Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

One of the unique challenges in collecting host evidence and storing it in a single system is finding a balance between logging too little and

One of the unique challenges in collecting host evidence and storing it in a single system is finding a balance between logging too little and too much. Logging too little means the SOC/CSIRT could miss critical information that can be used to detect attackers and other malicious activity. Logging too much can cause log storage to become an issue, and critical information can be missed in a large number of events. Find a logging configuration guide or cheat sheet for Windows or Linux. Provide a link to the guide and summarize its recommendations. Answer each of the following questions:Why do you think the recommendations have been made?What types of information would be collected given the recommended log/audit settings?Do you think these recommendations would provide too much information or not enough? Why?Estimate the daily number of events/storage required if you had 10,000 endpoints generating data given the recommended logging settings. How much storage may be required? How long do you think you would be able to retain logs (days, months, years)?Weve talked about network logs and data, endpoint logs, and data. What other logs and data might we be missing? Are there configuration guides for those

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image_2

Step: 3

blur-text-image_3

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

More Books

Students also viewed these Databases questions

Question

Explain the benefits of a health and wellness strategy

Answered: 1 week ago