Do you use any 3rd party logs tool or manage with the operating system logs ? I think if we have a descriptive log, a lot of malware attempts can be thwarted.
Abhi logging is a fundamental task for any administrator, and it should be mandatory (in regulated environments, it actually is). Rather than review what could be millions of logs on a daily basis, create rules that highlight the most important ones for review.
Imagine if you were hacked, or breached, yet didn't have any Logs to determine the attacks origin ?
phenomlab create rules that highlight the most important ones for review.
You mean login attempts ?
phenomlab Imagine if you were hacked, or breached, yet didn't have any Logs to determine the attacks origin ?
Can we rely on auth.log alone ?
Abhi You mean login attempts ?
Not just that - so much more. Login attempts is the tip of the iceberg. Very useful on it's own, but coupled with other logs of a reconnaissance nature, it's so much more powerful.
Abhi Can we rely on auth.log alone ?
No - you'd need the authentication and system logs from all of your servers, network equipment, etc.
phenomlab you'd need the authentication and system logs f
For that, you rely on the system generated logs or use a third party tool ?
Abhi Both. The real issue with logs is retention. For example, if you wanted to see what happened 6 months ago as a point in time, you'd need access to those logs. Natively devices or appliances sending those logs will have finite storage and will overwrite logs as storage becomes depleted. Without storage of those logs, you are in the dark.
This is where systems like a SEIM or AlienVault come into play.
AT&T bought it and now it is called
AlienVault is Now AT&T Cybersecurity
Abhi Yes. Not entirely sure that's a good thing, but Verizon also have a large share of the Cyber Security market, and I guess AT&T didn't want to be left out in the cold 🙂