• Online, Self-Paced

A lack of log analysis and security event monitoring results in security breaches going undetected for long periods of time. Explore aspects and recommendations focusing on OWASP Top 10 item A10: Insufficient Logging and Monitoring.

Learning Objectives

OWASP: Top 10 Item A10

  • describe OWASP Top 10 item A10 which deals with insufficient logging and monitoring
  • recognize how insufficient logging and monitoring can be mitigated
  • configure Windows Event Viewer log forwarding
  • configure Linux rsyslog forwarding
  • build a custom Windows Event Viewer log view
  • attach a PowerShell script to a specific logged event
  • use a Windows Data Collector Set to establish a performance baseline
  • use the Windows Performance Monitor tool to identify performance anomalies
  • list common logging security flaws and insufficient logging and monitoring security mitigations, create a custom Windows Event Viewer log view, and create a Windows Server performance baseline

 

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.