What to track for compliance for Snare Enterprise Epilog

Owned by Carlos Osorio
Oct 30, 2020
1 min read



SUMMARY

Feb 14, 2017

The following are logs to collect that will help with system monitoring or compliance:

  • Collect DNS debug logs from windows DNS servers, this will allow tracking of all DNS requests and help with detection of Malware on the internal network.

  • Collect DHCP logs from devices obtaining network IP addresses from the Windows DHCP server, this can be used to help correlate unauthorised devices obtaining a network address on the LAN

  • Collect web server logs ie IIS, Apache (Windows and Unix) to track user/session activity with web based applications. This can be important for E-commerce and other sensitive web based applications to track and monitor XSS attacks, SQL injection attempts and command injection in web based applications.

  • Collect email logs from Exchange and other Email servers to monitor email errors and administrative activity in the email system

  • Collect activity audit logs from Oracle, Postgress, and MySQL databases where they log their audit logs to operating system text log files

  • On Unix systems collect the traditional operating system /var/log system log files that is easier to configure and filter logs than the traditional syslog configuration settings. Some of these operating systems logs contain system boot and operating system health information that can be critical for overall system monitoring.