{"id":373,"date":"2006-05-23T04:42:00","date_gmt":"2006-05-23T04:42:00","guid":{"rendered":"https:\/\/defragged.org\/ossec\/?p=373"},"modified":"2020-07-03T04:44:03","modified_gmt":"2020-07-03T04:44:03","slug":"log-analysis-for-intrusion-detection","status":"publish","type":"post","link":"https:\/\/defragged.org\/ossec\/2006\/05\/log-analysis-for-intrusion-detection\/","title":{"rendered":"Log analysis for intrusion detection"},"content":{"rendered":"\n<p>I just released the document\u00a0<a href=\"https:\/\/dcid.me\/oldtexts\/log-analysis-for-intrusion-detection.txt\">Log analysis for Intrusion Detection<\/a>\u00a0at the ossec web site. It shows how some threats can be detected by correlating specific patterns on web logs, proxy logs and authentication logs..\u201d<\/p>\n\n\n\n<p><em>Log analysis is one of the most overlooked aspects of intrusion detection. Nowadays we see every desktop with an anti-virus, companies with multiple firewalls and even simple end-users buying the latest security related tools. However, who is watching or monitoring all the information these tools generate? Or even worse, who is watching your web server, mail server or authentication logs?\u201d<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>I just released the document\u00a0Log analysis for Intrusion Detection\u00a0at the ossec web site. It shows how some threats can be detected by correlating specific patterns on web logs, proxy logs and authentication logs..\u201d Log analysis is one of the most overlooked aspects of intrusion detection. Nowadays we see every desktop with an anti-virus, companies with [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[14],"tags":[],"_links":{"self":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/373"}],"collection":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/comments?post=373"}],"version-history":[{"count":1,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/373\/revisions"}],"predecessor-version":[{"id":374,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/373\/revisions\/374"}],"wp:attachment":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/media?parent=373"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/categories?post=373"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/tags?post=373"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}