Log Management and Compliance

From Socology.org - The Study of Security Operations
Revision as of 08:15, 3 November 2018 by Chrismaulding (Talk | contribs)

Jump to: navigation, search

This section is under development

Objective

To discuss log management and compliance in relation to industry-specific compliance regulations. Regulations discussed will be PCI, SOX, HIPAA, etc.

Process

Below are general guidelines for getting the logs necessary to meet your compliance needs. These are just guidelines and may need to be modified based on your business needs.

 1. Identify what logs are needed based on compliance regulations.
 2. Configure devices with the necessary information to send logs to a SIEM or other logging mechanism.
 3. Verify logs are being received by the SIEM or log management server. 
 4. Use business cases to generate alerts when necessary.
 5. Review the logs after network maintenance and upgrades.

Tooling

There are many tools both paid and open source that can be used to collect and store the logs necessary to meet compliance needs. Here we will focus on the open source tools and be as vendor neutral as possible.

 Elastic Stack(ELK Stack): This is a group of tools that can be used to store, search and visualize the logs and data that you are collecting
 OSSIM: The open source version of Alienvault. This tool can collect and normalize the logs you are sending to it. This can also be configured to do Intrusion Detection(IDS) and integrates with the Open Threat Exchange(OTX) which 
        is community-based threat feeds. 
 Security Onion: This is a security distribution that is based on Ubuntu. This has many tools that can be configured to store, log, alert and visualize the data being sent to it. 
 OSSEC: This is an agent-based service that can collect windows event logs and Linux event logs. 

This is not an exhaustive list by any means there are always new tools coming out, and being used. Keep in mind that one tool may not meet all of your requirements. In many environments, more than one of these tools will be required to meet your specific needs.

Ticketing

Reporting

Staffing

Budgeting

Communications

Documentation

Lessons Learned | Pain Points

Citations

Network Managment Division of Ipswitch Inc. https://www.ipswitch.com/Ipswitch/media/Ipswitch/Documents/Resources/Whitepapers%20and%20eBooks/ELM_Security_WP.pdf?ext=.pdf

Daniel Berman logz.io https://logz.io/blog/open-source-siem-tools/