Event Log #auditing, Demystified
▻https://hackernoon.com/event-log-auditing-demystified-75b55879f069?source=rss----3a8144eabfe3--
In my personal experience, the topic of reviewing event logs has received a fair amount grunts, groans, and questions such as “You honestly expect us to review all of that data?!” or “We have so many systems! Where would we even begin?” or “We already have enough on our plate to worry about!”. Fortunately, the times have changed, and log aggregation has matured over a relatively short amount of time. Its existence alone however is not the complete answer to log auditing woes.To start, let’s cover the ‘why’. What is the purpose of undertaking another tedious task and writing out an elaborate SOP? Well, from a practical perspective, incident detection. According to FireEye/Mandiant’s M-Trends 2018 report, the global median for detection time of their clients in 2017 was an astounding 101 days. (...)