Highest Voted 'siem' Questions - IT Security Stack Exchange

247

votes

18 answers

Passwords being sent in clear text due to users' mistake in typing it in the username field

Upon reviewing the Logs generated by different SIEMs (Splunk, HP Logger Trial and the AlienVault platform’s SIEM) I noticed that for some reason quite a few users tend to make the mistake of typing their passwords in the username field, either in…

asked Mar 05 '13 at 16:09

Lex

4,247
4
19
27

17

votes

5 answers

SIEM system, what are the benefits?

Each person in the company has a unique username/password, and nobody should log in with his username/password but him. I want a program that would inspect the logs that includes a list of all the people that came to work today, and inspect the list…

siem

asked Dec 12 '11 at 12:26

Hanan N.

1,129
5
12
22

16

votes

3 answers

What techniques and tools do you use to relate security events?

You have central logging going, detailed app logging/alerting (e.g. modsec), network based security alerting (e.g. snort), and whatever else feeding your observation deck. Do you have any cool techniques you’d like to share for how you relate…

network ids logging siem

asked Dec 15 '10 at 06:52

Tate Hansen

13,714
3
40
83

12

votes

3 answers

Do any of you who are really dealing with APT have any recommended intelligence feeds for SIEM/IDS/etc?

This question about Advanced Persistent Threats (APT) was posted by Rich Mogull on twitter. I copied it here because I'm curious too. Rich posted these follow-up tweets: And by APT I mean real APT.... China specific stuff. …

ids siem

asked Jan 03 '11 at 21:57

Tate Hansen

13,714
3
40
83

8

votes

2 answers

What features do you look for in an Enterprise Log Management solution?

This question is for IT Pros, and people who manage a company's infrastructure. Developers should see this related answer for tools geared for them. What are your requirements for such a Event Log Managment solution? What do you currently, or do…

network windows linux logging siem

asked Nov 22 '10 at 18:37

makerofthings7

50,090
54
250
536

7

votes

1 answer

Security Operation Center (SOC)

I am looking for resources and details on establishing a security operation center (SoC) or network operation center (NoC) based on ITIL or any other applicable regulations. Where can I find good details or experiences of others except for hiring…

network siem operations soc

asked Apr 14 '11 at 17:09

Yasser Sobhdel

309
1
8

7

votes

2 answers

How do I track bash history cleanup?

I'd like to catch events when bash history is cleaned or some lines are deleted. Are there any best practices or auditing tools with this capability?

linux audit bash siem

asked Jul 24 '17 at 15:02

inx

71
3

7

votes

2 answers

SIEM: Monitoring End Users and DHCP IP assigning issue

I want to monitor my end users activity for which I have selected Alien Vault as my SIEM solution. Now, when I see logs coming in and I see malicious activity at a certain IP (e.g 10.10.10.4) with host name XYZ, I start investigating and I see that…

monitoring siem dhcp

asked Jan 20 '17 at 11:24

Bilal Ahmad

116
6

6

votes

2 answers

Enterprise security incident response and detection

I have a decent understand and experience with securing and setting up smaller networks, although absolutely no enterprise experience. I understand at such a large scale there are different technologies for managing the sheer number of machines and…

incident-response siem

asked Jun 05 '11 at 15:01

Sonny Ordell

3,476
9
33
56

6

votes

4 answers

What is the difference between a SIEM and a SOC?

What is the difference between a SIEM (Security Information and Event Management) and a SOC (Security Operations Centre)? Do they work together? And if independent when to use which?

siem soc

asked Mar 28 '18 at 10:28

whatever489

838
3
9
21

6

votes

3 answers

SIEM Question: Excessive Firewall Denies / Rule Edit Question

We have a SIEM in our environment that we're currently tuning and part of that process is reducing the noise in our console. One offense I've been working on is: Excessive Firewall Denies Between Hosts containing Session Denied. The rule that is…

siem

asked Oct 20 '15 at 13:56

seaweed

61
1
1
2

5

votes

2 answers

SIEM and Windows Event Logs

When considering what Windows event logs to incorporate into a SIEM solution, should I be looking at just the Security event logs, or all categories of event log? How useful are the other categories in detecting and responding to security…

windows logging siem

asked Jul 13 '11 at 23:23

Andrew

161
1
4

5

votes

2 answers

Event monitoring for a home network

I'd like to utilise some of the free SIEM type products out there to increase the chances that I will detect attacks and compromises of any of the devices on my home network. Most of my home devices run Linux. I'm only interested in solutions that…

network ids tools siem

asked Jul 10 '13 at 21:10

Michael

2,118
15
26

5

votes

2 answers

Incident Responders: Can you give some examples of Incidents / types of incidents that are suitable for fully or partly automated response?

You setup security monitoring - either a full commercial SIEM/SOC or something home-cooked (e.g., rsyslog -> OSSIM / MozDef / Splunk / ...). You also setup some rules so that some event triage is done - and you only get alerts for potential…

incident-response siem automation soc

asked Jun 16 '17 at 16:35

Sas3

2,638
9
20

4

votes

2 answers

When would you support the storage of Security & Application event logs in the Cloud?

Under what conditions would you be comfortable storing server log data residing in a secure facility, off-premises? When would you consider a SaaS /hosted solution and what value add should that provide?

network cloud-computing logging siem

asked Nov 23 '10 at 17:43

makerofthings7

50,090
54
250
536

Questions tagged [siem]