Talk With an Expert

Boiling the Ocean: Security Operations and Log Analysis

Boiling the Ocean: Security Operations and Log Analysis (PDF, 2.98MB)Published: 06 Apr, 2016
Created by
Colin Chisholm

Incident handlers are expected to provide timely and efficient detection, analysis and response to incidents. They have at their disposal a seemingly endless supply of events, typically in the form of log data from a variety of systems. Unfortunately, the volume of this data can be difficult to capture and analyze, hindering the incident handling process. Specialized software can automate the collection and dying of log data, helping separate the 'noise' of events from the 'signal' of incidents. This paper will detail a framework and procedures to establish a security operations program that leverages log analysis tools.