8 Network Firewall Logs Analysis

The network firewall is one of the most critical network security controls deployed in the network. It is necessary to manage and control the communications in the network, and to do so, the network firewall usually takes a strategic position, allowing it to have insight and visibility into the traffic between the different zones and subnets. As a SOC analyst, you should take advantage of the firewall’s position, be aware of the logs provided by the firewall, and be able to analyze it to investigate cyber incidents.

The objective of this chapter is to learn the value of firewall logs and the information provided by these firewall logs, and understand the valuable fields of the firewall logs, such as the Log Timestamp, ...

Get Effective Threat Investigation for SOC Analysts now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Effective Threat Investigation for SOC Analysts by Mostafa Yahia

8

Network Firewall Logs Analysis

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly