Tobias, Angela Marie D.

December 15, 2021

IT183_BM5 Prof. Ronaldo Bernardo

Describe each item and provide 3 samples per item of:

Potential Sources of Security Intelligence
1. Change Management Records

 Change Management Records is a systematic technique that deals with the transition
or transformation of processes, technologies, and organizational goals. It ensures that
people can adapt to deployed changes in the most efficient way possible while
minimizing the negative impact on the customer.

 Examples of Change Management Records:

Ex.1

Ex. 2
 Ex. 3

2. Identity Management Logs

 Identity Management Logs is the process that ensures that users have enough access
to technological resources. Identity management logs guarantee that only authorized
individuals have access to the technical resources required to fulfill tasks and have
permission to access particular systems. The Identity Management log associates user
limitations and permissions with IDs generated and ensures or verify access to the
system and the user’s identity’s privacy and integrity.

 Example of Change Management Records:

Ex.1
Ex.2

Ex.3
3. OS Administration Logs

 OS administration logs aid system monitoring, administration, and troubleshooting

and provides users with critical operations information. It also provides its own form
of system-management assistance to boost simplicity while improving security and
integrity. The log includes details on the software, hardware, system processes, and
system components. Information such as the date, time, event type, user, machine,
and so on can also be seen in the logs.

 Example of OS Administration Logs:

Ex. 1

Ex. 2
Ex.3
4. Perimeter Firewall and VPN Concentrator Logs

 A perimeter firewall log is a security program that protects the barrier between a
corporation’s private network and public networks like the internet. All traffic
between the internal network and other networks is controlled in a perimeter firewall.
At the same time, the VPN concentrator sends log messages to EventTracker, and
manager alerts, dashboard, and reports can now be configured after setting the VPN
concentrators finished.

 Examples of Perimeter Firewall and VPN concentrator logs:

Ex. 1
 Ex.2

Ex.3

5. Network Audits and Network Device Metadata

 Network Audits refer to the process of collecting, mapping, analyzing, and evaluating
network data. It provides automated assistance in identifying network-connected
devices and services. While the network Device Metadata are records of every
discussion on the network. It allows the user to categorize or find certain documents
easily. It collects data on what, when, where, and with whom network conversations
take place. The records information may consist of the author’s name, when is the
data created, modified, and the size of the file.

 Examples of Network Audits and Network Device Metadata

Ex.1

Ex. 2

Ex. 3
6. File and Directory Audits

 File and directory audits allow the administrator to track file and directory changes.
The user would be able to find and follow directory changes, including the object file
or IP addresses, etc. It also provides visibility, allowing the administrator to search,
filter, review, and warn from malicious activities and detects, alert, or report what is
happening on the files and directory

 Examples of File and Directory Audi

Ex.1

Ex. 2
 Ex. 3

7. Malware Detection Logs

 Malware Detection logs are records of reports of the discovered malware. It assists
users or information security specialists in identifying the malware and providing
remedies to secure the system and reduce harm. The logs give the user and security
experts documentation on the types of malware encountered by the network.

 Examples of Malware Detection Logs:

Ex. 1
Ex. 2

Ex.3
8. Backend System Logs

 Backend System logs support back-office applications, monitor important events, and
gather important metrics. Backend system logs backend developers in isolating,
replicating, and researching issues that emerge in non-debuggable situations. It
operates by receiving user input and aggregating input from other methods in order to
provide responsive output.

 Examples of Backend System Logs

Ex.1
Ex.2
Note: The Green Highlight is the backend log and the red highlight is the
frontend log.
9. Application and System Logs

 Application logs are data files containing information on events within a software
program. It includes components such as timestamps, context information, and log
levels. While system logs contain data about drivers and system operations. It is a file
that contains events that are changed by operating system components.

 Examples of Application and System logs:

Ex.1

Ex.2
 Ex. 3

10. Physical Security Logs

 Physical Security logs are records to easily track an organization’s users who have
access to the facilities. It is a preventative security measure of illegal or unauthorized
access to facilities, equipment, and resources and helps protect users and property
from damage.

 Examples of physical security logs:

Ex.1
Ex.2

Ex.3
11. Honeypot, Firewall, IPS, and IDS Logs
 Honeypot is designed to detect, attract and investigate malicious activities wherein it
lures attackers thinking that the computer system they are trying to authorize is
legitimate. On the other hand, Firewalls are usually installed between an
organizational network and the public internet. It keeps track of all network traffic
that enters and exits the organization. The logging function documents how the
firewall manages different types of traffic. It can be used to filter out traffic. It secures
the organization by filtering inbound and outbound network traffic between private
and public internet. IDS/IPS can block malicious attempts or malicious activity and
trackback the attacker.

 Example of Honeypot, firewall, IPS, and IDS Logs:

Ex.1

Ex.2
 Ex.3

12. Web Scans

 A web scan is a scanner that scans and finds vulnerabilities within web applications.
It scans a website, looks for flaws or issues in web applications, examines each file it
finds on the website, and runs an automated assessment for common security
vulnerabilities. Also, using web scans can help prevent unauthorized access to
corporate information and data.

 Examples of Web Scans:

Ex. 1
 Ex.2

Ex.3

13. Threat Intelligence

 According to Kurt Baker, Threat intelligence is gathered information, processed, and

analyzed in order to know the threat actor’s motivations, objectives, and attack
tactics. Evidence-based information includes context, mechanisms, indicators, and
actionable advice on a current or potential threat or risk to assets. Its purpose is to
understand better, adapt, and predict the behaviors of malicious actors, whether in
criminal groups, activists, or even nation-states.
  Examples of Threat Intelligence:

Ex.1

Ex.2

\
Ex.3