10 Things To Look For In an MSSP
Managed Security Service Providers (MSSP) are IT companies that operate some portion of their customer’s security infrastructure such as firewalls, VPNs, spam / antivirus systems, and intrusion detection tools.
Managed Security Service Providers (MSSP) are IT companies that operate some portion of their customer’s security infrastructure such as firewalls, VPNs, spam / antivirus systems, and intrusion detection tools.
In the world of information technology, data has become the fundamental currency that holds the highest value. IT Operations Analytics (ITOA) represents one of the largest and richest sources of fresh and actionable data. Many automated tools can be used to make sense of all the information that comes from day-to-day IT operations, from log to agent to wire data.
Announcing Graylog v3.1 Today we are officially releasing Graylog v3.1. This release brings a whole new alerting and event system that provides more flexible alert conditions and event correlation based on the new search APIs that also power the views. In addition, some extended search capabilities introduced in Graylog Enterprise v3.0 are now available in the open source edition in preparation for unifying the various search features.
Today we are releasing the first Release Candidate of Graylog v3.1. This release brings a whole new alerting and event system that provides more flexible alert conditions and event correlation based on the new search APIs that also power the views. In addition, some extended search capabilities introduced in Graylog Enterprise v3.0 are now available in the open source edition in preparation for unifying the various search features.
Today we are releasing the next public beta of Graylog v3.1. This release brings a whole new alerting and event system that provides more flexible alert conditions and event correlation based on the new search APIs that also power the views. In addition, some extended search capabilities introduced in Graylog Enterprise v3.0 are now available in the open source edition in preparation for unifying the various search features.
So you have been adding more and more logs to your Graylog instance, gathering up your server, network, application logs and throwing in anything else you can think of. This is exactly what Graylog is designed for, to collect all the logs and have them ready for you to search through in one place. Unfortunately, during your administration of Graylog you go the System -> Overview screen and see the big bad red box, saying you are having indexing failures.
he Graylog community is what makes the product so exciting. It is awesome to see our community members take the time to help everyone over on our community forums, twitter, reddit or on their own private channels. I wanted to take some time to highlight a blog post by Community member BlueTeamNinja (aka Big Abe) who, after tackling a Graylog deployment shared lessons learned from a non-Linux/non-Elk person.
In this post, I will describe in detail how to use the Threat Intelligence plugin that ships with Graylog. I’ll start with the steps necessary to prepare your data, then explain how to activate the feature and how to configure it for use.
As Stephen Marsland once said, “if data had mass, the earth would be a black hole.” A vast part of the immense amount of structured and unstructured data that we call “Big Data” is nothing but machine-originated log data. Logs are generated for a lot of different purposes – from security to debugging and troubleshooting. They constitute a gold mine of useful information and actionable insights if properly stored, managed, and analyzed.
Now that you have your brand new Graylog instance up and collecting your organization’s logs, all the data is quickly searchable and available for troubleshooting any issues as they arise. Just as easy as it is for you to use, an attacker with access to the logs now has a much simpler job of understanding your environment and seeing all of your data. You need to make sure you are doing all the due diligence you can to protect the data.