SEC434: Log Management In-Depth: Compliance, Security, Forensics, and Troubleshooting
This first-ever dedicated log management class teaches system, network and security logs, their analysis and management, and the complete lifecycle of dealing with logs. We will cover the why's, how's and what's.
You will learn how to enable logging, how to deal with the resulting data deluge by managing data retention and analyzing data using search, filtering and correlation.The course also teaches applications of logging to forensics, incident response and regulatory compliance, as well as some security log analytics tips and practices. Most importantly, you will be able to apply what you have learned to key business and security problems.
The course starts with an overview of the various log types and provides brief configuration guidance for common information systems. We will take a phased approach to implementing a company-wide log management program, and cover specific log review and monitoring tasks that need to be done on a daily, weekly, and monthly basis.
In the next section of the course you will learn what everyone is looking for: a path to manage the Payment Card Industry Data Security Standard (PCI DSS) and the other regulatory compliance mazes. Logs are essential for resolving compliance challenges; this class will teach you what to concentrate on and how to make your log management compliance-friendly. Students who already use log management for compliance will learn how to expand the benefits of their log management tools beyond compliance.
You will learn to leverage logs for critical tasks related to incident response, forensics, and operational monitoring. Logs provide one of the key information sources when responding to an incident, and this class will show you how to use various log types in the frenzy of an incident investigation.
The class also includes an in-depth look at deploying, configuring and operating an open-source tool (OSSEC) for log analysis, alerting, and event correlation.
Finally, the class author, Dr. Anton Chuvakin, probably has more experience in the application of logs to IT and IT security than anyone else in the industry. This means he and the other instructors chosen to teach this course have learned from a lot of mistakes along the way. You can save yourself a lot of pain and your organization a lot of money by learning about common mistakes and ways to overcome them when working with logs.
You Will Learn:
- Logging configuration
- Log analysis
- Monitoring methods and tools
- Log management processes
- Logs for incident response and forensics
- Logs for compliance
- Common logging mistakes
- OSSEC set-up and operation in-depth
|SEC434.1: Day 1|
CPE/CMU Credits: 6
Day 1 includes:
|SEC434.2: Day 2|
CPE/CMU Credits: 6
Day 2 includes:
This course requires students to bring a laptop with a modern Windows OS (Windows 7 recommended) or recent Linux operating system installed that can unzip/gunzip compressed files. A CD/DVD drive is required. MacOS is not acceptable at this time. VMware Player (free from the VMware site) or VMware Workstation must be installed.
If you have additional questions about the laptop specifications, please contact firstname.lastname@example.org.
|You Will Be Able To|
*CPE/CMU credits not offered for the SelfStudy delivery method