« Microsoft Patch Tuesday Roundup - January 2011 | Main | Tenable Network Security Podcast - Episode 66 »

 

Putting a Virus under the SIEM Microscope Webinar

Virus-siem

When a virus infected one of my Nessus scan targets, I did what any sensible CEO of a SIEM company would do - let it run and see what types of logs and alerts it generated!

Over the 30 days that I let it run, I was able to collect a wide variety of interesting data. This included suspicious Windows application logs, internal network scans, communication anomalies, attempts to break into other lab computers and "classic" outbound connections  to various IRC channels. It even modified how logins worked, breaking my Nessus patch audits. 

Attendees of this webinar will learn about various detection methods that can be used with SIEMs to look for malicious software and computers infected with hostile code. 

Putting a Virus under the SIEM Microscope
Wednesday, January 26 2:00 PM EST
https://www1.gotomeeting.com/register/178513273

 

 

 

Posted by Ron Gula on 07:00:00 AM in Log Analysis, Security Strategy, Tenable Webinars

Tenable Network Security


The official BLOG of Tenable Network Security and the Nessus vulnerability scanner.

Home

About

Archives

Subscribe to this blog's feed

Subscribe to my Podcast

Recent Posts

Tenable Network Security Podcast Episode 126 - "Detecting Malicious Processes and the 'Flame' Malware"

Detecting Known Malware Processes Using Nessus

Annoy, Attribute, and Attack

Tenable Network Security Podcast Episode 125 - "Detecting Quicktime Vulnerabilities, Hotel Hackers"

Cyberwar: You're Doing It Wrong!

File Integrity Auditing with Nessus

Plugin Spotlight: Mac OS X FileVault Plaintext Password Logging

New Nessus Feature Added: CSV Export

Tenable Network Security Podcast Episode 124 - "OS X Vulnerabilities, Laptop Security at Conferences"

Plugin Spotlight: RuggedOS Telnet Server Default 'factory' Account Backdoor

Categories

Compliance Monitoring

Control Systems

Current Affairs

Data Visualization

Editorials

Event Analysis Training

Event Monitoring

Events

In the News

Log Analysis

Microsoft Patch Tuesday

Nessus

Nessus Top Ten List

Partners

Passive Network Monitoring

Patch Auditing

PCI Compliance

Podcast

Ranum's Rants

SCADA

Security Interviews

Security Metrics

Security Strategy

SecurityCenter

Tenable

Tenable Events

Tenable in the News

Tenable Partnerships

Tenable Product Usage

Tenable Research

Tenable Webinars

Virus Auditing

Vulnerabilities

Web App Auditing

Web/Tech

Archives

May 2012

April 2012

March 2012

February 2012

January 2012

December 2011

November 2011

October 2011

September 2011

August 2011