Essential Log Source Categories
Explore the critical log sources that form the foundation of effective security monitoring
The Security Visibility Ecosystem
Modern security operations rely on a diverse ecosystem of log sources that, when properly integrated, provide comprehensive visibility across your organization's attack surface.
| Log Source Category | Primary Visibility | Critical Detection Capabilities |
|---|---|---|
| Network Devices | Network boundaries and traffic flow | Initial access, C2 communication, lateral movement, data exfiltration |
| Endpoint Security | Host-level activity and file system changes | Malware execution, persistence mechanisms, credential theft, user behavior |
| Identity & Access Management | Authentication and authorization events | Account compromise, privilege escalation, identity theft |
| Cloud Infrastructure | Cloud resource provisioning and access | Resource hijacking, misconfiguration exploitation, serverless attacks |
| Email Security | Message flow and content analysis | Phishing, business email compromise, malicious attachments |
| Packet Inspection | Deep packet analysis and protocol decoding | Protocol-based attacks, malware C2, data exfiltration |
| Operating System Logs | System-level events and activities | Process execution, registry modifications, scheduled tasks |
| Application Logs | Web servers, databases, and business applications | Web attacks, database intrusions, application abuse |
| SaaS Applications | Cloud-based productivity and business services | Account takeover, data exfiltration, third-party application risks |
| DNS Infrastructure | Name resolution services and DNS traffic | Command and control, data exfiltration via DNS, domain generation algorithms |