Preview Mode Links will not work in preview mode
  1. All Episodes
  2. 2021-005-Ronnie Watson (@secopsgeek), building a security monitoring system with ELK, and Wazuh

2021-005-Ronnie Watson (@secopsgeek), building a security monitoring system with ELK, and Wazuh

Feb 9, 2021

Ronnie Watson (@secopsgeek)

Youtube: watson infosec - YouTube

watsoninfosec (Watsoninfosec) · GitHub

Wazuh - fork of OSSEC (Migrating from OSSEC · Wazuh · The Open Source Security Platform)

 

GitHub - ossec/ossec-hids: OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

Implementing a Network Security Metrics Programs (giac.org)

What to track.

Some suggested metrics to start with: 

  1. Number of Successful Logons – from security audits. 
  2. Number of Unsuccessful Logons – from security audits. 
  3. Number of Virus Infections during a given period. 
  4. Number of incidents reported. 
  5. Number of security policy violations during a given period. 
  6. Number of policy exceptions during a given period. 
  7. Percentage of expired passwords.
  8. Number of guessed passwords – use a password cracker to test passwords. 
  9. Number of incidents. 
  10. Cost of monitoring during a given period – use your time tracking system if you have one.

 

6 Essential Security Features for Network Monitoring Solutions (solutionsreview.com)

 

Metrics of Security (nist.gov)

Security metrics are essential to comprehensive network security and CSA management. Without good metrics, analysts cannot answer many security related questions. Some examples of such questions include “Is our network more secure today than it was before?” or “Have the changes of network configurations improved our security posture?”

The ultimate aim of security metrics is to ensure business continuity (or mission success) and minimize business damage by preventing or minimizing the potential impact of cyber incidents. 

 

DNS over HTTPs  DNS over HTTPS - Wikipedia

Check out our Store on Teepub! https://brakesec.com/store

Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com

#AmazonMusic: https://brakesec.com/amazonmusic 

#Spotifyhttps://brakesec.com/spotifyBDS

#Pandorahttps://brakesec.com/pandora 

#RSShttps://brakesec.com/BrakesecRSS

#Youtube Channel:  http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site:  https://brakesec.com/bdswebsite

#iHeartRadio App:  https://brakesec.com/iHeartBrakesec

#SoundCloudhttps://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypalhttps://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec