Security Log Analysis (separate registration is required)

Tuesday, May 03 | 8:30AM–12:00PM ET | Harborside Ballroom A, 4th Floor
Session Type: Additional Fee Program
Delivery Format: Preconference Workshop

The security log analysis workshop walks participants through the security log analysis life cycle, providing considerations for centralized log collection and log management tools, phases of compromise, and examples from real attacks. We will be analyzing logs from Zeek Network Security Monitor, the Apache web server, two-factor authentication systems, cloud service logs, and others. This workshop also includes a hands-on exercise that will demonstrate techniques to analyze logs to detect security incidents using both the command line and Elastic Stack (aka ELK). The hands-on exercise will provide an overview of investigation techniques to determine security incident logs of some common attacks like SQL injection, filesystem transversal, brute force attacks, command-line injection, and more. Recent security vulnerabilities, such as log4shell, will also be discussed, along with techniques for detection. This will be an interactive session allowing Q&A and will also feature interactive polls to enhance participants' learning experience.

Presenters

  • Ishan Abhinit

    Senior Security Analyst, Indiana University Bloomington
  • Mark Krenz

    Chief Security Analyst, Indiana University

Resources & Downloads

  • Security Log Analysis slides

    Updated on 6/29/2022