The question is just about types of logs created and log
analysis for security in network.
Types of logs
- Application log—events logged by applications.
Developers determine the events logged by their application. The
application can log information from several sources. It is
important to note the source alongside the event ID.
- System log—events logged by the operating
system. For example, issues experienced by drivers during the
startup process.
- Security log—events related to security,
including login attempts or file deletion. Administrators determine
which events to enter into their security log, according to their
audit policy.
- Directory service log—records active directory
operations like authentication and modification of privileges. Only
available on domain controllers.
- DNS server log—records DNS activity. Only
available on DNS servers.
- File replication service log—records domain
controller replication, only available on domain controllers.
WHAT IS LOG ANALYSIS?
Computers, networks, and other IT systems generate records
called audit trail records or logs that document system activities.
Log analysis is the evaluation of these records and is used by
organizations to help mitigate a variety of risks and meet
compliance regulations.
HOW DOES LOG ANALYSIS WORK?
Logs are usually created by network devices, applications,
operating systems, and programmable or smart devices. They comprise
of several messages that are chronologically arranged and stored on
a disk, in files, or in an application like a log collector.
Analysts need to ensure that the logs consist of a complete
range of messages and are interpreted according to context. Log
elements should be normalized, using the same terms or terminology,
to avoid confusion and provide cohesiveness. For example, one
system might use “warning” while another uses “critical.” Making
sure terms and data formats are in sync will help ease analysis and
reduce error. Normalization also ensures that statistics and
reports from different sources are meaningful and accurate.
Once the log data is collected, cleaned, and structured, they
can be properly analyzed to detect patterns and anomalies, like
network intrusions.
USE CASES FOR LOG ANALYSIS
Log analysis serves several different purposes:
- To comply with internal security policies and outside
regulations and audits
- To understand and respond to data breaches and other security
incidents
- To troubleshoot systems, computers, or networks
- To understand the behaviors of your users
- To conduct forensics in the event of an investigation
Some organizations are required to conduct log analysis if they
want to be certified as fully compliant to regulations. However,
log analysis also helps companies save time when trying to diagnose
problems, resolve issues, or manage their infrastructure or
applications.
Security professional can use this information for
analysing security in the network in the following
ways:
- A security incident is not an accident. You can very well
prevent thefts of your secured data.
- The evolving compliance regulations ensure your IT
infrastructure takes the reigns of the information security in
their hands. Your organization is bound to abide by the laws set
towards internal security.
- Beneficial in storing adequate information on events for a
specified period of time
- Scaling to meet the demands of the growing number of logs and
sorting these event logs to identify the security-related
activities for operational, compliance, and security reasons
- Protecting your confidential corporate information from
unauthorized disclosure that could be a threat in disguise to your
network security.
- Reports employee abuse on restricted access information
- Includes in-built threat intelligence and alerts you to
malicious IPs and URLs. Also processes prominent STIX/TAXII threat
feeds and alerts you to malicious URLs, IPs, and domains.
- Prevents several common deadly attacks such as Denial of
Service, SQL injection, and others
- Correlates events from all devices in your network, including
routers, firewalls, VPNs, servers, applications, and workstations,
to detect potential attack patterns.
- Protects your business critical applications by detecting
anomalies and attacks
- Secures your network devices including routers, firewalls, and
IDS/IPS
- Solves regulatory requirements, assists in forensic analysis
and identifies IT issues near real-time providing convenience in
troubleshooting these issues
- Security theft is a corporate threat and recovery from the
theft is an expensive affair, nevertheless, required to ensure
business continuity. Investing on a security log management tool is
wise and worth.
- By ensuring security towards electronic customer information,
you gain trust, everlasting business relations, improve revenues
and enhance customer experience