Analyzing Your SIEM Flashcards

1
Q

A console presenting selected information in an easily digestible format, such as a
visualization

A

Dashboards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A widget showing records or metrics in a visual format, such as a graph or table
Selecting the right metrics for the dashboard is critical

A

Visualizations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A quantifiable measure used to evaluate the success of an organization,
employee, or other element in meeting objectives for performance
▪ # of vulnerabilities
▪ # of failed log-ons
▪ # of vulnerable systems
▪ # of security incidents
▪ Average response time
▪ Average time to resolve tickets
▪ # of outstanding issues
▪ # of employees trained
▪ % of testing completed

A

Key Performance Indicators (KPIs)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

An analyst needs to dismiss false positives while responding to true positives

A

Analysis and Detection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A simple form of correlation performed by a machine by using signature detection
and rules-based policies

A

Conditional Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A method that uses feature comparisons and likenesses rather than specific
signature matching to identify whether the target of observation is malicious

A

Heuristic Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A component of AI that enables a machine to develop strategies for solving a task
given a labeled dataset where features have been manually identified but without
further explicit instructions

A

Machine Learning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A network monitoring system that detects changes in normal operating data
sequences and identifies abnormal sequences

A

Behavioral Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A network monitoring system that uses a baseline of acceptable outcomes or
event patterns to identify events that fall outside the acceptable range

A

Anomaly Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The process of detecting patterns within a dataset over time, and using those
patterns to make predictions about future events or better understand past
events

A

Trend Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Establishes a baseline for a metric and monitors the number of occurrences over
time

A

Frequency-based Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Measures a metric based on the size of something, such as disk space used or log
file size

A

Volume-based Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Uses the concept of mean and standard deviations to determine if a data point
should be treated as suspicious

A

Statistical Deviation Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Interpreting the relationship between individual data points to diagnose incidents
of significance to the security team

A

Correlation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A statement that matches certain conditions as expressed using logical
expressions, such as AND and OR, and operators, such as == (matches), < (less
than), > (greater than), and in (contains)

A

SIEM Correlation Rule

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Extracts records from among all the data stored for review or to show as a
visualization

A

SIEM Queries

17
Q

A group of characters that describe how to execute a specific search pattern on a
given text

A

Regular Expression (regex)

18
Q

Matches a single instance of a character within the brackets, such as [a-z], [A-Z],
[0-9], [a-zA-Z0-9], [\s] (white space), or [\d] (single digit)

A

[…]

19
Q

Matches one or more occurrences and is called a quantifier, such as \d+ matching
one or more digits

A

+

20
Q

Matches zero or more occurrences, such as \d* matching zero or more digits

A

*

21
Q

Matches one or none times, such as \d? matching zero or one digits

A

?

22
Q

Matches the number of times within the curly braces,
such as \d{3} matching three digits or \d{7-10} matching seven to ten digit

A

{}

23
Q

Defines a matching group with a regex sequence placed within the parentheses,
and then each group can subsequently be referred to by \1 for the first group, \2
for the second, and so on

A

( … )

24
Q

The OR logical operator to match conditions as “this or that”

A

|

25
Q

The regex will only match at the start of a line when searching

A
26
Q

The regex will only match at the end of a line when searching

A

$

27
Q

A command on Unix/Linux/macOS systems that invokes simple string matching or
regex syntax to search text files for specific strings
-i (ignore case sensitivity)
▪ -v (return non-matching strings)
▪ -w (treat search strings as words)
▪ -c (return a count of matching strings only)
▪ -l (return names of files with matching lines)
▪ -L (return names of files without matching lines)

A

grep

28
Q

A command that enables the user to specify which text on a line they want
removed from the results

A

cut

29
Q

A command that can be used to change the output order

A

sort

30
Q

A command that outputs the first 10 lines of a file specified

A

head

31
Q

A command that outputs the last 10 lines of a file specified

A

tail

32
Q

The process of using the output of one command as the input for a second
command

A

Piping ( | )

33
Q

Issuing commands individually can be useful for one-time analysis, but scripting allows
recurring searches to be repeated easily and automated

A

Scripting Tools

34
Q

A list of commands that are executed by a certain program or scripting engine

A

Script

35
Q

A scripting language and command shell for Unix-like systems that is the default
shell for Linux and macOS

A

Bash

36
Q

A scripting language and command shell for Windows systems

A

PowerShell

37
Q

Program used to review log files on a remote Windows machine

A

Windows Management Instrumentation Command-Line (WMIC)

38
Q

An interpreted, high-level, general-purpose programming languages used heavily
by cybersecurity analysts and penetration testers

A

Python and Ruby

39
Q

A scripting engine geared toward modifying and extracting data from files or data
streams in Unix, Linux, and macOS systems

A

Awk