SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsWhile handling an incident, either in the identification phase or during the computer forensics analysis, it is necessary to analyze the logs from different servers to identify the events that could be related to the incident. This task is often done using regular expressions with a customized list of patterns designed to identify unusual behavior. This is a time consuming process, requiring up to date signatures. This paper describes a novel tool, Log2pcap, which converts server logs to the standard 'pcap' format. A pcap file can then be analyzed using IDS engines like Snort leveraging existing and well maintained signature collections.