Soon I will be acquiring the event logs of the systems my company produces and e

Question

Soon I will be acquiring the event logs of the systems my company produces and expected to audit them. Multiple logs are generated from each computer and there are multiple operating systems to audit. The systems are isolated from the internet and have a significant amount of physical security, not to mention there isn't a whole lot of conventionally useful data to obtain from them anyway. Am I wrong to feel it is unreasonable and unproductive to be examining these logs? I am under the impression that any potentially malicious activity isn't necessarily going to be obvious just by looking at the logs, if it can even be detected at all. Since it seems I can be on the hook if an unreported incident was discovered, how can I possibly analyze the overwhelming amount of information headed my way without changing my job title to 'Event Log Reader'? Does software exist that can help?

Explanation / Answer

A lot of software exists for this reason. And some of it can be managed by a single person, or a whole team of people. The main principle about this is:

This type of tool that you are looking for is for Information Security purposes, although other tools of the opertaional standpoint have started to create themselves as SIEM operators. What is a SIEM? (thanks to wiki)

Related Questions

Navigate

• Browse (All)
• Browse S
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.