From the course: CompTIA CySA+ (CS0-002) Cert Prep: 5 Security Operations and Monitoring
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Querying logs
From the course: CompTIA CySA+ (CS0-002) Cert Prep: 5 Security Operations and Monitoring
Querying logs
- You can't always depend upon your SIEM to comb through all of your security logs and automatically uncover the information that's important to you. Sometimes you will need to search through those logs yourself. This requires that you be able to write queries that retrieve exactly the information that you need from your SIEM or other information store. There are a lot of different ways that you can write queries against logs. And the method you use will depend upon where your logs are stored, and what format they are in. For example, if your logs are already stored in your SIEM, you can use the SIEM's management interface to perform the search. It's likely that the vendor provides you with an intuitive web-based interface that allows you to quickly parse through the various logs that the SIEM aggregated. This is almost always the easiest and fastest way to run queries against your security information because the SIEM…
Contents
-
-
-
-
(Locked)
Endpoint monitoring3m 23s
-
(Locked)
Malware prevention7m 17s
-
(Locked)
File system integrity monitoring4m 42s
-
(Locked)
Network monitoring4m 20s
-
(Locked)
Protocol analyzers6m 39s
-
(Locked)
DNS harvesting4m 30s
-
(Locked)
Intrusion detection and prevention8m 29s
-
(Locked)
Web security tools3m 40s
-
(Locked)
Impact analysis3m 50s
-
(Locked)
Querying logs7m 10s
-
(Locked)
-
-
-
-
-