Stirring
  • 😁Welcome!
  • 🏳️CVE-2023-46214: Attack, Detect and Forensic
  • ⭐DIỄN TẬP QUỐC TẾ ACID 2024
  • 👮‍♂️Blue Team
    • 😾Privilege Escalation: Understanding, Prevention, and Detection
  • 🔧Tools
    • Forensics
      • Memory
        • Linux
        • MacOS-X
      • Network
      • Disk Image
    • Steganography
    • OSINT
  • 📧CTF Writeups
    • Digital Dragon CTF 2023
      • First look at the Windows 7 Forensics
    • Hack The Boo
      • Wrong Spooky Season
    • HackTheBox-Cyber-Apocalypse-CTF-2022
      • Puppeteer
    • Hack-The-Box-Cyber-Apocalypse-2021
      • Oldest trick in the book
      • Key mission
      • Invitation
      • AlienPhish
      • Low Energy Crypto
  • 🥇Walkthrough
    • TryHackMe
      • SOC Level 1
        • Cyber Defence Frameworks
        • Cyber Threat Intelligence
        • Network Security and Traffic Analysis
        • Endpoint Security Monitoring
        • Security Information and Event Management
        • Digital Forensics and Incident Response
        • Phishing
      • SOC Level 2
        • Log Analysis
    • CyberDefenders
      • Boss Of The SOC v1
      • Boss Of The SOC v2
      • Boss Of The SOC v3
  • 📦Resources
Powered by GitBook
On this page
  1. Walkthrough
  2. TryHackMe
  3. SOC Level 1

Security Information and Event Management

Understand how SIEM works and get comfortable creating simple and advanced search queries to look for specific answers from the ingested logs.

SIEM: It is a tool that collects data from various endpoints/network devices across the network, stores them at a centralized place, and performs correlation on them

Network log sources:

  1. Host-Centric Log Sources

  • A user accessing a file

  • A user attempting to authenticate.

  • A process Execution Activity

  • A process adding/editing/deleting a registry key or value.

  • PowerShell execution

  1. Network-Centric Log Sources

  • SSH connection

  • A file being accessed via FTP

  • Web traffic

  • A user accessing company's resources through VPN.

  • Network file sharing Activity

Log Sources

1. Windows

Windows records every event that can be viewed through the Event Viewer utility

2. Linux

Some of the common locations where Linux store logs are:

  • /var/log/httpd : Contains HTTP Request / Response and error logs.

  • /var/log/cron : Events related to cron jobs are stored in this location.

  • /var/log/auth.log and /var/log/secure : Stores authentication related logs.

  • /var/log/kern : This file stores kernel related events.

3. Web server

In Linux, common locations to write all apache related logs are /var/log/apache or /var/log/httpd.

PreviousEndpoint Security MonitoringNextDigital Forensics and Incident Response

Last updated 1 year ago

🥇
  • Network log sources:
  • Log Sources