TL;DR - they detected the hack by centralizing, correlating, and monitoring their logs. Am I right?
This tweet is unavailable
1
4
Which is not to say that log centralization/monitoring is a bad idea. It's "IT 101".
1
1
No. But "we centralized logs and found an intrusion" isn't a feature story you'll see me tweeting about...
1
Replying to @MalwareJake
Actually, you did tweet about it. </snark>

Oct 21, 2016 · 1:32 AM UTC

1
2
Replying to @hal_pomeranz
well, technically you're correct - though my first inclination was to call you "Captain Literal"
1