logging

Logged ·

Roadmap to Incident Response Automation

Automating tasks in Incident Response (IR) is key to reduce the impact of incidents. Although it seems as easy as start writing scripts, in my experience, this objective must be tackled in a more scalable and robust way that encompasses security, data science, and software develo…

Logged ·

Logging Strategy

Logs are a key part of successful security or IT plan because they are an outstanding mechanism to diagnose many types of incidents. That's why every corporation should have a strategy to define what logs will be tracked and for how long. Usually, different log sources overlap da…

Logged ·

Bits #3: Syslog Priorities

When dealing with Syslog, one should notice that each message starts with a number. This number identifies the priority of that message, and in this text, I will explain how to calculate and decompose it. Here are some examples of Syslog messages: <11>Aug 23 19:07:55 <…

Logged ·

Bits #2: teslacoil.py

Recently, I had to solve this problem: having a system that generates some log files, to send such logs to our SIEM, considering that this system had no integration with Syslog. I solved this problem some time ago by writing a shell script to read all log files of the day before…

Logged ·

Bits #1: Python, Syslog, macOS

It's been a while since I posted for the last time, but today I decided to start a new session in this blog: Bits. Here, I'm going to share short, but good and useful experiences to help other people, including myself [in the future]. To debut the new session, I will describe t…