TOPIC: Cloud based Log Management and/or On-Prem Log Management
OUR GUEST WILL BE:
Pieter Heyn - Sales Manager EMEA of HUMIO
Kresten Krab - CTO of HUMIO
SPONSORS OF OUR PODCAST
NEWS-WORTHY - FBI asks everyone to reboot their routers
Last week, security researchers at Cisco's cyberintelligence unit Talos warned of the attack: malicious software, dubbed VPNFilter, had infected an estimated 500,000 consumer routers in 54 countries and was targeting routers from Linksys, MikroTik, Netgear and TP-Link, and possibly others.
The FBI on Friday sent out a notice recommending that anyone with a small office or home office router reboot (turn on and off) their devices to stop the malware
https://www.scmagazine.com/fbi-seizes-domain-behind-vpnfilter-botnet/article/768558/
Reboot vs. Pull the Plug? BDIR says pull the plug !!!
MALWARE OF THE MONTH
Sadly, none of interest this month ;-(
SITE-WORTHY
1. BDIR - The whole list of Windows Logging Cheat Sheets
2. BDIR - Windows 10 and Windows Server 2016 Security Auditing and Monitoring Reference.docx
Guests - HUMIO
Humio of course - https://www.Humio.com
TOOL-WORTHY
BDIR - Audit your logs to see where your audit logging compares to industry standards - LOG-MD
2. BDIR - Add additional details to your logs - The Sysmon Service
Guests - Humio
Humio of course - https://www.Humio.com
TOPIC OF THE DAY
Cloud based Log Management and/or On-Prem Log Management
Articles:
BACKGROUND - MG and BB
So why do I think this topic is important to IT, InfoSec, IR, Network, and Forensic people?
Why security and log management are important aka SIEM
Story about SMB needing help on an malware infection, multiple locations
MG Top 10 list of tools - Log Management is crucial to Detection and Response
Intro by Michael and Brian on how they found Humio
Humio was responsive to our suggestions
Other vendors were not, just said yeah, we just wanted your business
Cloud log management vs. on-prem
MG - I have looked at 10 or more logging solutions and the lack of ease of use is a big one
A good log management solution has to have some basic features a lot of solutions lacked or were very buggy
Easy to use console
Built-in alerting, not as an option
Exclusion ability, not this or this or this
Save reports and queries
Dashboards for those that want them
INTERVIEW:
Background of Humio
Live data vs query
No indexes used
Free vs Pro vs. trial vs. On-Prem solutions
How much data can I send in the 30 day trail for the SMB type use case?
Do you see yourself as a SIEM vendor or wanting to move there?
Not yet moving there
SectionGuard - Additional Windows information mentioned by Kresten
WLS (Windows Logging Service) mentioned by Michael
https://www.kcp.com/Partnering/Licensing-Technologies/Pages/kcp-software.aspx
How does GDPR or any compliance regulation affect Cloud shared hosting ?
And really is this just solved by going with an On-Prem solution?
What basic changes did you have to make being a Euro company in this space?
There are a lot of Logging solutions, what gap were you intending to fill; what problem were you trying to solve?
New features in the last release you want to mention
What are the major differences or advantages that your customers like about Humio?
Something NEW - INTRODUCING:
The “Windows Humio Logging Cheat Sheet”
11 Windows Event Log items to start with
Sample queries
Our goal for the listeners
Try it on your home systems
Learn how to do basic logging
How to audit a Windows system
How to set the audit logging
Install the WinLogBeat agent
Start with the Winlogbeat config from Malware Archaeology
Use Humio
Populate it with the queries from the "Windows Humio Logging Cheat Sheet"
-----------------------------------------------------------------------------------------------