4.3 data sources to support an investigation Flashcards

1
Q

SIEM

A

security information and event management

  • Real-time visibility: Provides a holistic view of an organization’s information security systems
  • Event log management: Consolidates data from multiple sources
  • Compliance management and reporting: Helps organizations meet compliance requirements
  • Threat detection: Allows security teams to run queries to pinpoint potential threats
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Journalctl

A

linux
method to query system journal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

IPFIX

A

allows network administrators to collect and analyze flow information from network devices

newer netflow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

SIP

A

session initiation protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

NXlog

A

log collecting beyond syslog

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

sFlow

A

sampled flow, takes samples of packets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

protocol analyzer output

A

a tool that captures and analyzes data traffic and signals over a communication channel

How well did you know this?
1
Not at all
2
3
4
5
Perfectly