Computers think snow is a security incident    |
                                               |
Written on February 16th, 2021 by Dio9sys      |
                                               |
------------------------------------------------


Oh boy, my first 12 hour night shift!

Well, first twelve hour night shift since getting
a job as a sec analyst.  I'm used to long nights
working at a medical center, but there's something
distinctly different between working all night
mopping floors and checking beds for seizures
and spending all night sitting at a desk, listening
to podcasts and working through zendesk tickets.

There's a new guy on my team this evening, which is
pretty cool, though he drew one hell of a short
straw when it comes to long quiet shifts on the soc.

You see, there's a number of ways that you can get
logs from the various machines you have to watch when
you're working this kind of job and, unfortunately,
all of them require the computer to actually be on
to send those logs.

Normally that's not a problem, but there's a big snow
storm going on right now that keeps causing intermittent
power outages in the various offices and data centers
that I'm tasked with keeping an eye on.

Realistically, you can't infiltrate a network with no
power but, since the various security systems I use
don't exactly have a live weather feed to tell them
what to expect, I instead keep getting the same kinds
of "LOG SOURCE DISAPPEARED" alerts normally reserved for
something like the aftermath of a password change or
a server being taken over.

But then the power comes back on, causing LOGS RESTORED
messages to come in for the ones that just went out.

That means that this poor new guy is working a long
shift and I'm working my first night long shift at the
same time as our SIEM blowing up from everything losing
power and coming back into power again, en masse, for
several client companies where we can't exactly go out
and install a new generator in each of the offices or
something.


Tonight is exciting (: