now browsing by tag


You have a SIEM! And now?

Cyber Threat Intelligence

The 2014 edition of is over. I was invited and received a speaker slot. I talked about one of my favourite topic: log management and SIEM but from another perspective. For a few years, SIEM solutions were pushed in front of the stage! Presented as the “security threats killer”, we must be honest: Still today, it’s very difficult to get the best of such expensive tools! Not that they are bad but they remains “tools”. Creating and maintaining correlation rules or filters is an endless game. Based on my experience, I reviewed the current situation and explained why SIEM solutions failed. The second part focused on ideas to improve the detection of threats inside the organisation.

The slides have been publised on

You want to discuss about this topic? Feel freel to contact me!

More Investigations at

Police Line Do Not Cross

I’m just back from in Utrecht where I presented an updated version of my talk “What Will You Investigate Today?“. I talked about it for the first time during the RMLL in July in front of a very small audience who gave my ideas and inputs. The slides are available on as usual:

Thank you to VNU Exhivitions for inviting me! If you have log management projects or if you’re looking for advices, feel free to contact me!

What Will You Investigate Today?


Since this weekend, Brussels is hosting the 14th edition of the RMLL (“Rencontres Mondiales du Logiciel Libre“) or “Libre Software Meeting” in English. As defined on the website, this is a “non-commercial cycle of conferences, round tables and practical workshops based on libre software and its uses. Its aim is to provide a platform for libre software users, developers and stakeholders“. Check out the schedule to see the large number of fields where libre software can be used. Lot of discussions (non technical) were also sheduled.

Of course, there was technical slots reserved to talk about multiple topics and, amongst them, no surprise: information security. The day started with a presentation from Peter Czanik (Balabit Software – the creator of syslog-ng). He performed a good introduction to log management. This one a perfect introduction to my own talk: “What Will You Investigate Today?“. Once you deployed a log management solution, it’s a good idea to start giving more value to your logs by correlating them with external resources. Here is a copy of my slides: