Internet Storm Center
Sign In
Sign Up
Participate: Learn more about our honeypot network
https://isc.sans.edu/tools/honeypot/
Handler on Duty:
Jesse La Grew
Threat Level:
green
Date
Author
Title
2023-01-21
Guy Bruneau
DShield Sensor JSON Log to Elasticsearch
2023-01-08
Guy Bruneau
DShield Sensor JSON Log Analysis
2022-12-21
Guy Bruneau
DShield Sensor Setup in Azure
2021-10-11
Johannes Ullrich
Things that go "Bump" in the Night: Non HTTP Requests Hitting Web Servers
2021-09-11
Guy Bruneau
Shipping to Elasticsearch Microsoft DNS Logs
2021-03-12
Guy Bruneau
Microsoft DHCP Logs Shipped to ELK
2021-02-13
Guy Bruneau
Using Logstash to Parse IPtables Firewall Logs
2020-07-23
Xavier Mertens
Simple Blocklisting with MISP & pfSense
2020-01-12
Guy Bruneau
ELK Dashboard and Logstash parser for tcp-honeypot Logs
2019-12-07
Guy Bruneau
Integrating Pi-hole Logs in ELK with Logstash
2019-09-17
Rob VandenBrink
Investigating Gaps in your Windows Event Logs
2019-06-06
Xavier Mertens
Keep an Eye on Your WMI Logs
2019-05-19
Guy Bruneau
Is Metadata Only Approach, Good Enough for Network Traffic Analysis?
2018-07-17
Xavier Mertens
Searching for Geographically Improbable Login Attempts
2018-06-21
Xavier Mertens
Are Your Hunting Rules Still Working?
2017-07-09
Russ McRee
Adversary hunting with SOF-ELK
2016-08-29
Russ McRee
Recommended Reading: Intrusion Detection Using Indicators of Compromise Based on Best Practices and Windows Event Logs
2016-06-01
Xavier Mertens
Docker Containers Logging
2014-08-15
Tom Webb
AppLocker Event Logs with OSSEC 2.8
2014-02-14
Chris Mohan
Scanning activity for /siemens/bootstrapping/JnlpBrowser/Development/
2014-02-09
Basil Alawi S.Taher
Mandiant Highlighter 2
2014-01-04
Tom Webb
Monitoring Windows Networks Using Syslog (Part One)
2013-12-03
Rob VandenBrink
Even in the Quietest Moments ...
2013-10-10
Mark Hofman
CSAM Some more unusual scans
2012-12-02
Guy Bruneau
Collecting Logs from Security Devices at Home
2012-07-13
Russ McRee
2 for 1: SANSFIRE & MSRA presentations
2012-07-11
Rick Wanner
Excellent Security Education Resources
2012-05-02
Bojan Zdrnja
Monitoring VMWare logs
2012-04-08
Chris Mohan
Blog Log: More noise or a rich source of intelligence?
2011-11-19
Kevin Liston
Monitoring your Log Monitoring Process
2011-06-21
Chris Mohan
Australian government security audit report shows tough love to agencies
2011-06-20
Chris Mohan
Log files - are you reviewing yours?
2011-05-17
Johannes Ullrich
A Couple Days of Logs: Looking for the Russian Business Network
2010-12-24
Daniel Wesemann
A question of class
2010-04-06
Daniel Wesemann
Application Logs
2010-03-10
Rob VandenBrink
What's My Firewall Telling Me? (Part 4)
2010-02-23
Mark Hofman
What is your firewall telling you and what is TCP249?
2010-01-29
Johannes Ullrich
Analyzing isc.sans.org weblogs, part 2, RFI attacks
2010-01-20
Johannes Ullrich
Weathering the Storm Part 1: An analysis of our SANS ISC weblogs http://appsecstreetfighter.com
2009-10-26
Johannes Ullrich
Web honeypot Update
2009-01-09
Johannes Ullrich
SANS Log Management Survey
2008-08-19
Johannes Ullrich
A morning stroll through my web logs
2008-08-05
Daniel Wesemann
Watching those DNS logs
2006-09-18
Jim Clausing
Log analysis follow up
2006-09-09
Jim Clausing
Log Analysis tips?
2006-09-09
Jim Clausing
A few preliminary log analysis thoughts
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Forums
Auditing
Diary Discussions
Forensics
General Discussions
Industry News
Network Security
Penetration Testing
Software Security
Contact Us
Contact Us
About Us
Handlers
Slack Channel
Mastodon
Twitter
Have you heard our daily podcast covering the latest
information security threats
?