Learn about auditing, monitoring, logging, and SIEM.
THM Room : https://tryhackme.com/room/auditingandmonitoringse
TASK 1 Introduction
What do you call the systematic review of an organisation’s technological infrastructure, policies and operations?
“In more formal terms, auditing is a systematic, independent, and objective process of gathering and evaluating evidence to determine if an organisation, its policies, processes, controls, or financial statements comply with applicable laws, regulations, and industry standards.”
Answer : Auditing
What do you call the continuous observation of an organisation’s computer technologies and related resources?
“As per the title of this room, the focus is on auditing and monitoring. Before moving to the next task, let’s briefly explain monitoring. In information systems, monitoring is about continually checking a computer’s or network’s performance and behaviour. It involves watching over various components such as applications, storage, and networking to make sure they’re working well together. Monitoring also looks for unusual behaviour and checks if anything violates established rules or policies.”
Answer : Monitoring
TASK 2 Audit Objectives and Types
Which type of audit is conducted by independent auditors
Answer : External audits
Which type of audit is conducted by an organisation’s own personnel?
Answer : Internal audits
TASK 3 Audit Frameworks
What is the standard used by organisations that process card payments?
“PCI DSS is a mandatory standard for organisations that process credit and debit card payments.”
Answer : PCI DSS
Who developed ITIL?
Let’s do a quick google search :
“Responding to growing dependence on IT, the UK Government’s Central Computer and Telecommunications Agency (CCTA) in the 1980s developed a set of recommendations designed to standardize IT management practices across government functions, built around a process model-based view of controlling and managing operations often credited to W. Edwards Deming and his plan-do-check-act (PDCA) cycle. “ https://en.wikipedia.org/wiki/ITIL
Answer : CCTA
Who developed COBIT?
“COBIT (Control Objectives for Information and Related Technologies) is a framework created by ISACA for information technology (IT) management and IT governance.” https://en.wikipedia.org/wiki/COBIT
Answer : ISACA
TASK 4 Auditing IT Infrastructure and Operations
Which step do we present our findings about non-conformities, weaknesses and issues noted?
Answer : 4
At which stage does an organisation review the steps based on recommendations for proper and satisfactory implementation?
Answer : 5
At which stage do the auditors establish the audit scope and define its objectives?
Answer : 1
TASK 5 Logs
Check the Intro to Logs room for more detailed logging coverage.
No Answer.
TASK 6 Log Management on Linux
Using aureport, how many failed logins have occurred so far?
Answer : 263
Using ausearch, how many failed logins are related to the username mike?
Answer : 4
Using ausearch, how many failed logins are related to the username root?
Answer : 227
TASK 7 Log Management on MS Windows
What is the event ID for a failed login attempt?
Answer : 4625
How many failed login attempts do you have under the security events?
Answer : 2
How many failed login attempts took place in 2021?
Answer : 1
TASK 8 Monitoring
Ensure you have read and taken note of the difference between logging and monitoring.
No Answer.
TASK 9 SIEM Basics
Consider joining one of the recommended information for an in-depth exploration of a SIEM.
No Answer.
TASK 10
Ensure you have noted the main concepts presented in this room.
No Answer.