Back to Course
Security Information & Event Management (SIEM)
0% Complete
0/27 Steps
-
Logs24 Topics
-
Anti-Spam Solution Logs
-
Authentication Server Logs
-
Authorisation & Access Control Logs
-
Backup Solution Logs
-
Database Logs
-
Directory Services Logs
-
Domain Name Server (DNS) Logs
-
Endpoint Detection & Response (EDR) Logs
-
Firewalls Logs
-
Host Operating System Logs
-
Intrusion Prevention System Logs
-
Mobile Device Management (MDM) Logs
-
Routers Logs
-
Server Operating System (OS) Logs
-
SMTP Logs
-
Network Switches Logs
-
Virtual Private Network (VPN) Logs
-
Web Application Firewall (WAF) Logs
-
Web Application Servers Logs
-
Web Filtering (Proxy) Logs
-
Windows Dynamic Host Configuration Protocol (DHCP) Server Logs
-
Wireless Access Point Logs
-
Host Intrusion Prevention System (HIPS) Logs
-
Virtualization Platform Logs
-
Anti-Spam Solution Logs
-
Detection Optimization
-
Content Management
Participants3
Lesson 1, Topic 17
In Progress
Virtual Private Network (VPN) Logs
Lesson Progress
0% Complete
A Virtual Private Network (VPN) allows users to use an encrypted tunnel to securely access a corporate or other network remotely via the Internet.
The logs from this device assist in identifying any misuse of remote connectivity by analysing anomalies, e.g. a user logging in from two geographically distant locations within a short period of time when its not physically possible to travel such a distance.
The usual information provide by VPN logs usually comprises of:
- Event timestamp (timestamp)
- Source IP address (src_ip)
- Destination IP address (dst_ip)
- Source port (src_port)
- Destination port (dst_port)
- Device type (dvc_type)
- Device class (dvc_class)
- Device subclass (dvc_subclass)
- Message severity level (msg_severity_level)
- Source Interface (src_int)
- Destination Interface (dst_int)
- Access group (access_group)
- Remaining message (msg_rem)
- Event_Type (evnt_type)
- Protocol_app (protocol_app)
- Source_MAC (src_mac)
- Destination_MAC (dst_mac)
- Network (ntwrk)
Vendors
Checkpoint
F5
Juniper
Microsoft (AlwaysOn)