Lmst
Login

#logcollection

Maurizio Lo Nobilemaulonobile@mastodon.uno
2026-03-09

Dopo tutto questo hype per il rilascio di Qwen 3.5 ho fatto un test: sviluppare una POC per un cliente nel l'ambito "log collection".
Ve la faccio breve: gli ho fatto produrre un documento .md che raccoglie tutta la POC e poi l'ho testato.

Esito:
- parecchi errori
- ordini ignorati
- inventa comandi nonostante la lettura della doc ufficiale
- centinaia di reiterazioni

IMHO girerΓ  su tutto "come dice qualcuno" ma perdo troppo tempo a correggerlo continuamente.

#qwen35 #ia #logcollection #uno

Tedi Heriyantotedi@infosec.exchange
2025-12-22

Series: Managing SIEM Log Collectors at Scale with Ansible and GitHub Actions

- Part 1: blog.nviso.eu/series/siem-log-

#siem #logcollection #ansible #githubactions

Lukas Beranlukasberancz@infosec.exchange
2025-06-30

π—›π—Όπ˜„ π˜π—Ό π—°π—Όπ—Ήπ—Ήπ—²π—°π˜ π—°π˜‚π˜€π˜π—Όπ—Ί π—²π˜ƒπ—²π—»π˜ π—œπ——π˜€ π˜π—Ό π— π—Άπ—°π—Ώπ—Όπ˜€π—Όπ—³π˜ π—¦π—²π—»π˜π—Άπ—»π—²π—Ή

Microsoft Sentinel is Microsoft's SIEM/SOAR. It is used to collect and evaluate logs.

If you choose to collect security logs from Windows Server, Microsoft Sentinel can collect predefined log sets using the built-in settings. By default, you have the option to select from the predefined sets All Security Events, Common, or Minimal.

However, if you need to collect some custom Event IDs that do not belong to the above built-in categories, or simply want your own set of Event IDs to collect, you can define your own Event IDs using XPath queries.

XPath (XML Path Language) is a query language used for selecting nodes from an XML document. It allows you to navigate through elements and attributes in XML documents, making it a powerful tool for extracting specific pieces of information. XPath is commonly used in combination with XML parsers to filter and locate data based on complex conditions.

Read my blog post bellow πŸ‘‡ πŸ‘‡
cswrld.com/2025/06/how-to-coll

#cswrld #sentinel #eventid #logcollection #custom

Nicola Ferrininicferr@mastodon.uno
2024-08-28

Il 31/08/2024 Log Analytics Agent non sarΓ  piΓΉ supportato quindi entro questa data dovrete procedere alla migrazione verso Azure Monitoring Agent (AMA).

ictpower.it/sicurezza/migrazio

#Azure #MicrosoftSentinel #CyberSecurity #CloudComputing #LogCollection #ICTPower

HCS β–‹superruserr@infosec.exchange
2019-10-31

Rapid7 has published a post on collecting audit logs from InsightVM with InsightIDR using NXLog Community Edition blog.rapid7.com/2019/10/30/be- … #infosec #SIEM #logcollection

There is another part, which is on parsing.

HCS β–‹superruserr@infosec.exchange
2019-08-18

Collecting Linux Ingress Authentication Events using Rapid7 Universal Event Formats

superuser-ltd.github.io/2019/I

Continuation of:

Collecting Windows Ingress Authentication Events using Rapid7 Universal Event Formats

superuser-ltd.github.io/2019/I

#infosec #logging #logcollection #siem #rapid7

Client Info

Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst