On log sharing
So, it is often reported that since the “bad guys” share technology information (such as exploits, bot access, malware, etc), the “good guys” should ramp up their sharing efforts as well. But companies’ unwillingness to share data that might, under the circumstances, be considered sensitive is legendary – and understandable.
Thus, while I was happy to see such projects as Splunk Base which lets users upload their logs that indicate problems (yes, security problems as well) and tag the logs with descriptive tags that enable other Base users to learn from their experience, described via tagged log samples. Just sharing logs is nowhere near as useful as sharing such experiences. Either way, this is a good initiative to watch.
[ Read more ]