When a virus infected one of my Nessus scan targets, I did what any sensible CEO of a SIEM company would do - let it run and see what types of logs and alerts it generated!
Over the 30 days that I let it run, I was able to collect a wide variety of interesting data. This included suspicious Windows application logs, internal network scans, communication anomalies, attempts to break into other lab computers and "classic" outbound connections to various IRC channels. It even modified how logins worked, breaking my Nessus patch audits.
Attendees of this webinar will learn about various detection methods that can be used with SIEMs to look for malicious software and computers infected with hostile code.
Putting a Virus under the SIEM Microscope
Wednesday, January 26 2:00 PM EST