From the course: CompTIA Cybersecurity Analyst+ (CySA+) (CS0-003) Cert Prep: 1 Security Operations
Join today to access over 23,100 courses taught by industry experts.
Querying logs
From the course: CompTIA Cybersecurity Analyst+ (CySA+) (CS0-003) Cert Prep: 1 Security Operations
Querying logs
- [Instructor] You can't always depend upon your SIEM to comb through all of your security logs and automatically uncover the information that's important to you. Sometimes you will need to search through those logs yourself. This requires that you be able to write queries that retrieve exactly the information that you need from your SIEM or other information store. There are a lot of different ways that you can write queries against logs and the method you use will depend upon where your logs are stored and what format they are in. For example, if your logs are already stored in your SIEM you can use the SIEMS management interface to perform the search. It's likely that the vendor provides you with an intuitive, web-based interface that allows you to quickly parse through the various logs that the SIEM aggregated. This is almost always the easiest and fastest way to run queries against your security information because…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.