Monday, July 24, 2006

TaoSecurity: SANS Log Management Summit

So, Richard Bejtlich produces his fun and informative (as usual) expose on SANS Log Management Summit . He actually highlighted one the central pieces of the summit - Top 5 Log Reports. Right now, they are:

"1. Attempts to Gain Access through Existing Accounts
2. Failed File or Resource Access Attempts
3. Unauthorized Changes to Users, Groups and Services
4. Systems Most Vulnerable to Attack
5. Suspicious or Unauthorized Network Traffic Patterns"

As I mentioned before, other interesting views on the SANS Log Summit are Randy Smith, LogLogic Blog and my own as well.

Dr Anton Chuvakin