Link to home
Create AccountLog in
Avatar of msaalim
msaalim

asked on

Firewall / IDP log review

I just started as a security admin. I would like to know what are the things I should focus when reviewing  firewall and IDP log files. We have juniper firewall and IDP devices. Any documentation / guidlines anyone can recommend.

Thanks,
SOLUTION
Avatar of billwharton
billwharton

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Avatar of David Piniella
Before scanning your logs (unless you're looking for specific traffic) you want to baseline, as described above. Consider also setting up a network monitoring tool to give you a more visual representation of your traffic -- MRTG or Nagios/NagVis etc
Avatar of msaalim
msaalim

ASKER

How would I know if a system has been compromised?

Thanks,
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER CERTIFIED SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.