“What types of events in my network are indications of an attack?” This is a question many IT security experts find themselves wondering, often because there isn’t one definitive answer.

Configuring alerts for every type of event isn’t an option. Doing this results in you being bombarded with alerts—most of them denoting everyday activities. And since each network has its own unique characteristics, alerts should be configured to that specific environment to yield the most accurate results.

On the brighter side, networks have certain traits in common. For example, most networks have log sources in the form of workstations, servers, firewalls, and routers. Security teams in larger organizations will often also shoulder the responsibility of ensuring that their critical, confidential files don’t fall in the hands of the wrong people.

One way security teams tackle this challenge is by utilizing a system information and event management (SIEM) solution. Many SIEM solutions allow security teams to configure alerts for certain events. Taking the common attributes and the typical requirements of networks into consideration, we’ve drafted a list of events for which you should be receiving real-time alerts:

  1. Modifications to confidential files and folders
  2. Server shutdowns and restarts
  3. Login failures and account lockouts
  4. Changes to security group memberships
  5. Firewall rule changes

To learn more about configuring alerts for the above events, sign up for our free webinar, where we’ll discuss the common security events to look out for, and how to leverage your SIEM solution to mitigate security threats. Our IT security expert will be taking live questions throughout the session, so bring any questions you may have. Sign up for free now!

This site uses Akismet to reduce spam. Learn how your comment data is processed.