Zen 2.0

Everyone loves to throw the term “life cycle” around like it actually means something, so I figure I will join the crowd and get one of my own. Today we will discuss the life cycle of managing an incident. Here’s my take on this: Definition Define the incident in terms of rules or queries Detection [...]

From OSNews, MySQL announced the general availability of MySQL 4.1. Certified by the company as production-ready for large-scale enterprise deployment, this significant upgrade to the MySQL database server features advanced querying capabilities through subqueries, faster and more secure client-server communication, new installation and configuration tools, and support for international character sets and geographic data. MySQL [...]

Forrester Research recently came out with a series of Scorecard Summaries on SIM products. The products reviewed are: – ArcSight 2.5 – Symantec Incident Manager 3.0 – Consul’s InSight Security Manager 5.0 – Network Intelligence’s Engine Running enVision v.2.003 – GuardedNet’s neuSECURE 2.0 – netForensics 3.1.1 Forrester evaluated the products based on six different attributes: [...]

You are probably asking, what the heck does the new iPod Photo have anything to do with log analysis? The truth is, it doesn’t. I just want one! Besides, I can carry all of the log analysis tools on it just in case I need it when I listen to my music and scan through [...]

Open Source Security Information Management announced the availability of 0.9.7 today. We’re proud to announce the availability of ossim 0.9.7. This release fixes numerous bugs present in rc1 and rc2 and provides two major feature enhancements: optional database configuration replacing ossim.conf and pdf reporting using FPDF.

Anton Chuvakin has written an interesting article on the mistaks of log analysis. It’s a great starter for some of the things to avoid when you are building or evaluating your log analysis infrastructure. However, I wish Anton had been more in-depth with some of the topics. For example, what are the regulatory pressures organizations [...]

Bruce Schneier has written a blog on his view of SIMS. I agree mostly with Schneier’s view on the current SIM space. I agree that log analysis can provide a gold mine of information to IT groups. I also agree that log analysis works, regardless whether or not you use a SIM product. As Schneier [...]

Jim Sterne from MarketingProfs.com has written a very interesting article on the problems organizations have encountered in the world of web analytics. In web analytics, data come from many different sources including content side, application side, e-commerce side. A lot of the data gathered from the various sources are actually logs! Web analytics applications, among [...]

An event is an observable occurrence in an information system that actually happened at some point in time. A TCP/IP connection An email A user login An incident is an adverse event in an information system – includes the significant threat of an adverse event. Implies harm or attempt to harm An attempt to gain [...]

One of the more interesting features that SIM vendors have been adding is the integration of policies into their products. Most of the SIM vendors have been integrating technical policies into the product to provide rapid response to network attacks. For example, the SIM product detects an attack and sends a policy update request to [...]