Continuous Monitoring

Thompson, Eric C.

doi:10.1007/978-1-4842-5608-4_5

Eric C. Thompson²

766 Accesses

Abstract

Continuous monitoring is at the heart of security operations. After threat intelligence is gathered and vulnerabilities identified and managed, the entity must detect unwanted activity in the network. In the smallest of organizations, this is no easy task. Data generated by a single laptop running Windows 10 is quite large. Dozens of log entries are generated on startup alone. A Windows endpoint running Microsoft's Sysmon tool generates tens of thousands of logs in a matter of hours. Take into account the network traffic generated by a simple HTTP connection as well as normal broadcast traffic generated internally and you immediately begin to understand how complicated monitoring can get.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
https://docs.microsoft.com/en-us/previous-versions/windows/desktop/ics/windows-firewall-profiles
2.
https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon
3.
https://github.com/SwiftOnSecurity/sysmon-config
4.
https://docs.zeek.org/en/stable/script-reference/log-files.html?highlight=log%20files
5.
http://malware-traffic-analysis.net/2019/05/01/index2.html
6.
https://unit42.paloaltonetworks.com/about-unit-42/
7.
https://unit42.paloaltonetworks.com/unit42-malware-team-malspam-pushing-emotet-trickbot/
8.
https://docs.zeek.org/en/stable/scripts/base/protocols/conn/main.bro.html
9.
www.blackhillsinfosec.com/
10.
www.snort.org/#get-started
11.
https://digital-forensics.sans.org/community/downloads
12.
http://malware-traffic-analysis.net/2019/05/01/index2.html
13.
Miller, David R., Harris, Shon, Harper, Allen A., VanDyke, Stephen, Blask, Chris “Security Information and Event Management (SIEM)” McGraw Hill, 2011
14.
https://github.com/MarkBaggett/freq
15.
www.splunk.com/en_us/blog/security/finding-new-evil-detecting-new-domains-with-splunk.html
16.
www.elastic.co/
17.
www.splunk.com/blog/2018/03/20/hunting-your-dns-dragons.html
18.
www.splunk.com/blog/2018/09/12/spotting-the-signs-of-lateral-movement.html
19.
https://molo.ch/
20.
https://github.com/salesforce/ja3

Author information

Authors and Affiliations

Dekalb, IL, USA
Eric C. Thompson

Authors

Eric C. Thompson
View author publications
You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Thompson, E.C. (2020). Continuous Monitoring. In: Designing a HIPAA-Compliant Security Operations Center. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-5608-4_5

Download citation

DOI: https://doi.org/10.1007/978-1-4842-5608-4_5
Published: 26 February 2020
Publisher Name: Apress, Berkeley, CA
Print ISBN: 978-1-4842-5607-7
Online ISBN: 978-1-4842-5608-4
eBook Packages: Professional and Applied ComputingProfessional and Applied Computing (R0)Apress Access Books

Publish with us

Policies and ethics