Baselining Logs and Audit Trails for Security presentation

by Anton Chuvakin

Related link:

In another minor bit of self-promotion, I wanted to bring to your attention this fun presentation that I will be giving at SANS 2006 in Orlando, FL. The title is "Baselining Logs and Audit Trails for Security."

Many people, when asked about log analysis, say "you've got to create a baseline first", but few clarify what it really means. I try to address that information void by presenting the results of my research.

Here is an outline: "This presentation will focus on creating the methodology for learning the log baselines and then matching the current state of the environment against the baselines. It sounds simple, but an effective methodology for it still hasn't been created. The talk will cover what the good (and bad) possible baselines are, how to create them and how to use them for security."

Note, that some info might overlap with my previous presentation on log mining in 2004 (See "Log Mining: Knowledge Discovery in Logs"

The time is Wednesday, March 1, 7:00pm-9:00pm