Log Data: A Source of Value. Nagios Enterprises LLC Nagios Enterprises 2017 Logs: A Source of Value // 1

Similar documents
Architectural Flexibility

Securing CS-MARS C H A P T E R

SIEM Solutions from McAfee

Industrial Control System Security white paper

How Managed File Transfer Addresses HIPAA Requirements for ephi

Ekran System v Program Overview

Enhanced Threat Detection, Investigation, and Response

Healthcare IT A Monitoring Primer

Ekran System v Program Overview

ForeScout Extended Module for Carbon Black

McAfee Network Security Platform Administration Course

McAfee Endpoint Threat Defense and Response Family

securing your network perimeter with SIEM

MigrationWiz Security Overview

Forescout. Configuration Guide. Version 3.5

ISO27001 Preparing your business with Snare

CyberArk Privileged Threat Analytics

N-central 6.7 Express Essentials. Cisco Partner Guide for Deployment and Best Practices

ForeScout Extended Module for Splunk

50+ Incident Response Preparedness Checklist Items.

Improving the Effectiveness of Log Analysis with HP ArcSight Logger 6

GDPR: An Opportunity to Transform Your Security Operations

MONITOR YOUR ENTIRE IT INFRASTRUCTURE WITH NAGIOS XI

Proactive Performance Monitoring for Citrix XenApp & XenDesktop

ForeScout Extended Module for Splunk

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

McAfee Security Management Center

Integrate Akamai Web Application Firewall EventTracker v8.x and above

Symantec Advanced Threat Protection App for Splunk

TALK. agalaxy FOR THUNDER TPS REAL-TIME GLOBAL DDOS DEFENSE MANAGEMENT WITH A10 DATA SHEET DDOS DEFENSE MONITORING AND MANAGEMENT

snoc Snoc DDoS Protection Fast Secure Cost effective Introduction Snoc 3.0 Global Scrubbing Centers Web Application DNS Protection

ForeScout Extended Module for MobileIron

ACTIONABLE SECURITY INTELLIGENCE

WHITE PAPER. Best Practices for Web Application Firewall Management

Built-in functionality of CYBERQUEST

ForeScout Extended Module for MaaS360

LEARN READ ON TO MORE ABOUT:

Fully Optimize FULLY OPTIMIZE YOUR DBA RESOURCES

Microsoft Security Management

Goliath Application Availability Monitor. Technology Overview

Cisco ISR G2 Management Overview

NetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.

SolarWinds Engineer s Toolset Fast Fixes to Network Issues

McAfee Enterprise Security Manager. Authentication Content Pack Documentation

Securing Access to Network Devices

SIEM: Five Requirements that Solve the Bigger Business Issues

Forescout. eyeextend for Carbon Black. Configuration Guide. Version 1.1

Making Remote Network Visibility Affordable for the Distributed Enterprise

NEXT GENERATION SOLUTION FOR NETWORK ACCESS MANAGEMNT & CONTROL

GFI Product Comparison. GFI EventsManager 2013 vs. WhatsUp EventLog Management Suite

Integrate Palo Alto Traps. EventTracker v8.x and above

Prime Performance Manager Overview

Network Configuration Manager

Integrate Fortinet Firewall. EventTracker v8.x and above

Get Started with Cisco DNA Center

Best practices with Snare Enterprise Agents

Privileged Account Security: A Balanced Approach to Securing Unix Environments

DATA SHEET RSA NETWITNESS PLATFORM PERVASIVE VISIBILITY. ACTIONABLE INSIGHTS.

Network Configuration Manager

Vol. 1 Technical RFP No. QTA0015THA

CounterACT 7.0. Quick Installation Guide for a Single Virtual CounterACT Appliance

Eventia Analyzer. Administration Guide Version R70. March 8, 2009

10 BEST PRACTICES TO STREAMLINE NETWORK MONITORING. By: Vinod Mohan

Industrial Defender ASM. for Automation Systems Management

A guide to configure agents for log collection in EventLog Analyzer

ForeScout App for Splunk

CounterACT 7.0 Single CounterACT Appliance

ForeScout Extended Module for HPE ArcSight

Security Automation Best Practices

Imperva Incapsula Website Security

Network Behavior Analysis

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

High Availability Configuration Guide

Security Automation. Challenge: Automatizzare le azioni di isolamento e contenimento delle minacce rilevate tramite soluzioni di malware analysis

SECURITY AUTOMATION BEST PRACTICES. A Guide to Making Your Security Team Successful with Automation

Compare Security Analytics Solutions

Integrate NGINX. EventTracker v8.x and above

Imperva Incapsula Product Overview

Online Demo Guide. Barracuda PST Enterprise. Introduction (Start of Demo) Logging into the PST Enterprise

esendpoint Next-gen endpoint threat detection and response

ForeScout Extended Module for ArcSight

Forescout. eyeextend for Splunk. Configuration Guide. Version 2.9

Use Cases for Unix & Linux

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

OPMANTEK NETWORK MANAGEMENT AND IT AUDIT SOFTWARE. Troubleshooting Open-AudIT Discoveries v1 January 2019

Copyright 2014, Oracle and/or its affiliates. All rights reserved.

Scrutinizer Flow Analytics

Contents. Platform Compatibility. ViewPoint SonicWALL ViewPoint 5.0

SnowAlert Documentation. Snowflake Security

How can you manage what you can t see?

ManageEngine EventLog Analyzer Quick Start Guide

Copyright 2018, Oracle and/or its affiliates. All rights reserved.

Comodo Next Generation Security Information and Event Management Software Version 1.4

Host and Service Status pages provide a Network Traffic Analysis tab

Performance Monitors Setup Guide

SOLUTION BRIEF REMOTE ACCESS: WEBSHELLS SEE EVERYTHING, FEAR NOTHING

Maintain Data Control and Work Productivity

ForeScout App for IBM QRadar

HiveManager Local Cloud

Cisco Security Manager 4.1: Integrated Security Management for Cisco Firewalls, IPS, and VPN Solutions

Transcription:

Log Data: A Source of Value Nagios Enterprises LLC 2017 Nagios Enterprises 2017 Logs: A Source of Value // 1

Log Data: A Source of Value Nagios Enterprises LLC 2017

Introduction Part 1 : What s in a Log? Part 2: Users Part 3: Websites Part 4: Network Security Part 5: Archive, Visualize, Alert Conclusion

Introduction Monitoring the general health of the hardware and applications that your business relies on is critical to success, and has gone beyond simply being a best practice to being a requirement. By keeping track of the availability and resource utilization of your servers, applications, and network devices, you re able to get ahead of problems and ideally resolve minor issues before they gain steam and have a major impact. But what s missing? Is uptime and health monitoring enough, or are there other data points you could be leveraging? In this ebook, we will discuss a key resource that is sure to add depth and value to your monitoring deployment, and help keep things running smoothly and securely: machine generated log data. Nagios Enterprises 2017 Logs: A Source of Value // 4

Log data collection, alerting, and archiving is an important additional layer of infrastructure monitoring, providing you with insight into everything from user account activity and file integrity to website utilization and network security. In the following pages, we will discuss each of these points, and outline how tracking them can be of great value to your organization. As a starting point, lets quickly discuss what logs are at a high level. Nagios Enterprises 2017 Logs: A Source of Value // 5

What s in a Log? Servers, applications, and network devices across your infrastructure all generate realtime log events. These log events are blocks of text that contain information such as the time the event occurred, severity levels, user identities, event ID s, website visitor IP addresses, and related programs. Log data definitely contains a wealth of useful information, and a wide array of uses for your network monitoring and administration teams, but making constructive use of the data can be challenging without the right toolset. One common challenge is finding a way to sift through the massive quantity of log events generated, and another is storing all of the logs centrally, so they can be analyzed for recent and historical events as a consolidated whole. Nagios Enterprises 2017 Logs: A Source of Value // 6

Employing a log analysis tool like Nagios Log Server empowers you to not only securely consolidate all of your log data in one place and archive it for later reference, but also to quickly analyze it. Custom queries allow you to narrow down the available data to specific subsets that meet your unique use-case, and then to visualize the data in custom dashboards, and alert on certain events and thresholds. Now that we ve discussed logs and log management in a general sense, let s move ahead to details on more specific use-cases: users, websites, and network security. Nagios Enterprises 2017 Logs: A Source of Value // 7

Users Logs contain valuable information to help you verify user activity, including data on logons and logoffs, and file access. Windows eventlog and Linux syslog data can be used to determine both failed and successful logins. The use-case for failed logins is clear: if a user fails a couple of logins, they may just be having a bad day; if they fail to authenticate repeatedly, this could be a sign that something malicious is occurring, and should be investigated. I could mean anything from a user attempting to login to someone else s machine or account, to an external threat attempting to brute-force the credentials. Log data can also be used for file integrity monitoring on shared storage resources, such as Windows, NFS, or Samba shares. Details such as when users accessed the drives, and which folders Nagios Enterprises 2017 Logs: A Source of Value // 8

and files they interacted with or removed, can be invaluable evidence in cases where data is modified or destroyed accidentally or maliciously. Many applications also provide audit logs of user activity within them (for example, both Nagios XI and Nagios Log Server do so), to help you understand who accessed the application and what significant actions they took. Nagios Enterprises 2017 Logs: A Source of Value // 9

The example below shows a custom Log Server dashboard which provides an overview of failed Windows logins: Nagios Enterprises 2017 Logs: A Source of Value // 10

Websites Logs from webserver applications such as Apache, IIS, and Nginx contain a variety of useful fields which can be used to ascertain the health, utilization, and security or your sites. By collecting and analyzing the log events generated by these applications, it is possible to determine vital details such as: HTTP Status Codes Verify users are being successfully served pages, and that attackers aren t requesting pages that do not exist. Nagios Enterprises 2017 Logs: A Source of Value // 11

Most Visited Pages View which pages are most often requested by visitors. Code Injection Attempts See if visitors are attempting maliciously inject code into the URLs they request. Nagios Enterprises 2017 Logs: A Source of Value // 12

Request Time See how long it takes for your webserver to respond to requests Visitor Location See what countries you get the most visitors from Nagios Enterprises 2017 Logs: A Source of Value // 13

The Nagios Log Server dashboard below is freely available on the Nagios Exchange community site, and provides a great example of a Log Server dashboard geared toward visualizing Apache webserver log data in both a functional and geographic context: Nagios Enterprises 2017 Logs: A Source of Value // 14

Network Security Collecting and analyzing log data from your switches, routers, firewalls, and other network devices provides invaluable insight into the security of your environment. By utilizing network device log data, it is possible to identify and halt events such as: IP Address Spoofing Modifying IP datagrams so that they contain incorrect information on the senders source address. For example, in a Land Attack the source and destination IP are identical. Nagios Enterprises 2017 Logs: A Source of Value // 15

Unauthorized Protocols Attempting to leverage ports dedicated to protocols not authorized in your deployment. Teardrop Fragments Attack Sending fragmented packets to a network device which it cannot reassemble, potentially crashing the device. Nagios Enterprises 2017 Logs: A Source of Value // 16

Windows eventlog data can also be leveraged to keep your network secure. Windows Security log audit events include data on successful and failed logins, group policy changes, and user account modifications. Linux systems generate valuable security related logs as well, enabling you to identify things like commands run using sudo, failed SSH logins, FTP access, account changes and new users being added, and applications being installed. Nagios Enterprises 2017 Logs: A Source of Value // 17

The example below shows a custom Log Server dashboard which provides an overview of failed SSH logins: Nagios Enterprises 2017 Logs: A Source of Value // 18

Archive, Visualize, Alert Nagios Log Server acts as a centralized collector for log data from sources across your network. How long the data is retained is fully customizable, and it can also be sent to a separate repository for longer-term storage. Since the data is quickly sent to Log Server when log events are generated, using Log Server makes it much more difficult for malicious users to manually delete log entries on the sending sources to cover their tracks. Log Server also adds a version field to each log event, and if the event is manually manipulated the version number will change. In addition to centrally archiving all of the data, Nagios Log Server provides an intuitive platform which can be used to create custom dashboards for a quick visual reference (such as the Windows Failed Logins and Apache dashboards highlighted above). Nagios Enterprises 2017 Logs: A Source of Value // 19

Many different types of panes can be added to dashboards, including graphs, lists, pie charts, and maps, and using queries and filters the data can be pared down to reflect any granular subset you choose. Nagios Log Server can also send email alerts when events of your choosing are (or are not) detected within the collected data. Additionally, it can send an SNMP trap or execute a script to integrate with other upstream systems. Alerts can also be easily integrated with Nagios XI for centralized visibility of problems detected by both systems. Nagios Enterprises 2017 Logs: A Source of Value // 20

Conclusion As you can see, log data is a valuable source of information about your infrastructure. By combining log collection, analysis, archiving, and alerting with standard uptime and health monitoring you are able to detect and remediate even more complex issues before they negatively impact your business. Hopefully this ebook has served as a helpful introduction to log data, its common use-cases, and how Nagios Log Server can help you capitalize on this valuable source of information. If you d like to learn more about Nagios Log Server, the free 60 day trial, weekly webinars, and online demo are three great resources to help you get started: Download Log Server Watch a Webinar Try the Online Demo Nagios Enterprises 2017 Logs: A Source of Value // 21

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback