Dopo tutto questo hype per il rilascio di Qwen 3.5 ho fatto un test: sviluppare una POC per un cliente nel l'ambito "log collection".
Ve la faccio breve: gli ho fatto produrre un documento .md che raccoglie tutta la POC e poi l'ho testato.

Esito:
- parecchi errori
- ordini ignorati
- inventa comandi nonostante la lettura della doc ufficiale
- centinaia di reiterazioni

IMHO girerà su tutto "come dice qualcuno" ma perdo troppo tempo a correggerlo continuamente.

#qwen35 #ia #logcollection #uno

Series: Managing SIEM Log Collectors at Scale with Ansible and GitHub Actions

- Part 1: https://blog.nviso.eu/series/siem-log-collectors-scale-ansible-github-actions-devops/

#siem #logcollection #ansible #githubactions

𝗛𝗼𝘄 𝘁𝗼 𝗰𝗼𝗹𝗹𝗲𝗰𝘁 𝗰𝘂𝘀𝘁𝗼𝗺 𝗲𝘃𝗲𝗻𝘁 𝗜𝗗𝘀 𝘁𝗼 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗦𝗲𝗻𝘁𝗶𝗻𝗲𝗹

Microsoft Sentinel is Microsoft's SIEM/SOAR. It is used to collect and evaluate logs.

If you choose to collect security logs from Windows Server, Microsoft Sentinel can collect predefined log sets using the built-in settings. By default, you have the option to select from the predefined sets All Security Events, Common, or Minimal.

However, if you need to collect some custom Event IDs that do not belong to the above built-in categories, or simply want your own set of Event IDs to collect, you can define your own Event IDs using XPath queries.

XPath (XML Path Language) is a query language used for selecting nodes from an XML document. It allows you to navigate through elements and attributes in XML documents, making it a powerful tool for extracting specific pieces of information. XPath is commonly used in combination with XML parsers to filter and locate data based on complex conditions.

Read my blog post bellow 👇 👇
https://www.cswrld.com/2025/06/how-to-collect-custom-event-ids-to-microsoft-sentinel/

#cswrld #sentinel #eventid #logcollection #custom

Il 31/08/2024 Log Analytics Agent non sarà più supportato quindi entro questa data dovrete procedere alla migrazione verso Azure Monitoring Agent (AMA).

https://www.ictpower.it/sicurezza/migrazione-di-log-analytics-agent-verso-azure-monitoring-agent-per-continuare-la-log-collection-in-microsoft-sentinel.htm

#Azure #MicrosoftSentinel #CyberSecurity #CloudComputing #LogCollection #ICTPower

Rapid7 has published a post on collecting audit logs from InsightVM with InsightIDR using NXLog Community Edition https://blog.rapid7.com/2019/10/30/be-audit-you-can-be-part-1-how-to-securely-send-and-monitor-your-audit-logs-with-insightidr/ … #infosec #SIEM #logcollection

There is another part, which is on parsing.

Collecting Linux Ingress Authentication Events using Rapid7 Universal Event Formats

https://superuser-ltd.github.io/2019/IngressAuthentication-Linux/

Continuation of:

Collecting Windows Ingress Authentication Events using Rapid7 Universal Event Formats

https://superuser-ltd.github.io/2019/IngressAuthentication/

#infosec #logging #logcollection #siem #rapid7