| 2021-10-11 | Johannes Ullrich | Things that go "Bump" in the Night: Non HTTP Requests Hitting Web Servers |
| 2021-09-11 | Guy Bruneau | Shipping to Elasticsearch Microsoft DNS Logs |
| 2021-03-12 | Guy Bruneau | Microsoft DHCP Logs Shipped to ELK |
| 2021-02-13 | Guy Bruneau | Using Logstash to Parse IPtables Firewall Logs |
| 2020-07-23 | Xavier Mertens | Simple Blocklisting with MISP & pfSense |
| 2020-01-12 | Guy Bruneau | ELK Dashboard and Logstash parser for tcp-honeypot Logs |
| 2019-12-07 | Guy Bruneau | Integrating Pi-hole Logs in ELK with Logstash |
| 2019-09-17 | Rob VandenBrink | Investigating Gaps in your Windows Event Logs |
| 2019-06-06 | Xavier Mertens | Keep an Eye on Your WMI Logs |
| 2019-05-19 | Guy Bruneau | Is Metadata Only Approach, Good Enough for Network Traffic Analysis? |
| 2018-07-17 | Xavier Mertens | Searching for Geographically Improbable Login Attempts |
| 2018-06-21 | Xavier Mertens | Are Your Hunting Rules Still Working? |
| 2017-07-09 | Russ McRee | Adversary hunting with SOF-ELK |
| 2016-08-29 | Russ McRee | Recommended Reading: Intrusion Detection Using Indicators of Compromise Based on Best Practices and Windows Event Logs |
| 2016-06-01 | Xavier Mertens | Docker Containers Logging |
| 2014-08-15 | Tom Webb | AppLocker Event Logs with OSSEC 2.8 |
| 2014-02-14 | Chris Mohan | Scanning activity for /siemens/bootstrapping/JnlpBrowser/Development/ |
| 2014-02-09 | Basil Alawi S.Taher | Mandiant Highlighter 2 |
| 2014-01-04 | Tom Webb | Monitoring Windows Networks Using Syslog (Part One) |
| 2013-12-03 | Rob VandenBrink | Even in the Quietest Moments ... |
| 2013-10-10 | Mark Hofman | CSAM Some more unusual scans |
| 2012-12-02 | Guy Bruneau | Collecting Logs from Security Devices at Home |
| 2012-07-13 | Russ McRee | 2 for 1: SANSFIRE & MSRA presentations |
| 2012-07-11 | Rick Wanner | Excellent Security Education Resources |
| 2012-05-02 | Bojan Zdrnja | Monitoring VMWare logs |
| 2012-04-08 | Chris Mohan | Blog Log: More noise or a rich source of intelligence? |
| 2011-11-19 | Kevin Liston | Monitoring your Log Monitoring Process |
| 2011-06-21 | Chris Mohan | Australian government security audit report shows tough love to agencies |
| 2011-06-20 | Chris Mohan | Log files - are you reviewing yours? |
| 2011-05-17 | Johannes Ullrich | A Couple Days of Logs: Looking for the Russian Business Network |
| 2010-12-24 | Daniel Wesemann | A question of class |
| 2010-04-06 | Daniel Wesemann | Application Logs |
| 2010-03-10 | Rob VandenBrink | What's My Firewall Telling Me? (Part 4) |
| 2010-02-23 | Mark Hofman | What is your firewall telling you and what is TCP249? |
| 2010-01-29 | Johannes Ullrich | Analyzing isc.sans.org weblogs, part 2, RFI attacks |
| 2010-01-20 | Johannes Ullrich | Weathering the Storm Part 1: An analysis of our SANS ISC weblogs http://appsecstreetfighter.com |
| 2009-10-26 | Johannes Ullrich | Web honeypot Update |
| 2009-01-09 | Johannes Ullrich | SANS Log Management Survey |
| 2008-08-19 | Johannes Ullrich | A morning stroll through my web logs |
| 2008-08-05 | Daniel Wesemann | Watching those DNS logs |
| 2006-09-18 | Jim Clausing | Log analysis follow up |
| 2006-09-09 | Jim Clausing | Log Analysis tips? |
| 2006-09-09 | Jim Clausing | A few preliminary log analysis thoughts |
https://www.sans.edu
