2021-006-Ronnie Watson (@secopsgeek), building a security monitoring system with ELK, and Wazuh - part2
BrakeSec Education Podcast · Brian Boettcher, Ronnie Watson, and Bryan Brake
Audio is streamed directly from the publisher (traffic.libsyn.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Ronnie Watson (@secopsgeek)
Youtube: watson infosec - YouTube
watsoninfosec (Watsoninfosec) · GitHub
Feel free to add anything you like
Wazuh - fork of OSSEC (Migrating from OSSEC · Wazuh · The Open Source Security Platform)
Implementing a Network Security Metrics Programs (giac.org)
What to track.
Some suggested metrics to start with:
- Number of Successful Logons – from security audits.
- Number of Unsuccessful Logons – from security audits.
- Number of Virus Infections during a given period.
- Number of incidents reported.
- Number of security policy violations during a given period.
- Number of policy exceptions during a given period.
- Percentage of expired passwords.
- Number of guessed passwords – use a password cracker to test passwords.
- Number of incidents.
- Cost of monitoring during a given period – use your time tracking system if you have one.
6 Essential Security Features for Network Monitoring Solutions (solutionsreview.com)
Metrics of Security (nist.gov)
Security metrics are essential to comprehensive network security and CSA management. Without good metrics, analysts cannot answer many security related questions. Some examples of such questions include "Is our network more secure today than it was before?" or "Have the changes of network configurations improved our security posture?"
The ultimate aim of security metrics is to ensure business continuity (or mission success) and minimize business damage by preventing or minimizing the potential impact of cyber incidents.
DNS over HTTPs DNS over HTTPS - Wikipedia