Categories
How to's Level-Advanced

How to reduce noise in your SIEM?

Your SIEM (Security Information and Event Management)’s ROI depends on how effectively you tune it. Data sources like Firewall, AD server, File server, generates millions of logs every day. Without proper audit policy and SIEM filters, 80% of logs are noise. If you do not tune it, you will not get real value from your […]

Categories
Level-Advanced

Events of Interest to monitor in Cisco ASA Firewall/IPS

Every time I get a requirement to monitor critical events from a vendor, I have to go through multiple documents to understand and collate information about the vendor, the log schema and the types of events. This information is hard to Google and gather straightaway. So here I’m posting some Cisco ASA events of interest […]