From the course: Cloud Security Operations by Pearson
Unlock this course with a free trial
Join today to access over 25,200 courses taught by industry experts.
Intelligent security control monitoring
From the course: Cloud Security Operations by Pearson
Intelligent security control monitoring
All right, let's begin with system logging. Or traditionally, we call it syslog. There's lots of variants out there, depends on if you're using Windows or different Linux builds or whatever. But it was originally published in the RFC 5424. And it uses either event messages or informational messages. So it's kind of like, very similar to ICMP in that regard, okay? Two different types of messages. It's going to use UDP for its traps, and it's going to use TCP for what we call informs. So those will be, you know, you'll get some feedback on those. So there's traditionally, there's eight levels. And regardless of the build you use or the version of Linux you use, there's going to be eight levels. So the first level is level zero, and that's the emergency level, which basically means, you know, the system's unusable. So it's kind of rare to even get a level zero message from the system to the syslog cluster, which usually we're going to be running the syslog servers in a cluster in your…
Contents
-
-
-
-
(Locked)
Configuration and change management7m 26s
-
(Locked)
Continuity management2m 27s
-
(Locked)
Information security management1m 21s
-
(Locked)
Service-level management3m 58s
-
(Locked)
Incident and problem management7m 51s
-
(Locked)
Release and deployment management2m 47s
-
(Locked)
Availability management2m 26s
-
(Locked)
Capacity management1m 25s
-
(Locked)
Security operations centers (SOC)9m 5s
-
(Locked)
Intelligent security control monitoring15m 26s
-
(Locked)
Vulnerability assessment3m 20s
-
(Locked)
-
-
-