPN servers - contain information about allowed and denied actions transmitted to the organisation’s host devices
- system logs
- logs record events and services being run by the operating system
- application logs
- logs collected from the applications being run internally - web applications, cloud services, databases and proprietary tools
What are Sigma Rules?
- generic and open signature format for log-based intrusion detection systems (IDS)
- way to describe patterns in log files in a standardized and tool-agnostic manner
What is the language in which Sigma Rules are written in?
YAML (Yet Another Markup Language)
What is one of the main strenghts of Sigma Rules?
tool-agnostic nature - can be applied across different SIEM systems, log management tools, and analysis platforms without being tied to a specific vendor or product
-
Defense Tools8
-
Log Analysis9
-
Indicator of Compromise (IoC)6
-
Vulnerability Analysis and Nessus14
-
XDR, EDR, XSOAR, SIEM, UEBA41
-
OSINT29
-
Forensics25
-
Phishing Analysis17
-
Responding to Cyberattacks7
-
Cybersecurity Positions3
-
MITRE Frameworks5
-
Malware Analysis Theory45
-
Threat Intelligence15
-
Handling Ransomware3
-
Commercial Defense Products12
-
Malware Analysis Practical15
-
Incident Response57
