Let begin with a recap of the definition of SIEM, SIM & SEM – Security (Information & Event) Management. The parentheses are deliberate – their contents are actually irrelevant when dealing with this definition. IMHO the term was developed to cater for the security vendors and has since been misused, much like many other security acronyms throughout the years, hacker, cracker, etc. SIEM has become a collection of letters to allow a vendor to sell a one-for-all solution to your security monitoring needs – this, as in most cases is merely a pipe dream making someone out there millions. You may be thinking I have some sort of personal vendetta against security vendors, maybe I do, however I think there are some valid points to be made with regards to one size fits all flashy boxes. SIEM just doesn’t work – When it does, I’ll be the first to get down on my knees and hail the almighty solution to all our problems.
Continue reading ‘The Problem With SIEM (and I don’t mean the product…)’
Worthy of a quick mention, Digininja – friend & author of Jaseger, The Interceptor and many other weird and wonderful apps has been sharing his learning experiences via twitter. Searching for #secvidofday returns a collection of daily tweets with a security video link. There are some great finds in there and I hope he carries it on!
Before I start this post, I’d like to point out that I am far, far from a programmer, and have very little, if any ‘real’ knowledge on this subject, so forgive my (lack of) ‘technical’ descriptions from now on!
After my previous post on Powershell scripting, I have been honing my skills and automating everything I can think of! – Building on the earlier example script I have been playing with Primal Forms from Sapien Technologies, building a pretty sweet GUI for the aforementioned script. This, however brought a previously unknown issue to my attention – threading. Now,again, I’m no programmer, I can’t code to save my life and to be honest have no intention in learning, but I know enough to get by. Powershell, as far as I can gather from various sources (namely this expert to expert podcast) Powershell is a single threaded application, in that all the building blocks for a given script are loaded into the Powershell engine together in a single thread & executed as such.
The reason I was prompted to look into threads within Powershell is whilst building the GUI for the automation script in the earlier post I hit some issues when calling external programs into the mix. The GUI would hang when an external program was running for a certain amount of time with no noticeable outcome (ie, it was waiting for something to complete) – I believe this is a Windows form issue really, within Powershell, however I have have varying success in defining my functions outside of the runspace that the GUI uses…
See this link for a better understanding.
Using this method however slightly overcomplicates the coding and for now I have left it as it was (with the addition of a status message on the GUI stating “Window may stop responding….” 
– It does the job and its not a production release.
To clarify, I believe there has been some extensive work with this on Powershell 2.0 as far as I can see from the CTP however I am still using 1.0 with this particular project and unfortunately have no upgrade path. I will be experimenting with the CTP and threading on a forthcoming project which I will talk about shortly.
Hi. I'm Matt Newham, 23 years old. I'm a network security engineer, specializing in Intrusion Detection.
