Operations | Monitoring | ITSM | DevOps | Cloud

The Slack Audit Logs API is for monitoring the audit events happening in a Slack Enterprise Grid organization to ensure continued compliance, to safeguard against any inappropriate system access, and to allow the user to audit suspicious behavior within the enterprise. This essentially means it is an API to know who did what and when in the Slack Enterprise Grid account. We are excited to announce the Slack Add-on for Splunk, that targets this API as a brand new data source for Splunk.

What software assets does your organization use? What sounds like a simple question is anything but. If we include every package and dependency that ends up in the code we produce then for most development teams the truthful answer is ‘we don’t know’. As we’ve said enough times already, that really isn’t good enough anymore. And that’s one of the core motivations behind Cloudsmith.

In part 5, we looked at auditing your network device logs. A decade ago, security professionals were primarily concerned about network perimeter and endpoint security. While those concerns are still valid, technological advancements have created new scenarios that need to be addressed.

Anyone trying to access resources in your network needs to interact with your network devices: firewalls, routers, switches, and IDS/IPSs. Each of these devices generate syslogs that contain important security information and must be audited to gain complete visibility into the activities occurring in your network. Most SIEM solutions, including our own Log360, can collect and analyze syslogs in real time and instantly alert security teams if any security event of interest occurs.

Web servers are front-end facing applications that are vital for the daily operations of businesses. They are subject to attacks such as SQL injection, malicious URL requests, and the age-old classic, denial of service (DoS) attacks. While there are specialized web application security solutions that you can (and should) deploy, auditing web server logs is just as important for ensuring your web servers are secure and always up and running.

Insider threats are on the rise. In fact, both administrators and average employees are among the biggest security threats in an organization. When it comes to security auditing, there are two areas you need to focus on: Active Directory changes and individual user activity, particularly administrator activity.

In part 1, we looked at an overview of auditing servers. In this blog, we’ll discuss which events you need to audit in your databases and file servers where sensitive data is stored. New data protection regulations and large-scale global attacks have made this more important than ever before. The main goal is to not only ensure that the accesses and modifications to sensitive data in your network are authorized, but also that file and column integrity are maintained.

Everyone knows about the importance of log management in IT security. Yet, organizations struggle with implementing effective log management techniques in their networks. This blog series aims to revisit the fundamentals of log management and discuss the different security events you need to keep track of in each of the different systems in your environment.