Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
CY
Newcomer II
‎11-06-2020 09:28 PM
‎11-06-2020 09:28 PM

Do you use any tool that does automated log reviews?

I am trying to automate this laborious task.  Can share if you have any experience using such tools where  auditors has no issue with?

Reply
0 Kudos
4 Replies
Steve-Wilme
Advocate II
‎11-09-2020 04:20 AM
‎11-09-2020 04:20 AM

A SIEM is capable of log centralisation, normalisation and correlation of events.  You should be able to set-up rules to alert on single events or combinations of events of interest.  It tend to be best to work back from known indicators of attacks to source the relevant events, rather than capture all events and try to figure out what all that data might mean.

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
Reply
dcontesti
Community Champion
‎11-09-2020 04:27 AM
‎11-09-2020 04:27 AM

Are these internal or external auditors?  The difference: If they are internal, you could sit with them while you are putting together the requirements for such a tool and have their blessings as you move down the path.

 

I am not sure about others but have found that building an alliance with the IA team has been beneficial and helps when dealing with external audit.

 

For external auditors, you may wish to ask them what they are looking for.  SOmetimes it varies depending on the auditor assigned to your firm.

 

We had good luck with Splunk (but they were very expensive), another tool we used was AlienVault.  Both satisfied the audit requirements.

 

d

 

PS: this is NOT an endorsement for either tool, just that we used them.  Both had issues and required dedicated staff.

Reply
dcontesti
Community Champion
‎11-09-2020 04:48 AM
‎11-09-2020 04:48 AM

Found this on the net, might help you when doing your requirements:

 

https://stackify.com/best-log-management-tools/#:~:text=The%20McAfee%20Enterprise%20Log%20Manager,%2....

 

d

Reply
0 Kudos
Titan
Newcomer I
‎11-30-2020 10:39 PM
‎11-30-2020 10:39 PM

I second what this individual stated regarding Splunk and Alienvault (although it looks like AT&T has bought Alienvault). I've personally seen more instances of Splunk being used. However, the ongoing challenge with Splunk (and likely Alienvault as well) is tuning the SIEM so it performs the activities both effectively and efficiently.
Reply
0 Kudos