Date Author Title
2023-12-10Guy BruneauHoneypots: From the Skeptical Beginner to the Tactical Enthusiast
2023-11-20Jesse La GrewOverflowing Web Honeypot Logs
2023-08-31Guy BruneauPotential Weaponizing of Honeypot Logs [Guest Diary]
2023-07-23Guy BruneauInstall & Configure Filebeat on Raspberry Pi ARM64 to Parse DShield Sensor Logs
2023-05-14Guy BruneauDShield Sensor Update
2023-01-21Guy BruneauDShield Sensor JSON Log to Elasticsearch
2023-01-08Guy BruneauDShield Sensor JSON Log Analysis
2022-12-21Guy BruneauDShield Sensor Setup in Azure
2021-10-11Johannes UllrichThings that go "Bump" in the Night: Non HTTP Requests Hitting Web Servers
2021-09-11Guy BruneauShipping to Elasticsearch Microsoft DNS Logs
2021-03-12Guy BruneauMicrosoft DHCP Logs Shipped to ELK
2021-02-13Guy BruneauUsing Logstash to Parse IPtables Firewall Logs
2020-07-23Xavier MertensSimple Blocklisting with MISP & pfSense
2020-01-12Guy BruneauELK Dashboard and Logstash parser for tcp-honeypot Logs
2019-12-07Guy BruneauIntegrating Pi-hole Logs in ELK with Logstash
2019-09-17Rob VandenBrinkInvestigating Gaps in your Windows Event Logs
2019-06-06Xavier MertensKeep an Eye on Your WMI Logs
2019-05-19Guy BruneauIs Metadata Only Approach, Good Enough for Network Traffic Analysis?
2018-07-17Xavier MertensSearching for Geographically Improbable Login Attempts
2018-06-21Xavier MertensAre Your Hunting Rules Still Working?
2017-07-09Russ McReeAdversary hunting with SOF-ELK
2016-08-29Russ McReeRecommended Reading: Intrusion Detection Using Indicators of Compromise Based on Best Practices and Windows Event Logs
2016-06-01Xavier MertensDocker Containers Logging
2014-08-15Tom WebbAppLocker Event Logs with OSSEC 2.8
2014-02-14Chris MohanScanning activity for /siemens/bootstrapping/JnlpBrowser/Development/
2014-02-09Basil Alawi S.TaherMandiant Highlighter 2
2014-01-04Tom WebbMonitoring Windows Networks Using Syslog (Part One)
2013-12-03Rob VandenBrinkEven in the Quietest Moments ...
2013-10-10Mark HofmanCSAM Some more unusual scans
2012-12-02Guy BruneauCollecting Logs from Security Devices at Home
2012-07-13Russ McRee2 for 1: SANSFIRE & MSRA presentations
2012-07-11Rick WannerExcellent Security Education Resources
2012-05-02Bojan ZdrnjaMonitoring VMWare logs
2012-04-08Chris MohanBlog Log: More noise or a rich source of intelligence?
2011-11-19Kevin ListonMonitoring your Log Monitoring Process
2011-06-21Chris MohanAustralian government security audit report shows tough love to agencies
2011-06-20Chris MohanLog files - are you reviewing yours?
2011-05-17Johannes UllrichA Couple Days of Logs: Looking for the Russian Business Network
2010-12-24Daniel WesemannA question of class
2010-04-06Daniel WesemannApplication Logs
2010-03-10Rob VandenBrinkWhat's My Firewall Telling Me? (Part 4)
2010-02-23Mark HofmanWhat is your firewall telling you and what is TCP249?
2010-01-29Johannes UllrichAnalyzing isc.sans.org weblogs, part 2, RFI attacks
2010-01-20Johannes UllrichWeathering the Storm Part 1: An analysis of our SANS ISC weblogs http://appsecstreetfighter.com
2009-10-26Johannes UllrichWeb honeypot Update
2009-01-09Johannes UllrichSANS Log Management Survey
2008-08-19Johannes UllrichA morning stroll through my web logs
2008-08-05Daniel WesemannWatching those DNS logs
2006-09-18Jim ClausingLog analysis follow up
2006-09-09Jim ClausingLog Analysis tips?
2006-09-09Jim ClausingA few preliminary log analysis thoughts