Working in a startup that has a realtime SIEM tool as a product is a arduous task. While designing a realtime SIEM our team was mainly focusing on building data pipelines, handling large amounts of data, and scaling.
But little did we know about the problems that lied ahead which was testing out our SIEM tool with real-time logs that have some real threat context. And as every early-stage start-up, we did not have the luxury of data sets like big giants like Splunk might have.
We did not have logs to test out our correlations, train our ML models.
The future was bleak until we found logs.to
A simple website that can give you near real-time logs with actual curated threat context, this can be a lifeline for any startup working in this domain. The logs generated have in-depth randomness and provide near real-life scenarios out of the box.
Generating logs was a cakewalk. Let me walk through the simple steps that can get you the data you want
1) Select logging devices for which you want the logs for:
- They currently have Cisco ASA, Cisco ISE, Microsoft ATA, Microsoft Windows, Swift Alliance Access.
2) You can select the number of log lines and date range as per your requirement.
3) Now the most important feature which is introducing a Threat Context
- Well, this is the feature that is hard to find anywhere at least for me and my team, they have a varied amount of threat context which will help you test out your SIEM and create a better version of it.
Reference:
