A lot of people seem to think that matching technical threat intelligence (TI) to logs for threat detection is a great idea. Some people also think this is very easy.
Let’s start from the boring subject of log retention … and then evolve to some exciting topics like perhaps hunting (promise!). Our old friend PCI DSS reminds us that we need to keep security logs for one year. Now, the same friend is mum about using…