IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [log-analysis]

74 questions
3
votes
1 answer

Alternative routes for Incident Response approach other than Windows Event Viewer?

I am in preparation of developing an Incident Response Plan for a computer that has been hacked (no malware installed, just a system hack). My plan is to analyse through Windows Event Viewer to try and detect some unusual behaviour to the machine.…
C.Mann
  • 73
  • 7
3
votes
2 answers

What are the common features to identify CSRF attack from Apache log file?

I have tried CSRF attack on web vulnerability application known as DVWA at my localhost and on kali linux OS. I have changed password on this application by using CSRF. It has collected following log entries in access log. 127.0.0.1 - -…
Shree
  • 151
  • 1
  • 7
3
votes
1 answer

MacBookPro's OSX install.log has entries that predate the initial unboxing

Basically what the title says. I recently had a look at my /var/log/install.log and the earliest entries are from about 2 full months prior to me unboxing the computer. The packaging had cellophane, no indication it was secondhand, and nothing…
Adelmar
  • 151
  • 5
3
votes
4 answers

SOC and generic log parsing

I am making a conceptual work-flow of a SOC so if we suppose that a SIEM solution is integrated inside an organization's in-house SOC. Also, if the team of the SOC is the one managing the SIEM solution. My question is when we will face a log format…
Hilo21
  • 33
  • 3
3
votes
2 answers

Flash Drive: Is it possible to figure out what/when files were added?

Recently left my flash drive on the university computers and someone found it. He said he looked through the flash drive to find my resume and contact me. I want to leave this situation in good faith, but I was wondering if it is possible to find…
A-aron
  • 33
  • 3
3
votes
2 answers

How to find who granted local admin privileges to a user?

A friend of mine works in an organisation and one fine day realised that he has local admin access on his machine. He swear to me that he didn't have the privilege initially and needed to raise requests for installing any software. I verified that…
hax
  • 3,851
  • 1
  • 16
  • 34
3
votes
3 answers

Are people trying to hack my website?

On my website I added a little function, that logs IP, client/browser information, path, and a time stamp. Today I checked my database, and I had a lot of weird requests. Here are a few of them: Does anybody else have similar issues, and should I…
KaareZ
  • 181
  • 1
  • 1
  • 6
2
votes
1 answer

Is intercepted ssh-socks traffic revealing HTTP object count and sizes?

I read an article titled the network is hostile, in which the following is stated: Traffic analysis remains a particular problem: even knowing the size of the files requested by a TLS-protected browser connection can leak a vast amount of…
Sebastian
  • 121
  • 2
2
votes
1 answer

What forensics should be collected as part of an incident response plan on Windows 10?

I am in the process of creating an IRP that responds to system hacks. I have attacked the Windows 10 myself (victim machine), using Metasploit on Kali Linux software, where I managed to gain access via SSH port 22. From there I have modified file…
C.Mann
  • 73
  • 7
2
votes
1 answer

OWASP: Insufficient Logging & Monitoring - open source tools

Being new to the security and logging and after reading a lot about the terms used, I am pretty sure I neither need an IDS/IPS nor a WAF. I am mostly interested in automating the "monitoring" of my application logs and enforcing some things whem…
Nikos
  • 121
  • 2
2
votes
1 answer

Security Log Analyze

is there any tools that I give it web server log (like Apache web server) and analyze it if there was any attack or not? I don't want to use SIEM.
a.j
  • 21
  • 1
2
votes
2 answers

Does an admin need legitimaly to access his own logs generated by auditd?

In my understanding, admins need to access logs of the servers, workstations, services and applications they manage, either for administration or debugging purposes, never to logs generated by auditd from their own activities. Another admin or the…
lalebarde
  • 587
  • 1
  • 5
  • 13
2
votes
1 answer

Windows: What are the security implication of adding Network Service account to “Event Log Readers” group?

I want to read security audit logs from a network service. By default, Network Service does not have permission to read but it can if the account is added to "Event Log Readers". One of the examples is mentioned here. However, I want to understand…
Akshat
  • 21
  • 1
2
votes
2 answers

What is the best way to analyze results of a technical security assessment?

I want to conduct a technical security assessment on my company's client computers with focus on Windows 10. So far, my idea is to execute several Powershell scripts on the clients and gather the results into one central point. For example, the…
Daniel
  • 21
  • 1
2
votes
1 answer

Suspcious timing of [LAN access from remote] in router log

I read that [LAN access from remote] to UPnP ports can be an attacker looking for vulnerabilities, and is usually nothing to worry about. However I'm concerned seeing this activity in a log so close to the target machine powering up, considering…
PJ7
  • 125
  • 6
1
2
3 4 5