We got a couple of users forwarding firewall logs to the handlers\at/sans.org e-mail address. While we appreciate logs, malware and other reports like it, please don't send automated log reports to handlers\at/sans.org. If you send logs, include some detail why you consider them unusual.
Please use DShield for automated log reporting (see http://www.dshield.org/howto.html ). Our handlers have access to the DShield database and regularly check it for unusual activity.
I will be teaching next: Intrusion Detection In-Depth - SIEM Summit & Training 2019
Jul 17th 2007
1 decade ago