NSA report says 122 (unnamed) local gov’t election officials were sent mal email, but doesn’t discuss any forensics done on their networks.
Right. There are no SMP requirements that techs be auditable. On the contrary. But the ones for analysts, etc are quite stringent.
-
-
Yup. So--do you filter at log time or audit time? Typically, you'd do the latter, unless the volume was overwhelming.
-
I'm not sure I understand distinction but I admit i'm very tired.
-
Logging is keeping the raw access data. Alarming tells someone about unusual patterns. Auditing is understanding why someone saw something.
-
That stuff I get -- it was the filtering that threw me.
-
If you're collecting too much data, discard early. It may be too much for your disk or your analytics; more likely, collection slows things.
-
Wrt Snowden, or now? Wasn't that the delay in implementing the insider threat thing that might have covered Snowden?
-
I don't know if it's because they've improved logging (though that's my guess) or because this alleged leaker isn't a sysadmin.
-
Worth noting though, that Snowden calculated that he would be inevitably caught once published.
End of conversation
New conversation -
-
-
Mind you, upstream searches weren't completely auditable as recently as 2 months ago,
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.