AlertingMonitoring Flashcards
System monitoring
Observation of computer systems including the utilization and consumption of its resources.
Monitoring Resources Types
System, application, and infrastructure.
Alerting and Monitoring Activity Types
Log aggregation, alerting, scanning, reporting, archiving, and alert (response|remediation|validation).
Log Aggregation
Process of collecting/consolidating log data from various sources into one location.
Simple Network Management Protocol (SNMP)
Internet protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change behavior.
SNMP Type of messages
GET, SET, TRAP.
Agent
A service/application set on the tracking device to send/replicate commands from the controller.
TRAP messages
Alert/events sent from the agent to the controller.
Granular TRAP
Sent TRAP messages get a unique identifier to distinguish each message as a unique message being received.
Management Information Base (MIB)
Used to describe the structure or the management data of a device’s subsystem using hierarchal namespace collecting object identifiers; TRAP messages are sent with this.
Simple Network Management Protocol (SNMP) Types
TRAP.
Verbose
Configured to contain all the information of a given alert/event as a payload.
Security Information and Event Management (SIEM)
Solution that provides real-time or near real-time analysis of security alerts that are generated by network hardware applications.
SIEM Tools
Splunk, ELK or Elastic Stack, ArcSight, QRadar.
Data from Security Tools Types
Antivirus, Data Loss Preventions, Network Intrusion Detection, Network Intrusion Prevention, Firewalls, Vulnerability Scaners.
Network Intrusion Detection Systems
Passively identifies any threats.
Network Intrusion Protection Systems
Actively identifies any threats and blocks/prevents.
Security Content Automation Protocol (SCAP)
Open standards that automate vulnerability management, measurements, and policy compliance for systems in an organization; Essentially a Foundation that must be followed between languages.
SCAP Languages
OVAL, XCCDF, ARF.
Open Vulnerability and Assessment Language (OVAL)
XML schema for describing system security states and querying vulnerabilities reports/info.
Extensible Configuration Checklist Description Format (EXCCDF)
XML schema for developing and auditing best practice configuration checklists and rules.
Asset Reporting Format (ARF)
XML schema for expressing information about assets, relationships between assets and reports.
SCAP languages Enumeration Techniques
CCE, CPE, CVE.
Common Configuration Enumeration (CCE)
Scheme for provisioning secure configuration checks across multiple sources.
