Log Review & Analysis

This webinar covers uses cases that support automating the detection of dangerous user behavior.

CSO Online article presenting the importance and challenges of centralized logging and event log management.

This example procedure from the EPA shows how they iplement the security control requirements for the Audit and Accountability (AU) control family, as identified in NIST SP 800-53.

Gartner defines insider risk management (IRM) as the tools and capabilities to measure, detect and contain undesirable behavior of trusted accounts within the organization. In response to a recognized need to minimize the effects of unwanted activity within the organization and key partners, security and risk management leaders have to mitigate risk. This market consists of tools and solutions to monitor the behavior of employees, service partners and key suppliers working inside the organization, and to evaluate whether behavior falls within expectations of role and corporate risk tolerance. Insider risk may involve errors, fraud, theft of confidential or commercially valuable information, or the sabotage of computer systems.

This article gives an overview of how to stay HIPAA compliant by maintaining good audit log hygiene.

This is an article from logz.io that speaks to defining the elk stack, the importance, installation and configuration of it.

Blog from logz.io discussing audit logs, what they are, and how to use them.

This article discusses how User Activity Monitoring (UAM) can be used to thwart insider threats. The article discusses legal and ethical aspects of user activity monitoring and best practices.

Microsoft support document providing details on setting up basic audit policy settings.

The Dataverse auditing feature is designed to meet the external and internal auditing, compliance, security, and governance policies that are common to many enterprises. Dataverse auditing logs changes that are made to customer records in an environment with a Dataverse database. Dataverse auditing also logs user access through an app or through the SDK in an environment.

This provides information on how to setup O365 organizations to log and review audit events.

NIST resource that defines requirements on how to review and analyze system audit records.

This publication from NIST provides an overview of the SI-4 Information System Monitoring control.

This NIST Special Publication provides practical guidance on developing and maintaining effective log management practices.

This link from Norfolk State University serves as is an example of a log review, analysis, and reporting policy.

This cheat sheet covers all of the important aspects of logging such as what to include and how long to retain among others.

This blog discusses the biggest IT security threat facing companies today, their authorized users.

This policy from SANS helps identify requirements that must be met by a system to generate logs.

SANS checklist for reviewing critical logs when responding to a security incident or for routine log review.

This SANS whitepaper offers common elements to success for log management, in order to prepare for regulatory compliance audits.

Learn how to conduct security log management that provides visibility into IT infrastructure activities and traffic, improves troubleshooting and prevents service disruptions.