Ask HN: How do you continuously monitor web logs for hack attempts?
444 by sandGorgon | 214 comments on Hacker News.
what is the generally accepted best practice to be monitoring web logs for anomalous accesses ? do you guys just throw cloudflare in front and forget about it ? Or do you have engineers who work like data scientists - eyeball the logs ? I have heard suggestions of using a firewall - but I'm genuinely curious on how do security focus companies discover things like "oh, we got attacked by Bitcoin miners from North Korea". Are there sophisticated tools that do this for you.. or is there a generally accepted practice that has evolved for even regular engineers to do this ? P.S. I'm personally more interested in an API-focused answer, but I guess the same thing applies for websites.