Zen 2.0

A very interesting article on Windows Logon Type codes. It is extremely useful when you need to analyze your Windows logon logs to find out what’s happening. Logon type codes revealed The logon/logoff category of the Windows security log gives you the ability to monitor all attempts to access the local computer. This article examines [...]

Worldwide e-security spending up 30pc The global security software and appliance market grew by 30 percent during 2004, with revenues topping USD3.7 billion. That’s according to market research and consulting firm Infonetics Research which also predicts that the security market will continue to grow strongly and will be worth USD5.5 billion by 2008. On a [...]

Oak seems like an intersting syslog monitoring tool. But swatch still seems to be more advanced. Oak is a program that can be used to monitor syslogs from a collection of servers and notify operators when problem conditions arise. In addition to providing immediate notification of critical problems oak will also batch less critical problems [...]

Testing Network-based Intrusion Detection Signatures using Mutant Exploits Applying Term Weight Techniques to Event Log Analysis for Intrusion Detection On the Nature of Syslog Data Bayesian Event Classification for Intrusion Detection

OsAudit version 0.1 is available for download. OsAudit is a complete system for log gathering, monitoring and analysis. It has two different running modes: server and client. For more information, go to: http://www.ossec.net/osaudit/ http://osaudit.sourceforge.net http://sourceforge.net/projects/osaudit/ For comments, suggetions or questions: daniel.cid @ (at) gmail.com

Met some really kewl ppl at the RSA show the last couple of days. Saw many of my old collegues from Addamark, Cable & Wireless, and Exodus. Everyone’s walking the floor and chatting away. Met Raffy Marty from ArcSight. He’s an SE over there. Seems like a really kewl guy. He’s started a mailing list [...]

I manned the LogLogic booth for two days and I must have had a dozen people came by to try to sell us stuff or partner w/ us. Dell, Precise Terms, EventGnosis, etc etc etc. A long list of them. Just thought it was interesting.

So I was at RSA today talking to the various SEM/SIM vendors. I talked to one of the ladies at the ArcSight booth and I asked her whether ArcSight is a good solution for a company that’s got a bunch of Windows and UNIX servers and getting about 500 messages per second. The lady said [...]

From Schneier’s blog: SHA-1 has been broken. Not a reduced-round version. Not a simplified version. The real thing. The research team of Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu (mostly from Shandong University in China) have been quietly circulating a paper announcing their results Definitely watch Schneier’s site for more information if you are [...]

More news…who’s reading news when they can be at RSA?! ARCSIGHT Closes Record-Breaking Year, Welcomes 100th Customer PR Newswire (press release) – USA 15 /PRNewswire/ — ArcSight, Inc., the global leader in Enterprise Security Management (ESM), today announced that it has surpassed 100 customers, driving … GUARDEDNET(R) First to Enable Automated, Proactive Policy … PR [...]