Thursday, January 06, 2011

SANS SEC434 Log Management Class is Back–Jan 27-28, 2011 in Sacramento, CA

We are doing ONE LAST BETA for my log management class (1/2 price) in Sacramento again. Info and where to sign up are below:
Class nameLog Management In-Depth: Compliance, Security, Forensics, and Troubleshooting
Class dates:
Thursday, January 27, 2011 - Friday, January 28, 2011 :
Day 1: 9:00am - 5:00pm
Day 2: 9:00am - 12:00pm

Class location:
CalPERS
400 Q Street, East Building Room 1733
Sacramento, CA 95811
Class description (source):
This first-ever dedicated log management class teaches system, network, and security logs, their analysis and management and covers the complete lifecycle of dealing with logs: the whys, hows and whats.
You will learn how to enable logging and then how to deal with the resulting data deluge by managing data retention, analyzing data using search, filtering and correlation as well as how to apply what you learned to key business and security problems. The class also teaches applications of logging to forensics, incident response and regulatory compliance.
In the beginning, you will learn what to do with various log types and provide brief configuration guidance for common information systems. Next, you will learn a phased approach to implementing a company-wide log management program, and go into specific log-related tasks that needs to be done on a daily, weekly, and monthly basis in regards to log review and monitoring.
Everyone is looking for a path through the PCI DSS and other regulatory compliance maze and that is what you will learn in the next section of the course. Logs are essential for resolving compliance challenges; this class will teach you what you need to concentrate on and how to make your log management compliance-friendly. And people who are already using log management for compliance will learn how to expand the benefits of you log management tools beyond compliance.
You will learn to leverage logs for critical tasks related to incident response, forensics, and operational monitoring. Logs provide one of the key information sources while responding to an incident and this class will teach you how to utilize various log types in the frenzy of an incident investigation.
Finally, the class author, Dr. Anton Chuvakin, probably has more experience in the application of logs to IT and IT security than anyone else in the industry. This means he and the other instructors chosen to teach this course have made a lot of mistakes along the way. You can save yourself a lot of pain and your organization a lot of money by learning about the common mistakes people make working with logs.
Class is beta: SANS gives you a 50% discount and you provide detailed feedback:
This is a special beta course whose materials are still being fine-tuned. We are offering it at a discount at this event in exchange for the students' detailed feedback, which will help us improve and finalize the course's content and exercises.
Note this laptop requirement: no MacOS, no VMWare.
A laptop with Windows XP or later or recent Linux operating system installed which can unzip/gunzip compressed files. CD/DVD drive is required. MacOS is not acceptable.
Sign-up please; the class already has enough people which suggests that  it will not be cancelled, like the last one in LA.


Dr Anton Chuvakin