msaalim
asked on
Firewall / IDP log review
I just started as a security admin. I would like to know what are the things I should focus when reviewing firewall and IDP log files. We have juniper firewall and IDP devices. Any documentation / guidlines anyone can recommend.
Thanks,
Thanks,
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Before scanning your logs (unless you're looking for specific traffic) you want to baseline, as described above. Consider also setting up a network monitoring tool to give you a more visual representation of your traffic -- MRTG or Nagios/NagVis etc
ASKER
How would I know if a system has been compromised?
Thanks,
Thanks,
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.