SIEM - used a lot Log Files Types include network, system, application, security, DNS, authentication, VoIP, and dump files Syslog, Rsyslog, Syslog-ng Centralize log data from various systems, often feeding data into SIEM JournalCTL Linux command to query and display logs from the Journal Daemon (SystemD’s logging) NXLog Open-source log management tool for identifying security risks from server, OS, and application logs NetFlow Protocol for collecting IP network traffic data (source, destination, volume, paths) . Not packets! SFlow (Sampled Flow) Open-source alternative to NetFlow; exports packet samples and interface counters IPFIX (Internet Protocol Flow Information Export) Universal standard for exporting IP flow data, used for billing, accounting, and mediation

4.9 Given a scenario, use data sources to support an investigation Flashcards by Artur Varvashin

Investigative Data

SIEM - used a lot
Log Files
- Types include network, system, application, security, DNS, authentication, VoIP, and dump files
Syslog, Rsyslog, Syslog-ng
- Centralize log data from various systems, often feeding data into SIEM
JournalCTL
- Linux command to query and display logs from the Journal Daemon (SystemD’s logging)
NXLog
- Open-source log management tool for identifying security risks from server, OS, and application logs
NetFlow
- Protocol for collecting IP network traffic data (source, destination, volume, paths) . Not packets!
SFlow (Sampled Flow)
- Open-source alternative to NetFlow; exports packet samples and interface counters
IPFIX (Internet Protocol Flow Information Export)
- Universal standard for exporting IP flow data, used for billing, accounting, and mediation

How well did you know this?

Not at all

Perfectly

Brainscape's Knowledge GenomeTM

4.9 Given a scenario, use data sources to support an investigation Flashcards

Brainscape's Knowledge Genome^TM