3 Days Left to Save $400 on SANS Scottsdale 2015

SEC434: Log Management In-Depth: Compliance, Security, Forensics, and Troubleshooting

This first-ever dedicated log management class teaches system, network and security logs, their analysis and management, and the complete lifecycle of dealing with logs. We will cover the why's, how's and what's.

You will learn how to enable logging, how to deal with the resulting data deluge by managing data retention and analyzing data using search, filtering and correlation.The course also teaches applications of logging to forensics, incident response and regulatory compliance, as well as some security log analytics tips and practices. Most importantly, you will be able to apply what you have learned to key business and security problems.

The course starts with an overview of the various log types and provides brief configuration guidance for common information systems. We will take a phased approach to implementing a company-wide log management program, and cover specific log review and monitoring tasks that need to be done on a daily, weekly, and monthly basis.

In the next section of the course you will learn what everyone is looking for: a path to manage the Payment Card Industry Data Security Standard (PCI DSS) and the other regulatory compliance mazes. Logs are essential for resolving compliance challenges; this class will teach you what to concentrate on and how to make your log management compliance-friendly. Students who already use log management for compliance will learn how to expand the benefits of their log management tools beyond compliance.

You will learn to leverage logs for critical tasks related to incident response, forensics, and operational monitoring. Logs provide one of the key information sources when responding to an incident, and this class will show you how to use various log types in the frenzy of an incident investigation.

The class also includes an in-depth look at deploying, configuring and operating an open-source tool (OSSEC) for log analysis, alerting, and event correlation.

Finally, the class author, Dr. Anton Chuvakin, probably has more experience in the application of logs to IT and IT security than anyone else in the industry. This means he and the other instructors chosen to teach this course have learned from a lot of mistakes along the way. You can save yourself a lot of pain and your organization a lot of money by learning about common mistakes and ways to overcome them when working with logs.

You Will Learn:

  • Logging configuration
  • Log analysis
  • Monitoring methods and tools
  • Log management processes
  • Logs for incident response and forensics
  • Logs for compliance
  • Common logging mistakes
  • OSSEC set-up and operation in-depth

Course Syllabus
Course Contents
  SEC434.1: Day 1

CPE/CMU Credits: 6

Topics

Day 1 includes:

  • Logging configuration
  • Log analysis and monitoring methods and tools
  • Log management processes
  • Logs for incident response and forensics
  • Logs for compliance
  • Common logging mistakes
 
  SEC434.2: Day 2

CPE/CMU Credits: 6

Topics

Day 2 includes:

  • OSSEC set-up and operation in-depth
 
Additional Information
 
  Laptop Required

This course requires students to bring a laptop with a modern Windows OS (Windows 7 recommended) or recent Linux operating system installed that can unzip/gunzip compressed files. A CD/DVD drive is required. MacOS is not acceptable at this time. VMware Player (free from the VMware site) or VMware Workstation must be installed.

If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org.

 
  You Will Be Able To
  • Enable logging and deal with the resulting data deluge by managing data retention and analyzing data using search, filtering and correlation.
  • Apply what you have learned to key business and security problems.
  • Apply applications of logging to forensics, incident response, and regulatory compliance.
  • Implement a company-wide log management program.
  • Carry out specific log review and monitoring tasks that need to be done on a daily, weekly, and monthly basis.
  • Manage the Payment Card Industry Data Security Standard (PCI DSS) and other regulatory compliance challenges.
  • Expand the benefits of log management tools beyond compliance.
  • Leverage logs for critical tasks related to incident response, forensics, and operational monitoring.
  • Deploy, configure and operate an open-source tool (OSSEC) for log analysis, alerting, and event correlation.
 

Author Statement

Logs and log analysis have long been one of the most challenging areas of security. They are also closely tied to proper system and network administration practices. With regulatory compliance added on top - with specific requirements on log collection, retention and analysis (such as those found in PCI DSS) - there has never been a better time to finally get your logs under control. This is the first-ever course dedicated to getting your log management project right. If you know that you need to get those logs handled, sign up and learn exactly how to do it. Many years of experience with logs went into this class so that you, the student, have a chance to avoid the most damaging mistakes and learn from many years of the author's experience with logging, log management, log tools, and the use of logs for various purposes.

- Anton Chuvakin

*CPE/CMU credits not offered for the SelfStudy delivery method

Type
Topic
Course
/ Location
/ Instructor
Date
Register

SelfStudy
Security
Online
Anytime  

Onsite
All OnSite Course of Your Choice Your Choice  

*Course contents may vary depending upon location, see specific event description for details.