CHAPTER 11

Data Analysis in Security Monitoring Activities

In this chapter you will learn:

•   Best practices for security data analytics using automated methods

•   Common sources for system and event logs and methods of analyzing them for security operations.

•   Advanced techniques for e-mail analysis

•   Processes to help you continually improve your security operations

Experts often possess more data than judgment.

—Colin Powell

Modern corporate networks are incredibly diverse environments, with some generating gigabytes of data every day in just logging and event information. Scripting techniques and early monitoring utilities are quickly approaching the end of their usefulness, because the variety and volume of data now exceed what ...

Get CompTIA CySA+ Cybersecurity Analyst Certification All-in-One Exam Guide, Second Edition (Exam CS0-002), 2nd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.