SEC434: Log Management In-Depth: Compliance, Security, Forensics, and Troubleshooting
This first-ever dedicated log management class teaches system, network and security logs, their analysis and management and covers the complete lifecycle of dealing with logs: the why's, how's and what's.
You will learn how to enable logging and then how to deal with the resulting data deluge by managing data retention, analyzing data using search, filtering and correlation as well as how to apply what you learned to key business and security problems. The class also teaches applications of logging to forensics, incident response and regulatory compliance.
In the beginning, you will learn what to do with various log types and provide brief configuration guidance for common information systems. Next, you will learn a phased approach to implementing a company-wide log management program, and go into specific log-related tasks that needs to be done on a daily, weekly, and monthly basis in regards to log review and monitoring.
Everyone is looking for a path through the PCI DSS and other regulatory compliance maze and that is what you will learn in the next section of the course. Logs are essential for resolving compliance challenges; this class will teach you what you need to concentrate on and how to make your log management compliance-friendly. And people who are already using log management for compliance will learn how to expand the benefits of your log management tools beyond compliance.
You will learn to leverage logs for critical tasks related to incident response, forensics, and operational monitoring. Logs provide one of the key information sources while responding to an incident and this class will teach you how to utilize various log types in the frenzy of an incident investigation.
The class also includes an in-depth look at deploying, configuring and operating an open source tool OSSEC for log analysis, alerting and event correlation.
Finally, the class author, Dr. Anton Chuvakin, probably has more experience in the application of logs to IT and IT security than anyone else in the industry. This means he and the other instructors chosen to teach this course have made a lot of mistakes along the way. You can save yourself a lot of pain and your organization a lot of money by learning about the common mistakes people make working with logs.
Day 1 includes:
- Logging configuration
- Log analysis and monitoring methods and tools
- Log management processes
- Logs for incident response and forensics
- Logs for compliance
- Common logging mistakes
Day 2 includes:
- OSSEC setup and operation in depth
A laptop with Windows XP or later or recent Linux operating system installed which can unzip/gunzip compressed files. CD/DVD drive is required. MacOS is not acceptable. VMware Player (free from VMware site) or VMware Workstation must be installed
If you have additional questions about the laptop specifications, please contact firstname.lastname@example.org.