Common cybersecurity tools

Question 1

What are logs?

Answer 1

A record of events that occurs within an organizations systems. Examples of security-related logs include records of employees signing into their computers or accessing web-based services. Logs help security professionals identify vulnerabilities and potential security breaches.

Question 2

what does SIEM stand for?

Answer 2

security information and event management

Question 3

what is an SIEM tool?

Answer 3

A SIEM tool is an application that collects and analyzes log data to monitor critical activities in an organization. SIEM tools collect real-time, or instant, information, and allow security analysts to identify potential breaches as they happen.

Question 4

What are commonly used SIEM tools?

Answer 4

Splunk and Chronicle

Question 5

what is Splunk?

Answer 5

Splunk is a data analysis platform. Splunk Enterprise is a self-hosted tool used to retain, analyze, and search an organization’s log data

Question 6

What is Google’s Chronicle?

Answer 6

Chronicle is a cloud-native SIEM tool that stores security data for search and analysis. Cloud-native means that Chronicle allows for fast delivery of new features.

Question 7

playbook meaning

Answer 7

A manual that provides details about any operational action, such as how to respond to an incident. Playlists can vary depending on the organization and they guide analysts in how to handle a security incident before, during, and after it has occurred.

Question 8

what is a network protocol analyzer/packet sniffer

Answer 8

A packet sniffer is a tool designed to capture and analyze data traffic within a network. Common network protocol analyzers include tcpdump and Wireshark.