in week 10 we learned deeper regarding event log analysis and correlation.
log sources
- OS logs
- windoews – event logs
- linux -syslog
- Application Logs
- SMTP logs
- Web Server logs
- Access logs
- Physical device
- Camera logs
- UPS logs
- Network Equipment logs
- Router logs
- Switch logs
Windows logs
- immensely important as it usually is the early detection system
- provides data and trigger for an investigation
- Snort finds the key points in the mass amount of data that windows logs has
- has event logs
- setup logs
- firewalls
- browsing history
- short cuts