asked on
Firewall / IDP log review
I just started as a security admin. I would like to know what are the things I should focus when reviewing firewall and IDP log files. We have juniper firewall and IDP devices. Any documentation / guidlines anyone can recommend.
Thanks,
Thanks,
SecuritySoftware Firewalls
Last Comment
net-geek
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Before scanning your logs (unless you're looking for specific traffic) you want to baseline, as described above. Consider also setting up a network monitoring tool to give you a more visual representation of your traffic -- MRTG or Nagios/NagVis etc
ASKER
How would I know if a system has been compromised?
Thanks,
Thanks,
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.