From the course: CompTIA CySA+ (CS0-002) Cert Prep: 5 Security Operations and Monitoring
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Querying logs
From the course: CompTIA CySA+ (CS0-002) Cert Prep: 5 Security Operations and Monitoring
Querying logs
- You can't always depend upon your SIEM to comb through all of your security logs and automatically uncover the information that's important to you. Sometimes you will need to search through those logs yourself. This requires that you be able to write queries that retrieve exactly the information that you need from your SIEM or other information store. There are a lot of different ways that you can write queries against logs. And the method you use will depend upon where your logs are stored, and what format they are in. For example, if your logs are already stored in your SIEM, you can use the SIEM's management interface to perform the search. It's likely that the vendor provides you with an intuitive web-based interface that allows you to quickly parse through the various logs that the SIEM aggregated. This is almost always the easiest and fastest way to run queries against your security information because the SIEM…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.