Sign up to save your podcasts
Or
Share Central Logging Sanity Checks - Episode 194
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Central Logging Sanity Checks - Episode 194
The CU Guys dive into the critical topic of central logging sanity checks. They explore the common pitfalls organizations face when they set up central logging systems and then leave them on autopilot. Adam emphasizes the importance of regular sanity checks to ensure that logging systems are functioning as expected and highlights the risks of assuming everything is working perfectly. The discussion also covers the need for compliance professionals to validate assumptions, spot-check logs, and ensure that alerts are being properly handled. Tune in to learn how to maintain a robust compliance program that truly supports organizational security.
Episode Transcript:
Today, we're going to talk about, you know, another central theme here, not just a central member to a band, but central logging, specifically central logging sanity checks. So a lot of companies that have mature compliance programs set up their central logging and then kind of put it on autopilot. What are the downsides there, Adam?
Well, I mean, I've been for a long time, a huge fan of trust, but verify. And, you know, when the, when the companies go in and, and kind of set up their, their central logging, you know, they, they really do just kind of, okay, we're done, you know, we're done, we've, we've established all the things, you know, we've done all the checks and we've set up the system and we have all the right processes and, you know, we, the, the reviews are happening and alerts are flying and, you know, so then they just, you know, move into this mode where they just literally let her roll and, you know, and then don't tend to go back to it, you know, for, you know, for a recheck or a sanity check or, or whatnot. They just go into the guiding assumption that everything's good because it's up and it's, nothing's gone boom and, you know, blah, blah, blah.
So, you know, the, the, the most important part for, for these organizations is that they, they go back in and, you know, double check, you know, is, is what I think happening, is it actually happening? You know, but, you know, they got, they got to go back in and, and just do a sanity check on, you know, on things. So, you know, that's kind of the, the, the driving force here with the, with this particular topic.
Sure. Now with that in mind, what are some of the concerns that compliance professionals should be focusing on?
Well, I mean, first and foremost, you know, is everything that I think is logging actually logging, you know, is it are things that I set up to, to, you know, to log, are they still logging? Did something go off the rails? Um, it's really, really easy, uh, depending on the system and the, and the structure that's set up, what checks and things that they put in place, it's really easy to, I don't know, I'm just gonna make a number up. So let's just pretend, you know, out of the gate, there were a hundred different things that were, you know, that were sending stuff to central logging. Well, you know, fast forward a couple of months or in a lot of cases, a couple of years, um, you know, the, uh, are the things that we, uh, are those hundred things still, still doing what they're doing?
I mean, you know, there's, there's all sorts of possibilities for something going wrong. You know, you've got, you know, updates or patches that, you know, may go ahead and interfere with the, with the capability for those devices to push their logs. I mean, it could be something as simple as, you know, somebody was messing with a firewall rule to try to do some troubleshooting and, you know, lock down some ports so they could get some things isolated, et cetera. And then forgot to put every, put Humpty Dumpty back together, you know, back together again and blah. And in the process, you know, block the, you know, the outbound logging, you know, capability from, you know, fill in the blank device, that type of thing.
View all episodes
By Total Compliance TrackingThe CU Guys dive into the critical topic of central logging sanity checks. They explore the common pitfalls organizations face when they set up central logging systems and then leave them on autopilot. Adam emphasizes the importance of regular sanity checks to ensure that logging systems are functioning as expected and highlights the risks of assuming everything is working perfectly. The discussion also covers the need for compliance professionals to validate assumptions, spot-check logs, and ensure that alerts are being properly handled. Tune in to learn how to maintain a robust compliance program that truly supports organizational security.
Episode Transcript:
Today, we're going to talk about, you know, another central theme here, not just a central member to a band, but central logging, specifically central logging sanity checks. So a lot of companies that have mature compliance programs set up their central logging and then kind of put it on autopilot. What are the downsides there, Adam?
Well, I mean, I've been for a long time, a huge fan of trust, but verify. And, you know, when the, when the companies go in and, and kind of set up their, their central logging, you know, they, they really do just kind of, okay, we're done, you know, we're done, we've, we've established all the things, you know, we've done all the checks and we've set up the system and we have all the right processes and, you know, we, the, the reviews are happening and alerts are flying and, you know, so then they just, you know, move into this mode where they just literally let her roll and, you know, and then don't tend to go back to it, you know, for, you know, for a recheck or a sanity check or, or whatnot. They just go into the guiding assumption that everything's good because it's up and it's, nothing's gone boom and, you know, blah, blah, blah.
So, you know, the, the, the most important part for, for these organizations is that they, they go back in and, you know, double check, you know, is, is what I think happening, is it actually happening? You know, but, you know, they got, they got to go back in and, and just do a sanity check on, you know, on things. So, you know, that's kind of the, the, the driving force here with the, with this particular topic.
Sure. Now with that in mind, what are some of the concerns that compliance professionals should be focusing on?
Well, I mean, first and foremost, you know, is everything that I think is logging actually logging, you know, is it are things that I set up to, to, you know, to log, are they still logging? Did something go off the rails? Um, it's really, really easy, uh, depending on the system and the, and the structure that's set up, what checks and things that they put in place, it's really easy to, I don't know, I'm just gonna make a number up. So let's just pretend, you know, out of the gate, there were a hundred different things that were, you know, that were sending stuff to central logging. Well, you know, fast forward a couple of months or in a lot of cases, a couple of years, um, you know, the, uh, are the things that we, uh, are those hundred things still, still doing what they're doing?
I mean, you know, there's, there's all sorts of possibilities for something going wrong. You know, you've got, you know, updates or patches that, you know, may go ahead and interfere with the, with the capability for those devices to push their logs. I mean, it could be something as simple as, you know, somebody was messing with a firewall rule to try to do some troubleshooting and, you know, lock down some ports so they could get some things isolated, et cetera. And then forgot to put every, put Humpty Dumpty back together, you know, back together again and blah. And in the process, you know, block the, you know, the outbound logging, you know, capability from, you know, fill in the blank device, that type of thing.