You have to see the criminal to catch the criminal. The most relevant data to monitor, ranked.

  • Webcast Aired Friday, 06 Dec 2019 1:00PM EST (06 Dec 2019 18:00 UTC)
  • Speakers: Brandon McCrillis, Mike Simon

Learn the data sources you should collect to understand security-related activities on your network.

Teams working to monitor network and workstation security need to know what data to monitor and what to prioritize.

Making a list of all possible specific logs that could be used for security monitoring requires an infinite amount of time.

However, when you understand how to best use each information type, you can identify and prioritize virtually any source.

In this webinar, we will provide a comprehensive list of information to collect and analyze, including:

  1. A list of Sources, often specific to a product or operating system (i.e., Active Directory logs)
  2. A list of log Types, which can often answer the why questions (i.e., user logins)

We will then assist security professionals by ranking that information from most critical to least critical.

Join Mike Simon, CTO of CI Security, and SANS experts to get actionable take-aways to make your network monitoring routines more efficient, with added context about not just what to monitor, but why.