PRESENTERS: Eric Hope, Don Elsner
DEPARTMENTS: Duke University Information Technology Security Office; Duke Medicine Information Security Office
FORMAT: Presentation (topical discussion followed by questions)
IT systems generate a huge volume of logs and metrics, machine data that can provide tremendous value in detecting system compromises, mitigate risk and improve operations. We’ll talk about the usefulness of log reviews in identifying out-of-band activity and highlight how tools like Splunk can be used to index, search and analyze data. Participants in this information security session will be shown examples of unusual log activity and given the tools to report and respond to incidents and improve efficiency and operations.