Having fun while learning about and pivoting into the world of DFIR.
by ogmini
Just attended Introduction to Log Management(IR210) offered by CISA. I talked about these in a previous post and would encourage those eligible to register.
In the course we were given:
The labs had us configure rsyslog with a client and server. We also configured the logs to be sent using TLS by generating certificates and applying them. Finally, we configured and utilized wazuh. and opensource XDR and SIEM.
This was a useful class for reminding participants about the importance of robust, secure logging and how it assists in detecting IOCs and responding to incidents. I’m a little on the fence about how useful the labs were as many of the steps to setup logging would be very specific to the environment. Always fun to play with new software though.
It was nice to hear about CISA’s Logging Made Easy as a free option for small/medium sized organizations to handle centralized log collection and SIEM. Budget for security can be a big problem for smaller organizations.
There was also a good conversation about log retention and how that decision can be impacted by legal requirements and storage space.
tags: training