Log Analysis
Log Centralization: The End Is Nigh?
So I woke up the other day [A.C. — well, the other year as this blog has lingered] with the scary thought: what if we will run out of the opportunities to centralize logs ...
How To Drive Value with Security Data – The Full Talk
Last week I keynoted LogPoint’s customer conference with a talk about how to extract value from security data. Pretty much every company out there has tried to somehow leverage their log data ...
A Logging History Lesson – From syslogd(8) to XDR
The log management and security information management (SIEM) space have gone through a number of stages to arrive where they are today. I started mapping the space in the 1980’s when syslog ...
How To Drive Value with Security Data
We have been collecting data to drive security insights for over two decades. We call these tools log management solutions, SIMs (security information management), and XDRs (extended detection and response) platforms. Some ...
Road to Detection: YARA-L Examples — Part 4 of 3
Road to Detection: YARA-L Examples — Part 4 of 3Upon reading all of Part 1, Part 2 and Part 3 of my blog series that revealed our (Chronicle) approach to detection, many of you ...
Security Correlation Then and Now: A Sad Truth About SIEM
We all know David Bianco Pyramid of Pain, a classic from 2013. The focus of this famous visual is on indicators that you “latch onto” in your detection activities. This post will ...
Toolsmith #126: Adversary hunting with SOF-ELK
As we celebrate Independence Day, I'm reminded that we honor what was, of course, an armed conflict. Today's realities, when we think about conflict, are quite different than the days of lining ...