Join our #Slack Channel! Email us at firstname.lastname@example.org or or DM us on Twitter @brakesec
Libsyn Feed - http://www.brakeingdownir.libsyn.com/
Our guests are Pieter Heyn and Kresten Krab with Humio will discuss with us Cloud based Log Management and/or On-Prem Log Management
JOIN US FOR EPISODE-004, OUR GUEST WILL BE:
- Pieter Heyn - Sales Manager EMEA of HUMIO
- Kresten Krab - CTO of HUMIO
SPONSORS OF OUR PODCAST
NEWS-WORTHY - FBI asks everyone to reboot their routers
Last week, security researchers at Cisco's cyberintelligence unit Talos warned of the attack: malicious software, dubbed VPNFilter, had infected an estimated 500,000 consumer routers in 54 countries and was targeting routers from Linksys, MikroTik, Netgear and TP-Link, and possibly others.
The FBI on Friday sent out a notice recommending that anyone with a small office or home office router reboot (turn on and off) their devices to stop the malware
- Reboot vs. Pull the Plug? BDIR says pull the plug !!!
MALWARE OF THE MONTH
Sadly, none of interest this month ;-(
1. BDIR - The whole list of Windows Logging Cheat Sheets
2. BDIR - Windows 10 and Windows Server 2016 Security Auditing and Monitoring Reference.docx
Guests - HUMIO
Humio of course - https://www.Humio.com
- BDIR - Audit your logs to see where your audit logging compares to industry standards - LOG-MD
2. BDIR - Add additional details to your logs - The Sysmon Service
Guests - Humio
- Humio of course - https://www.Humio.com
TOPIC OF THE DAY
Cloud based Log Management and/or On-Prem Log Management
- Modern Log Management: Flexibility is the X Factor
- Why a SIEM Won’t Solve All Your Problems: 5 Common Issues and How to Avoid Them
BACKGROUND - MG and BB
- So why do I think this topic is important to IT, InfoSec, IR, Network, and Forensic people?
- Why security and log management are important aka SIEM
- Story about SMB needing help on an malware infection, multiple locations
- MG Top 10 list of tools - Log Management is crucial to Detection and Response
- Intro by Michael and Brian on how they found Humio
- Humio was responsive to our suggestions
- Other vendors were not, just said yeah, we just wanted your business
- Cloud log management vs. on-prem
- MG - I have looked at 10 or more logging solutions and the lack of ease of use is a big one
- A good log management solution has to have some basic features a lot of solutions lacked or were very buggy
- Easy to use console
- Built-in alerting, not as an option
- Exclusion ability, not this or this or this
- Save reports and queries
- Dashboards for those that want them
- Background of Humio
- Live data vs query
- No indexes used
- Free vs Pro vs. trial vs. On-Prem solutions
- How much data can I send in the 30 day trail for the SMB type use case?
- Do you see yourself as a SIEM vendor or wanting to move there?
- Not yet moving there
- SectionGuard - Additional Windows information mentioned by Kresten
- WLS (Windows Logging Service) mentioned by Michael
- How does GDPR or any compliance regulation affect Cloud shared hosting ?
- And really is this just solved by going with an On-Prem solution?
- What basic changes did you have to make being a Euro company in this space?
- There are a lot of Logging solutions, what gap were you intending to fill; what problem were you trying to solve?
- New features in the last release you want to mention
- What are the major differences or advantages that your customers like about Humio?
Something NEW - INTRODUCING:
- The “Windows Humio Logging Cheat Sheet”
- 11 Windows Event Log items to start with
- Sample queries
Our goal for the listeners
- Try it on your home systems
- Learn how to do basic logging
- How to audit a Windows system
- How to set the audit logging
- Install the WinLogBeat agent
- Start with the Winlogbeat config from Malware Archaeology
- Use Humio
- Populate it with the queries from the "Windows Humio Logging Cheat Sheet"