12C - Data Sources (Application and Endpoint logs) Flashcards
What is an endpoint log?
An endpoint log refers to events monitored by security software running on the host rather than by the OS itself.
What types of security software can generate endpoint logs?
- Host-based firewalls
- Intrusion detection systems
- Vulnerability scanners
- Antivirus/antimalware protection suites
What is an endpoint protection platform (EPP)?
A product that integrates functions like firewalls, intrusion detection, and antivirus into a single solution.
What does EDR stand for?
Endpoint Detection and Response
What does XDR stand for?
Extended Detection and Response
How can endpoint security tools be integrated with SIEM?
Using agent-based software.
True or False: Endpoint logs are only monitored by the operating system.
False
Fill in the blank: Suites that integrate various security functions are often referred to as an _______.
endpoint protection platform (EPP)