Performing your own dentistry — challenges, unknowns, and what is overlooked in security log collection presented at BSidesVancouver 2018

by Cariad Keigher,

Summary : So you've finally decided to start collecting your security logs--now what? What do you know and don't know about your network? Do you have all of your partners able to help out? Are you prepared to find out things about your organisation that you were not aware of?This talk will go over the challenges and unknowns faced when you implement log collection or SIEM software. It also will discuss some of the oddities that have been faced when collecting data. Everything from appliances sending inconsistently-formatted software, what consultants and vendors overlook or not mention about your implementation, things you don't want to do, and how not to panic. This is a talk straight from the trenches of collecting data for an organisation that not only has to protect corporate assets but also ensure the safety of its employees due to the use of industrial control.