Logging User Events

Question 1

What critical events are we looking for when Logged and Monitored? [6]

Answer 1

An effective log data collection and analysis process should incorporate tools to collect evidence of critical events like:
- Reconnaissance against systems
- Weaponization
- Delivery
- Installation of malware
- Command and Control
- Action begins

Question 2

What are the benefits of logging and monitoring?

Answer 2

Security logging and monitoring can be useful for the detection of security breaches, for event reconstruction, for faster recovery