Certified Cybersecurity Technician Exam 212-82 PDF
Document Details
Uploaded by barrejamesteacher
null
EC-Council
Tags
Related
- Certified Cybersecurity Technician Network Security Controls — Physical Controls PDF
- Secure Firewall Implementation (Exam 212-82) PDF
- Network Logs Monitoring and Analysis Module Flow PDF
- Certified Cybersecurity Technician Network Logs Monitoring and Analysis PDF
- Linux Log Monitoring and Analysis PDF
- CompTIA Security+ Exam Prep: Data Sources for Investigations PDF
Summary
This document discusses various syslog and log management tools for security professionals to monitor systems, applications, and network events in real-time.
Full Transcript
Certified Cybersecurity Technician Exam 212-82 Network Logs Monitoring and Analysis Module Flow [ -...
Certified Cybersecurity Technician Exam 212-82 Network Logs Monitoring and Analysis Module Flow [ - Discuss Log Monitoring ° 4 Understand Logging and Analysis on on Windows Concepts Systems Discuss Various Log Discuss Log Monitoring Management Tools and Analysis on Linux Discuss Various Log Management Tools In this section, various syslog and log management tools are discussed that help security professionals in monitoring systems, applications, and network events in real-time. Module 18 Page 2103 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Logs Monitoring and Analysis Syslog Tools Kiwi Kiwi Syslog s = Kiwi Syslog Server provides centralized and El® Sexver | simplified log message management across I network devices and servers Q Q Splunk Light N https://www.splunk.com Pl L8 Fle(3 Vew Vew My Mywe beb bep | B 2 @ G 1Y 0 ) [ty 08 i3] x [Ouhey 08 (Dwte) a WhatsUp Gold WhatsUp B L— I Bl i https://www.whatsupgold.com S TN o i T | }‘um.‘nu AL Locnt? Warne 181001 152 !:::m KOO0 2 nu:: AT IA:::::“ A e ::::::: 1001192 ;:a-mmu-u.mum' Tast waer comavectond 1 mmabasin Mg /7200 007249 5 195 21200 W A avben owl avduon boomd P syslog-ng syslog-ng Q0 0e 2 ’Q)-u)ll 1o RUETRY tacn b I-‘l:-.- 1E1001 f‘fi ::l‘:i 152 Tast wans -‘-:c‘-l: 'l’-u - carnvactond tn r:‘r’,",,f"‘:’x,m-‘ mabase bilgs /7200 115 197 21 2/indbas sk https://www.syslog-ng.com h'fp’.’//m.’y‘log-flg.fom | @ mame [ T hau YT e 101 13 i W 7301 7L 29 Vs A MOLAN2 M L e TN 108 1o wasbaiin Tast wner connnciod sabaia MgMip J204 118 22 18/indine 2704 118 W0/ ndos bl sl o w00 S p—e A 210012 2 THL41 50 T ev ot WA Locad! Dabary arvnciond aravncindLoo smabaiia sabaia Mg /700 /7004 160 214 1A% inns incbas hisd hisd T Fastvue Syslog https://www.fostvue.co https://www.fastvue.co (l) NxLog https://nxlog.co https.//nxlog.co https.//www. kiwisyslog.com https.//www.kiwisyslog.com I| Syslog Tools *= Kiwi Syslog Server Source: https://www.kiwisyslog.com Kiwi Syslog Server provides centralized and simplified log message management across network devices and servers. It helps in managing syslog messages, SNMP traps, and Windows event logs. It can also be used to monitor real-time logs on a secure and intuitive web interface, thereby further enabling the centralization of logs, to quickly identify issues. Module 18 Page 2104 Certified Cybersecurity Technician Copyright © by EG-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Logs Monitoring and Analysis ':’(. Kiwl Syslog Service Manager Fle FileEdt View EdE View Manage Manage Hel Help b )/) 3 4 @@B s9 [Display 00 (Defaul) x| | 1| l| Date Date ]| Time Time || Pioity Priotity |I Hostname Hostname |IMezuno Message A 09062012 09-06-2012 16:44:54 16:44:54 Systemd. Systemd Warming Waming 10.100.1.192 | Test Test user connected to website http://215.147.16.31 hitp://215.147.16.31 Zindex. html html o 09052012 16:4453 LocalbInfo 101001182 Test user connected to webaite website bitp: hitp: /2195 /195 127 200.148/index 200,148/index hirnl himl A 09062012 09:06-2012 16:44:52 16:44:52 Systemb Waming Warning 10.100,1.192 10.100.1.192 Test user connected to website hitp://222.169,198.63/index hitp://222.169.198.63/index. html @Ky YKy A 0906-2012 09-06-2012 16:44:48 Locol2Wamning Local2Wamning 10.100.1.192 Test user connected to website hitp://203.44.165.1/index. hitp:7/203.44.165.1/index. html html €9 09:06-2012 €3 09062012 16:44:47 Auth.Eror Auth Error 10.100.1.192 Test user connected to website hitp: http: 77201.87.195.218/index. 77201.87.195.218/index. htm! €9 09:06-2012 16:44:45 16:44:45 Localb.Enor Localb.Evor 10.100.1.192 Test user connected to website http://200.119.197.212/index. http:/27200.119.197.212/index. html 03062012 0906202 164444 Local0 Notice Locald 101001182 Test uset connected to website bt hitp, /204 135 209.16/index 209, 16/index himl bml €9 09-06-2012 16:44:42 16:44:42 Locald.Enror Locald.Enor 10.100.1.192 Test Test user connected to website hitp://204.138.2.38/index. http://204.138.2.38/index html html o 03082012 03062012 164441 SyslogIréo Syslog Irfo 101001192 101001182 Test user conrected connected to website hitp: /210 112153 153158/index. /210 112 158/index. hirl himl % 09-06-2012 16:44:40 Local7.Debug Local?.Debug 10.100.1.192 Test user connected to website hitp://204.160.214.145/index. http://204,160.214.145/index. html €9 0906-2012 09-06-2012 16:44:39 Mail.Ertor Mail. Enror 10.100.1.192 Test user connected to website hitp:7/196.182.33.60/index. hitp:7/196.182.33,60/index, htm! html kY @ A 09-06-2012 16:44:37 Local2. Waining 10.100.1.192 Test user connected to website http: hitp: 7/218.112.12.113/index. 2/218.112.12.113/index. html html 03052012 164436 SyetemS Notice SystemS Naotice 101001192 Test uzer user connected to website hitp://207 hitp: /207 21293 212 93 24/index hml bl 03062012 030522 164433 164433 UserNolce UserNotce 101001192 101001192 Test uset uset connecled connecled to website website bitp://214 hitp//214 185 185 211.162/index himl 211.162/index himl Oo 03052012 164430 Local3info Local3Info 101001192 Testuser connecled to website bitp://208 hitp://208 183114103 183114103 /index himl 03062012 09052012 164423 164429 KemelNolice 101001192 Test user connected to website hitp://200 itp://200 195 1951717 95/index 96/index bl bml Figure 18.13: Screenshot of Kiwi Syslog Some additional syslog tools are as follows: = Splunk Light (https://www.splunk.com) *» WhatsUp Gold (https://www.whatsupgold.com) = syslog-ng (https://www.syslog-ng.com) »= Fastvue Syslog (https.//www.fastvue.co) *= NxLog (https://nxlog.co) Module 18 Page 2105 Certified Cybersecurity Technician Copyright © by EG-Gouncil EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Logs Monitoring and Analysis Log Management Tools ° Splunl Spluni | Splunk aggregates and analyzes log data. It provides insights to quickly detect and respond to internal and external attacks and simplify threat management Logstash \ https://www.elastic.co 0060 Sumo Logic 0G0 https://www.sumologic.com Papertrail https://popertrailopp.com LogRhythm https://logrhythm.com Logentries https://logentries.com https://logentries.com hrtps //www.splunk.com Copyright © by EC cll. All Rights Reserved. Reproductionisis Strictly Prohibited Reproduction Log Management Tools = Splunk Splunk Source: https://www.splunk.com Splunk aggregates and analyzes log data. It provides insights to quickly detect and respond to internal and external attacks and simplify threat management. It helps teams gain organization-wide visibility and security intelligence for continuous monitoring, incident response, security operations, and provides executives a window into business risk. Module 18 Page 2106 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Logs Monitoring and Analysis Log Observer 343 Events Visual Anadyus 1kl |In|IlJIflA.ZEH |I..|Iu|fl‘.:1h ol uH-_J.I!..M“ uH-_J.I!nM“ mhulllll mhhlllll allual |||I 2 e Sy [+] Eaplore Traces for a ) 228 Services ~ O Nelated sInfrpstructure Infrpstructore SALOALI43443443434 SALOALI43-443443434 Sarvicesrusning rurning. (0 Kubernetes o0 Kubirnetes rret “ »n Nelated Aelated A Daantoets £ 0 5s Related Alerts Figure 18.14: Screenshot of Splunk Some of the additional centralized log management tools include: = Logstash (https://www.elastic.co) = Sumo Logic (https://www.sumologic.com) = Papertrail (https://papertrailapp.com) = LogRhythm LogRhythm (https://logrhythm.com) (https.//logrhythm.com) = Logentries (https://logentries.com) Module 18 Page 2107 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.
