OSSEC, SIEM and Logging – Linux Security Podcast Ep. 4
Log-based intrusion detection was one of the earliest tools used to identify cybersecurity breaches. The software segment has evolved tremendously since the 1990’s and ultimately spawned the Security Information and Event Management (SIEM) category. Logging is important for at least two reasons.
- Engineers need to know what is going on so they can figure out if something bad is happening and fix it.
- Bigger companies also have the need to capture logs to comply with a variety of regulations and business compliance requirements.
SIEM has become popular for log aggregation and visualization but there are other open source tools such as OSSEC that provide similar functionality. In Episode 4 of the Linux Security Podcast, Atomicorp CEO Mike Shinn walks through his experience with logging, SIEM and OSSEC approaches. He breaks down what is important and how the logging space has evolved over the past 20 years from a security perspective, including the introduction of automation.
You can listen above or find links to listen through Apple Podcasts, Stitcher, Google Play Music and more right here.
If you like the Linux Security Podcast, please give us a 5-star rating and submit a review in Apple Podcasts or wherever you like to listen. Those reviews will help us make the podcast better and help others find the content. Thanks.