Tuesday, April 01, 2014

Monthly Blog Round-Up – March 2014

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month:
  1. Simple Log Review Checklist Released!” is often at the top of this list – the checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version)
  2. Why No Open Source SIEM, EVER?” contains some of my SIEM thinking from 2009. Is it relevant now? Well, you be the judge.
  3. “New SIEM Whitepaper on Use Cases In-Depth OUT!” (dated 2010) presents a whitepaper on select SIEM use cases described in depth with rules and reports [using now-defunct SIEM product]; the paper link is now working again, BTW – also see this SIEM use case in depth.
  4. “Logging, Log Management and Log Review Maturity” post describes a common curve for SIEM/log management maturation, from mere collection (“dead log storage”) to real-time monitoring and analysis [BTW, if I were to create this now, I’d have added a layer or two on top of this…]
  5. My classic PCI DSS Log Review series is popular as well. The series of 18 posts cover a comprehensive log review approach, useful for building log review processes and procedures, whether regulatory or not. It is also described in more detail in our Log Management book.
  6. “SANS Top 6 Log Reports Reborn!” is a new post that announces that many people’ work on best log reports has finally been published as “The 6 Categories of Critical Log Information” (with a subtitle of “Top 6 SANS Essential Categories of Log Reports 2013”)

(why 6 of the “Top 5 entries” again? Well, the #6 on the list is a good read, that’s why!)

In addition, I’d like to draw your attention to a few recent posts from my Gartner blog:

Current research on threat intelligence (TI):

(see my published Gartner research here)

Also see my past monthly and annual “Top Popular Blog Posts” – 2007, 2008, 2009, 2010, 2011, 2012, 2013.

Disclaimer: most content at SecurityWarrior blog was written before I joined Gartner on Aug 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here.

Previous post in this endless series:

Dr Anton Chuvakin