4.3 data sources to support an investigation Flashcards
1
Q
SIEM
A
security information and event management
- Real-time visibility: Provides a holistic view of an organization’s information security systems
- Event log management: Consolidates data from multiple sources
- Compliance management and reporting: Helps organizations meet compliance requirements
- Threat detection: Allows security teams to run queries to pinpoint potential threats
2
Q
Journalctl
A
linux
method to query system journal
3
Q
IPFIX
A
allows network administrators to collect and analyze flow information from network devices
newer netflow
4
Q
SIP
A
session initiation protocol
5
Q
NXlog
A
log collecting beyond syslog
6
Q
sFlow
A
sampled flow, takes samples of packets
7
Q
protocol analyzer output
A
a tool that captures and analyzes data traffic and signals over a communication channel