Chris and all,
IMHO, there can't be a Top 5 list. To make it possible, you have to
consider the role of the report recipient.
E.g.
Top 5 Reports for a SysAdmin
Top 5 Reports for a Security Analyst
Top 5 Reports for a CSO
And yes, I do have the lists - will send it later...
On 5/17/06, Chris Brenton <cbrenton@private> wrote:
> Hey all,
>
> I'm involved with helping SANS organize the logging summit this July. As
> part of that, I was hit with a question that I thought could be best
> answered via feedback from the group.
>
> What do you feel are the top 5 reports a centralized log management
> system should provide?
>
> For example, a few I came up with:
>
> Authentication failures (Web, system access, VPNs, etc.)
> Access failures (HTTP scripts, recursion requests, etc.)
> Initialization of new/unknown processes
> Unexpected outbound traffic through the firewall (IRC, TFTP, SMTP, etc.)
>
> I would love to see a similar list from other folks on the list.
>
> Cheers,
> Chris
>
>
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis@private
> http://lists.shmoo.com/mailman/listinfo/loganalysis
>
--
Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA
http://www.chuvakin.org
http://www.securitywarrior.com
_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Sun May 21 2006 - 12:31:49 PDT