Router, FW, or any Other types of Logs
palevelmode
Member Posts: 8 ■■□□□□□□□□
[FONT=&]Hi All,[/FONT]
[FONT=&]I am practicing SIEM and log analysis. do you know websites where can I download router, fw, ids/ips, iptables logs which I can feed to SIEM? I know I can setup a home lab try to simulate external and internal network (with attacks) incorporate security onion to generate some logs and check with elsa and cro logs. But what I wanted is a logs that I can download to check and inspect and learn analysis let say 1 week logs, or 1 month logs or more. [/FONT]
[FONT=&]I am practicing SIEM and log analysis. do you know websites where can I download router, fw, ids/ips, iptables logs which I can feed to SIEM? I know I can setup a home lab try to simulate external and internal network (with attacks) incorporate security onion to generate some logs and check with elsa and cro logs. But what I wanted is a logs that I can download to check and inspect and learn analysis let say 1 week logs, or 1 month logs or more. [/FONT]
Comments
-
alias454 Member Posts: 648 ■■■■□□□□□□Something I have been thinking about doing for myself, which could work for you is to get some pcaps from the BRO website and Security Onion site. Replay those pcaps to generate logs of actual bad stuff to look at.
https://www.google.com/search?q=analysis+pcaps&ie=utf-8&oe=utf-8
https://www.bro.org/documentation/exercises/index.html
https://www.bro.org/current/exercises/incident-response/index.html
https://github.com/Security-Onion-Solutions/security-onion/wiki/Pcaps“I do not seek answers, but rather to understand the question.” -
TacoRocket Member Posts: 497 ■■■■□□□□□□Wireshark has some PCAPs to look at as well. You could always make a lab and create logs that way as well.These articles and posts are my own opinion and do not reflect the view of my employer.
Website gave me error for signature, check out what I've done here: https://pwningroot.com/ -
palevelmode Member Posts: 8 ■■□□□□□□□□Thank you for your kind reply, I see all of that already and have personally websites sharing pcaps like the blog malware-traffic-analysis and netresec. I am looking log files fro FW or Router like the one shared on this website. Actually I like huge logs whic I can play instead of running a home lab and simulate inter/external and set the logging to its maximum so logs can be generated asap.
hxxp://log-sharing.dreamhosters.com/
thanks again, I am looking again on this sites. -
JDMurray Admin Posts: 13,101 AdminTry Googling for Capture The Flag events and packet traffic capture archives. Here are a couple:
Public PCAP files for download
https://www.defcon.org/html/links/dc-ctf.html
And here's a previous TE thread on the same subject:
http://www.techexams.net/forums/security-certifications/53951-good-sample-packet-capture-sites.html -
palevelmode Member Posts: 8 ■■□□□□□□□□Hi All,
Thank you very much for you kind reply. I really appreciate the feedback I got from this thread. Just an update, I am now able to play with my security onion box, and splunk vm and another testing vm sec onion with their new project ELK. With the pcap files I am also able to study basic analysis using tcpdump, wireshark and tshark though I need to get deeper and see what is the advantage of this different tools. I am happy with my progress.
Now... I want to seek help could I find windows logs, windows security events which I can play with. Please share some sites.
Thanks you very much, -
alias454 Member Posts: 648 ■■■■□□□□□□I stumbled on this and thought of this thread
Log Samples — OSSEC 2.8.1 documentation“I do not seek answers, but rather to understand the question.” -
palevelmode Member Posts: 8 ■■□□□□□□□□It was just log formats. I am looking for windows events logs that I can feed to siem.
-
palevelmode Member Posts: 8 ■■□□□□□□□□update: for those individuals who wanted or searching for the logs like I used before. There's a very good Blue team CTF other. Kindly refer to the Splunks' BOSS of THE SOC (BOTS).