https://www.sans.org/reading-room/whitepapers/logging/boiling-ocean-security-operations-log-analysis-36867