In this post, I highlight the basics of what to consider when selecting a source of threat intelligence and provide an outline of what steps are needed to integrate that data. I will also try to point out the choices that must be made and the considerations that should be kept in mind during the process.
The news is full of stories about the talent shortage in IT, especially in IT security. This shortage has created pressure on organizations to grow IT operations and to do that securely, all while having too few staff. Many are turning to threat intelligence to give their security analysts the tools they need to evaluate threats quickly and effectively. Essentially offering “Intelligence as a Service,” these tools enable organizations to benefit from the research of others.
Data is exploding. The shift to digital business is driving a massive expansion in the volume of data that organizations produce, use, and store. It is also accelerating the velocity of data—that is, the data is changing more rapidly than ever before. Which in many ways is great—more data can bring more insight into customers, markets, and opportunities. But more data can also be a problem. Because that very data can become the target for attackers who are intent on stealing your customer information, ripping off your IP, or simply holding your business to ransom.
We will be offering classroom-style training with our featured partner, Netways, in Nuremburg, Germany.
This quarterly training will provide you with the insights into the main components of the Graylog platform ranging from installation and configuration to data ingestion, parsing, and scaling. We want you to be fully equipped with the knowledge to jump-start your installation and learn best practices.
If you run the audit daemon on your Linux distribution you might notice that some of the most valuable information produced by auditd is not transmitted when you enable syslog forwarding to Graylog. By default, these messages are written to /var/log/audt/audit.log, which is written to file by the auditd process directly and not sent via syslog. In this post, we will walk through the steps to capture this information and bring it into your Graylog instance, to get insight into what users do on your Linux servers.