Incident handlers are expected to provide timely and efficient detection, analysis and response to incidents. They have at their disposal a seemingly endless supply of events, typically in the form of log data from a variety of systems. Unfortunately, the volume of this data can be difficult to capture and analyze, hindering the incident handling process. Specialized software can automate the collection and dying of log data, helping separate the "noise" of events from the "signal" of incidents. This paper will detail a framework and procedures to establish a security operations program that leverages log analysis tools.
2015 Energy Industry Cybersecurity Report
Strategic Cybersecurity: A Toolkit for Prioritizing, Coordinating, and Transforming Your Cybersecurity Program