Analyzing Your SIEM Flashcards
A console presenting selected information in an easily digestible format, such as a
visualization
Dashboards
A widget showing records or metrics in a visual format, such as a graph or table
Selecting the right metrics for the dashboard is critical
Visualizations
A quantifiable measure used to evaluate the success of an organization,
employee, or other element in meeting objectives for performance
▪ # of vulnerabilities
▪ # of failed log-ons
▪ # of vulnerable systems
▪ # of security incidents
▪ Average response time
▪ Average time to resolve tickets
▪ # of outstanding issues
▪ # of employees trained
▪ % of testing completed
Key Performance Indicators (KPIs)
An analyst needs to dismiss false positives while responding to true positives
Analysis and Detection
A simple form of correlation performed by a machine by using signature detection
and rules-based policies
Conditional Analysis
A method that uses feature comparisons and likenesses rather than specific
signature matching to identify whether the target of observation is malicious
Heuristic Analysis
A component of AI that enables a machine to develop strategies for solving a task
given a labeled dataset where features have been manually identified but without
further explicit instructions
Machine Learning
A network monitoring system that detects changes in normal operating data
sequences and identifies abnormal sequences
Behavioral Analysis
A network monitoring system that uses a baseline of acceptable outcomes or
event patterns to identify events that fall outside the acceptable range
Anomaly Analysis
The process of detecting patterns within a dataset over time, and using those
patterns to make predictions about future events or better understand past
events
Trend Analysis
Establishes a baseline for a metric and monitors the number of occurrences over
time
Frequency-based Analysis
Measures a metric based on the size of something, such as disk space used or log
file size
Volume-based Analysis
Uses the concept of mean and standard deviations to determine if a data point
should be treated as suspicious
Statistical Deviation Analysis
Interpreting the relationship between individual data points to diagnose incidents
of significance to the security team
Correlation
A statement that matches certain conditions as expressed using logical
expressions, such as AND and OR, and operators, such as == (matches), < (less
than), > (greater than), and in (contains)
SIEM Correlation Rule