Closing logging gaps with packets

  • Tuesday, 30 Aug 2022 3:30PM EDT (30 Aug 2022 19:30 UTC)
  • Speaker: Jake Williams

We've all been there - investigating an incident where there's not enough log data. In this webcast, Jake Williams will show participants how to leverage packet data in confirming (or refuting) information in web server logs. This webcast will pick up where the last Endace webcast left off, diving deeper into the investigation. Don't worry though: you don't need to have seen the first webcast to keep up. In the first webcast, we confirmed we were not the source of a reported third-party intrusion, only to discover there actually was a reason for alarm.

In this webcast, we'll investigate:

1. How our server was compromised

2. What actions were taken

3. How to reconcile Apache logs with packet capture data