Description: Take a look at almost every log management best practice guide and you will find a bullet point for determining "normal" activity or analyzing trends. These guides, and most log management best practices in general, lack the details for practically determining what is "normal" and how to investigate abnormal activity.
This presentation intends to outline practical strategies for determining "normal" activity using baseline analysis with logs and security events. Topics will include overview of baselines and the necessary statistics, determining what to baseline with threat modeling, developing the baseline, reviewing the anomalous data, and tuning.
For More Information Please Visit:- https://www.bsideslv.org
Tags:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.